Published on 18 Oct 2023 | Updated on 18 Oct 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
| Critical | vulnerabilities with a base score of 9.0 to 10.0 |
| High | vulnerabilities with a base score of 7.0 to 8.9 |
| Medium | vulnerabilities with a base score of 4.0 to 6.9 |
| Low | vulnerabilities with a base score of 0.1 to 3.9 |
| None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
| CVE Number | Description | Base Score | Reference |
|---|---|---|---|
| CVE-2023-38586 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-38586 |
| CVE-2023-40455 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-40455 |
| CVE-2022-28181 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-28181 |
| CVE-2023-41373 | \nA directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-41373 |
| CVE-2016-9157 | A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-9157 |
| CVE-2016-10164 | Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via (1) the number of extensions or (2) their concatenated length in a crafted XPM file, which triggers a heap-based buffer overflow. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-10164 |
| CVE-2016-8567 | An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8567 |
| CVE-2020-25223 | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-25223 |
| CVE-2021-1479 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1479 |
| CVE-2021-1468 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1468 |
| CVE-2021-27852 | Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27852 |
| CVE-2022-22989 | My Cloud OS 5 was vulnerable to a pre-authenticated stack overflow vulnerability on the FTP service that could be exploited by unauthenticated attackers on the network. Addressed the vulnerability by adding defenses against stack overflow issues.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22989 |
| CVE-2022-22995 | The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22995 |
| CVE-2022-29528 | An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29528 |
| CVE-2022-1471 | SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1471 |
| CVE-2022-43724 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43724 |
| CVE-2010-10003 | A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The patch is named b4604e523853965fa981a4e79aef4b554a535db0. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217351. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2010-10003 |
| CVE-2013-10009 | A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-10009 |
| CVE-2011-10001 | A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The patch is named d156faf8bc36cd49c3b10d3697ef14167ad451d8. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218491. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2011-10001 |
| CVE-2012-10006 | A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2012-10006 |
| CVE-2010-10009 | A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2010-10009 |
| CVE-2013-10014 | A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The patch is identified as 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to apply a patch to fix this issue. VDB-218898 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-10014 |
| CVE-2013-10015 | A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The patch is identified as abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-10015 |
| CVE-2013-10016 | A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The patch is named 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-10016 |
| CVE-2013-10018 | A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The identifier of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-10018 |
| CVE-2011-10002 | A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The identifier of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2011-10002 |
| CVE-2011-10003 | A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named c6e94449f21256d6362450b29c7847305e756ad5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220247. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2011-10003 |
| CVE-2012-10008 | A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2012-10008 |
| CVE-2013-10019 | A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The identifier of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2013-10019 |
| CVE-2022-48337 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48337 |
| CVE-2008-10004 | A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2008-10004 |
| CVE-2012-10009 | A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2012-10009 |
| CVE-2012-10011 | A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2012-10011 |
| CVE-2023-27524 | Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27524 |
| CVE-2023-29842 | ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29842 |
| CVE-2023-1437 | All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1437 |
| CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48565 |
| CVE-2023-24517 | Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24517 |
| CVE-2023-39361 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39361 |
| CVE-2023-40397 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40397 |
| CVE-2023-30058 | novel-plus 3.6.2 is vulnerable to SQL Injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30058 |
| CVE-2023-43115 | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43115 |
| CVE-2023-41993 | The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41993 |
| CVE-2023-43762 | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43762 |
| CVE-2023-41419 | An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41419 |
| CVE-2023-40400 | This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40400 |
| CVE-2023-5176 | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5176 |
| CVE-2023-20252 | A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.\r\n\r This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20252 |
| CVE-2023-43192 | SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43192 |
| CVE-2023-5258 | A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5258 |
| CVE-2023-5402 | \n\n\nA CWE-269: Improper Privilege Management vulnerability exists that could cause a remote\ncode execution when the transfer command is used over the network.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5402 |
| CVE-2023-5391 | \n\n\nA CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker to\nexecute arbitrary code on the targeted system by sending a specifically crafted packet to the\napplication.\n\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5391 |
| CVE-2023-5399 | \n\n\n\n\nA CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path\nTraversal') vulnerability exists that could cause tampering of files on the personal computer\nrunning C-Bus when using the File Command.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5399 |
| CVE-2023-40920 | Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40920 |
| CVE-2023-39323 | Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39323 |
| CVE-2023-43269 | pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43269 |
| CVE-2023-26153 | Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value.\r\r**Note:**\r\r An attacker can use this vulnerability to execute commands on the host system. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26153 |
| CVE-2015-10126 | A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-10126 |
| CVE-2023-4530 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4530 |
| CVE-2023-45239 | A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45239 |
| CVE-2023-5214 | In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5214 |
| CVE-2023-45311 | fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45311 |
| CVE-2023-45199 | Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45199 |
| CVE-2023-45612 | In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45612 |
| CVE-2023-43696 | \nImproper Access Control in SICK APU allows an unprivileged remote attacker to\ndownload as well as upload arbitrary files via anonymous access to the FTP server.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43696 |
| CVE-2023-5365 | HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5365 |
| CVE-2023-44467 | langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44467 |
| CVE-2023-43899 | hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43899 |
| CVE-2023-43625 | A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43625 |
| CVE-2023-30803 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30803 |
| CVE-2023-30805 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter.\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30805 |
| CVE-2023-30806 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30806 |
| CVE-2020-27630 | In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27630 |
| CVE-2020-27631 | In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-27631 |
| CVE-2023-34992 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34992 |
| CVE-2023-34993 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34993 |
| CVE-2023-36547 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36547 |
| CVE-2023-36548 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36548 |
| CVE-2023-36549 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36549 |
| CVE-2023-36550 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36550 |
| CVE-2023-35349 | Microsoft Message Queuing Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35349 |
| CVE-2023-36419 | Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36419 |
| CVE-2023-36434 | Windows IIS Server Elevation of Privilege Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36434 |
| CVE-2023-4309 | Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4309 |
| CVE-2023-44106 | API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44106 |
| CVE-2023-5521 | Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5521 |
| CVE-2023-44105 | Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44105 |
| CVE-2023-44116 | Vulnerability of access permissions not being strictly verified in the APPWidget module.Successful exploitation of this vulnerability may cause some apps to run without being authorized. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44116 |
| CVE-2023-24479 | An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24479 |
| CVE-2023-31272 | A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31272 |
| CVE-2023-32632 | A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32632 |
| CVE-2023-32645 | A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32645 |
| CVE-2023-34346 | A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34346 |
| CVE-2023-34365 | A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34365 |
| CVE-2023-34426 | A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34426 |
| CVE-2023-35055 | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35055 |
| CVE-2023-35056 | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35056 |
| CVE-2023-35965 | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35965 |
| CVE-2023-35966 | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35966 |
| CVE-2023-35967 | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35967 |
| CVE-2023-35968 | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the realloc function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35968 |
| CVE-2023-35646 | In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35646 |
| CVE-2023-35647 | In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35647 |
| CVE-2023-35648 | In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35648 |
| CVE-2023-40833 | An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40833 |
| CVE-2023-5554 | Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5554 |
| CVE-2023-23737 | Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23737 |
| CVE-2023-5045 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5045 |
| CVE-2023-5046 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Procost: before 1390.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5046 |
| CVE-2023-41262 | An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application's backend database server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41262 |
| CVE-2023-5572 | Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5572 |
| CVE-2023-45466 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45466 |
| CVE-2023-22069 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22069 |
| CVE-2023-22072 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22072 |
| CVE-2023-22089 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22089 |
| CVE-2023-41679 | An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-41679 |
| CVE-2020-17467 | An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-17467 |
| CVE-2020-24383 | An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-24383 |
| CVE-2022-22988 | File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. \n\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-22988 |
| CVE-2023-23914 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23914 |
| CVE-2023-20214 | A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.\r\n\r This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-20214 |
| CVE-2023-40436 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40436 |
| CVE-2023-38701 | Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the `commit` validator, where they remain until they are either collected into the `head` validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the `commit` validator contains a flawed check when the `ViaAbort` redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The `initial` validator also is similarly affected as the same flawed check is performed for the `ViaAbort` redeemer. Due to this issue, an attacker can steal any funds that user's try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the `head` validator. Version 0.12.0 contains a fix for this issue. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38701 |
| CVE-2023-45613 | In JetBrains Ktor before 2.3.5 server certificates were not verified | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45613 |
| CVE-2023-43271 | Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43271 |
| CVE-2020-27633 | In FNET 4.6.3, TCP ISNs are improperly random. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-27633 |
| CVE-2020-27634 | In Contiki 4.5, TCP ISNs are improperly random. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-27634 |
| CVE-2020-27635 | In PicoTCP 1.7.0, TCP ISNs are improperly random. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-27635 |
| CVE-2020-27636 | In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-27636 |
| CVE-2023-44107 | Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44107 |
| CVE-2023-44118 | Vulnerability of undefined permissions in the MeeTime module.Successful exploitation of this vulnerability will affect availability and confidentiality. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44118 |
| CVE-2023-32723 | Request to LDAP is sent before user permissions are checked. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-32723 |
| CVE-2023-44392 | Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the Kubernetes `ConfigMap` resources prefixed with `test-result` and `run-result` to cache Garden test and run results. These `ConfigMaps` are stored either in the `garden-system` namespace or the configured user namespace. When a user invokes the command `garden test` or `garden run` objects stored in the `ConfigMap` are retrieved and deserialized. This can be used by an attacker with access to the Kubernetes cluster to store malicious objects in the `ConfigMap`, which can trigger a remote code execution on the users machine when cryo deserializes the object. In order to exploit this vulnerability, an attacker must have access to the Kubernetes cluster used to deploy garden remote environments. Further, a user must actively invoke either a `garden test` or `garden run` which has previously cached results. The issue has been patched in Garden versions `0.13.17` (Bonsai) and `0.12.65` (Acorn). Only Garden versions prior to these are vulnerable. No known workarounds are available. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-44392 |
| CVE Number | Description | Base Score | Reference |
|---|---|---|---|
| CVE-2021-1284 | A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able to access an associated Cisco SD-WAN vEdge device. This vulnerability is due to insufficient authorization checks. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based messaging service interface of an affected system. A successful exploit could allow the attacker to gain unauthenticated read and write access to the affected vManage system. With this access, the attacker could access information about the affected vManage system, modify the configuration of the system, or make configuration changes to devices that are managed by the system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1284 |
| CVE-2021-1505 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1505 |
| CVE-2021-1508 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1508 |
| CVE-2021-24002 | When a user clicked on an FTP URL containing encoded newline characters (%0A and %0D), the newlines would have been interpreted as such and allowed arbitrary commands to be sent to the FTP server. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-24002 |
| CVE-2021-27860 | A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27860 |
| CVE-2022-20696 | A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20696 |
| CVE-2022-41089 | .NET Framework Remote Code Execution Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41089 |
| CVE-2022-4883 | A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4883 |
| CVE-2023-27533 | A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27533 |
| CVE-2023-27534 | A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27534 |
| CVE-2012-10010 | A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The identifier of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2012-10010 |
| CVE-2012-10012 | A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The patch is named 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2012-10012 |
| CVE-2012-10015 | A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The patch is identified as a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. VDB-230154 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2012-10015 |
| CVE-2023-32707 | In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32707 |
| CVE-2023-36899 | ASP.NET Elevation of Privilege Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36899 |
| CVE-2023-28198 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28198 |
| CVE-2023-4354 | Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4354 |
| CVE-2023-4355 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4355 |
| CVE-2020-24165 | An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-24165 |
| CVE-2023-39359 | Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `graphs.php` file. When dealing with the cases of ajax_hosts and ajax_hosts_noany, if the `site_id` parameter is greater than 0, it is directly reflected in the WHERE clause of the SQL statement. This creates an SQL injection vulnerability. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39359 |
| CVE-2023-39357 | Cacti is an open source operational monitoring and fault management framework. A defect in the sql_save function was discovered. When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39357 |
| CVE-2023-39358 | Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution. The vulnerability resides in the `reports_user.php` file. In `ajax_get_branches`, the `tree_id` parameter is passed to the `reports_get_branch_select` function without any validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39358 |
| CVE-2023-4916 | The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4916 |
| CVE-2023-42331 | A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42331 |
| CVE-2023-43633 | \nOn boot, the Pillar eve container checks for the existence and content of\n“/config/GlobalConfig/global.json”.\n\nIf the file exists, it overrides the existing configuration on the device on boot.\n\nThis allows an attacker to change the system’s configuration, which also includes some\ndebug functions.\n\nThis could be used to unlock the ssh with custom “authorized_keys” via the\n“debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before.\n\nOther usages include unlocking the usb to enable the keyboard via the “debug.enable.usb”\nkey, allowing VNC access via the “app.allow.vnc” key, and more.\n\nAn attacker could easily enable these debug functionalities without triggering the “measured\nboot” mechanism implemented by EVE OS, and without marking the device as “UUD”\n(“Unknown Update Detected”).\nThis is because the “/config” partition is not protected by “measured boot”, it is mutable and it\nis not encrypted in any way.\n\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thereby not\ntriggering the “measured boot” mechanism, and having full access to the vault.\n\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n• aa3501d6c57206ced222c33aea15a9169d629141\n\n• 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43633 |
| CVE-2023-43634 | \nWhen sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs\nare used.\n\nIn a previous project, CYMOTIVE found that the configuration is not protected by the secure\nboot, and in response Zededa implemented measurements on the config partition that was\nmapped to PCR 13.\n\nIn that process, PCR 13 was added to the list of PCRs that seal/unseal the key.\n\nIn commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition\nmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of\nPCRs that seal/unseal the key.\n\nThis change makes the measurement of PCR 14 effectively redundant as it would not affect\nthe sealing/unsealing of the key.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted “vault”\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43634 |
| CVE-2023-35074 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35074 |
| CVE-2023-39434 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39434 |
| CVE-2023-40044 | \nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. \n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40044 |
| CVE-2023-41074 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41074 |
| CVE-2023-20231 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.\r\n\r Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20231 |
| CVE-2023-5186 | Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5186 |
| CVE-2023-5187 | Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5187 |
| CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5217 |
| CVE-2023-5262 | A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5262 |
| CVE-2023-5266 | A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5266 |
| CVE-2023-43655 | Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43655 |
| CVE-2023-5201 | The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5201 |
| CVE-2023-25989 | Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25989 |
| CVE-2023-20235 | A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user.\r\n\r This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20235 |
| CVE-2023-45160 | \nIn the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. This has been fixed in patch Q23094 as the 1E Client's temporary directory is now locked down\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45160 |
| CVE-2023-4570 | An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4570 |
| CVE-2015-10125 | A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-10125 |
| CVE-2023-40556 | Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40556 |
| CVE-2023-41659 | Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41659 |
| CVE-2023-39928 | A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39928 |
| CVE-2023-45303 | ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45303 |
| CVE-2023-45350 | Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm. This is also known as OSFOURK-24034. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45350 |
| CVE-2023-45351 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45351 |
| CVE-2023-45352 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45352 |
| CVE-2023-45353 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45353 |
| CVE-2023-45354 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. This is also known as OCMP-6589. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45354 |
| CVE-2023-45355 | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45355 |
| CVE-2023-45356 | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45356 |
| CVE-2023-3589 | A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3589 |
| CVE-2023-44231 | Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44231 |
| CVE-2023-44232 | Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44232 |
| CVE-2023-44260 | Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin <= 2.23.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44260 |
| CVE-2023-44236 | Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44236 |
| CVE-2023-44237 | Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44237 |
| CVE-2023-44238 | Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44238 |
| CVE-2023-44246 | Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44246 |
| CVE-2023-44240 | Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <= 1.54 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44240 |
| CVE-2023-44473 | Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44473 |
| CVE-2023-44993 | Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44993 |
| CVE-2023-41660 | Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41660 |
| CVE-2023-42455 | Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42455 |
| CVE-2023-41667 | Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41667 |
| CVE-2023-41668 | Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41668 |
| CVE-2023-41669 | Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41669 |
| CVE-2023-41670 | Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41670 |
| CVE-2023-41672 | Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41672 |
| CVE-2023-44811 | Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44811 |
| CVE-2023-44846 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44846 |
| CVE-2023-44827 | An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44827 |
| CVE-2023-44959 | An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44959 |
| CVE-2023-45208 | A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45208 |
| CVE-2023-41684 | Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41684 |
| CVE-2023-41694 | Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41694 |
| CVE-2023-41697 | Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41697 |
| CVE-2023-41730 | Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41730 |
| CVE-2023-41850 | Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41850 |
| CVE-2023-41851 | Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41851 |
| CVE-2023-41852 | Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41852 |
| CVE-2023-41853 | Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41853 |
| CVE-2023-41854 | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41854 |
| CVE-2023-41858 | Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41858 |
| CVE-2023-41876 | Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41876 |
| CVE-2023-44257 | Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44257 |
| CVE-2023-44259 | Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44259 |
| CVE-2023-44261 | Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44261 |
| CVE-2023-42796 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint.\r\n\r\nThis could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42796 |
| CVE-2023-44241 | Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44241 |
| CVE-2023-44470 | Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44470 |
| CVE-2023-5488 | A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5488 |
| CVE-2023-44471 | Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44471 |
| CVE-2023-44475 | Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44475 |
| CVE-2023-44476 | Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44476 |
| CVE-2023-44994 | Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44994 |
| CVE-2023-5489 | A vulnerability classified as critical has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5489 |
| CVE-2023-5490 | A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5490 |
| CVE-2023-5491 | A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5491 |
| CVE-2023-44995 | Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44995 |
| CVE-2023-44996 | Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44996 |
| CVE-2023-5492 | A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Affected is an unknown function of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241644. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5492 |
| CVE-2023-5493 | A vulnerability has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241645 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5493 |
| CVE-2023-5494 | A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-241646 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5494 |
| CVE-2023-34985 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34985 |
| CVE-2023-34986 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34986 |
| CVE-2023-34987 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34987 |
| CVE-2023-34988 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34988 |
| CVE-2023-34989 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34989 |
| CVE-2023-36556 | An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36556 |
| CVE-2023-41841 | An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41841 |
| CVE-2023-36414 | Azure Identity SDK Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36414 |
| CVE-2023-36415 | Azure Identity SDK Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36415 |
| CVE-2023-36577 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36577 |
| CVE-2023-5511 | Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5511 |
| CVE-2023-44997 | Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44997 |
| CVE-2023-43960 | An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43960 |
| CVE-2023-5218 | Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5218 |
| CVE-2023-5474 | Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5474 |
| CVE-2023-5476 | Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5476 |
| CVE-2023-32724 | Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32724 |
| CVE-2023-45047 | Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45047 |
| CVE-2023-23651 | Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23651 |
| CVE-2023-44998 | Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44998 |
| CVE-2023-45011 | Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45011 |
| CVE-2023-45048 | Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45048 |
| CVE-2023-45052 | Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45052 |
| CVE-2023-45058 | Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45058 |
| CVE-2023-45060 | Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45060 |
| CVE-2023-45063 | Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45063 |
| CVE-2023-45068 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45068 |
| CVE-2023-32124 | Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32124 |
| CVE-2023-41131 | Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41131 |
| CVE-2023-45102 | Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45102 |
| CVE-2023-45103 | Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45103 |
| CVE-2023-45106 | Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45106 |
| CVE-2023-43149 | SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43149 |
| CVE-2023-38218 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38218 |
| CVE-2023-45107 | Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45107 |
| CVE-2023-45108 | Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45108 |
| CVE-2023-22085 | Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22085 |
| CVE-2023-22087 | Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in takeover of Hospitality OPERA 5 Property Services. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22087 |
| CVE-2023-43746 | \nWhen running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-43746 |
| CVE-2023-38219 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact. | 8.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-38219 |
| CVE-2023-40448 | The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-40448 |
| CVE-2023-45159 | 1E Client installer can perform arbitrary file deletion on protected files. \n\nA non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. \n\nA hotfix is available from the 1E support portal that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID.\n\nfor v8.1 use hotfix Q23097\nfor v8.4 use hotfix Q23105\nfor v9.0 use hotfix Q23115\n\nfor SaaS customers, use 1EClient v23.7 plus hotfix Q23121 | 8.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45159 |
| CVE-2023-36569 | Microsoft Office Elevation of Privilege Vulnerability | 8.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36569 |
| CVE-2023-22102 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22102 |
| CVE-2020-11987 | Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-11987 |
| CVE-2020-26064 | A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.\r\n The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-26064 |
| CVE-2023-4427 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4427 |
| CVE-2023-4431 | Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4431 |
| CVE-2023-38354 | MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38354 |
| CVE-2023-38355 | MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38355 |
| CVE-2023-4853 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4853 |
| CVE-2023-43804 | urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43804 |
| CVE-2023-44848 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44848 |
| CVE-2023-38166 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38166 |
| CVE-2023-41765 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41765 |
| CVE-2023-41767 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41767 |
| CVE-2023-41768 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41768 |
| CVE-2023-41769 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41769 |
| CVE-2023-41770 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41770 |
| CVE-2023-41771 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41771 |
| CVE-2023-41773 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41773 |
| CVE-2023-41774 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41774 |
| CVE-2023-26320 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26320 |
| CVE-2023-33303 | A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-33303 |
| CVE-2023-22101 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22101 |
| CVE-2023-4987 | A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Affected by this issue is some unknown functionality of the file /home/get_tasks_list of the component GET Parameter Handler. The manipulation of the argument project/status/user_id/sort/search leads to sql injection. VDB-239798 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4987 |
| CVE-2023-36697 | Microsoft Message Queuing Remote Code Execution Vulnerability | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36697 |
| CVE-2023-36778 | Microsoft Exchange Server Remote Code Execution Vulnerability | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36778 |
| CVE-2023-22094 | Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Installer executes to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Installer, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Installer accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Installer. Note: This patch is used in MySQL Server bundled version 8.0.35 and 5.7.44. CVSS 3.1 Base Score 7.9 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:H). | 7.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22094 |
| CVE-2023-22100 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H). | 7.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22100 |
| CVE-2016-8566 | An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-8566 |
| CVE-2018-4858 | A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4858 |
| CVE-2021-1052 | NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1052 |
| CVE-2021-1704 | Windows Hyper-V Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1704 |
| CVE-2021-1137 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1137 |
| CVE-2021-1480 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or allow an authenticated, local attacker to gain escalated privileges on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1480 |
| CVE-2021-1076 | NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1076 |
| CVE-2021-1514 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with Administrator privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as a low-privileged user to execute the affected commands. A successful exploit could allow the attacker to execute commands with Administrator privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1514 |
| CVE-2021-1528 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges on an affected system. This vulnerability exists because the affected software does not properly restrict access to privileged processes. An attacker could exploit this vulnerability by invoking a privileged process in the affected system. A successful exploit could allow the attacker to perform actions with the privileges of the root user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1528 |
| CVE-2022-28184 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28184 |
| CVE-2022-26929 | .NET Framework Remote Code Execution Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26929 |
| CVE-2022-20775 | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20775 |
| CVE-2022-31607 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31607 |
| CVE-2022-31608 | NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31608 |
| CVE-2022-43722 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43722 |
| CVE-2022-34670 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34670 |
| CVE-2023-21808 | .NET and Visual Studio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21808 |
| CVE-2022-48339 | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48339 |
| CVE-2023-28617 | org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28617 |
| CVE-2023-3090 | A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3090 |
| CVE-2023-3609 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3609 |
| CVE-2023-3776 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3776 |
| CVE-2023-4004 | A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4004 |
| CVE-2023-4128 | A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4128 |
| CVE-2023-40283 | An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40283 |
| CVE-2023-21235 | In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21235 |
| CVE-2023-4733 | Use After Free in GitHub repository vim/vim prior to 9.0.1840. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4733 |
| CVE-2023-4750 | Use After Free in GitHub repository vim/vim prior to 9.0.1857. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4750 |
| CVE-2023-4752 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4752 |
| CVE-2023-4781 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4781 |
| CVE-2023-31132 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31132 |
| CVE-2023-3777 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nWhen nf_tables_delrule() is flushing table rules, it is not checked whether the chain is bound and the chain's owner rule can also release the objects in certain circumstances.\n\nWe recommend upgrading past commit 6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3777 |
| CVE-2023-38139 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38139 |
| CVE-2023-38141 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38141 |
| CVE-2023-43637 | \nDue to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key\nwould always have the last 16 bytes predetermined to be "arfoobarfoobarfo".\n\nThis issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will always\nreturn "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byte\nrandomly generated key with this key (by takeing 16bytes from each, see "mergeKeys").\n\nThis makes the key a lot weaker.\n\nThis issue does not persist in devices that were initialized on/after version 7.10, but devices\nthat were initialized before that and updated to a newer version still have this issue.\n\n\n\nRoll an update that enforces the full 32bytes key usage.\n\n\n\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43637 |
| CVE-2023-41992 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41992 |
| CVE-2023-4504 | Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4504 |
| CVE-2023-42753 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42753 |
| CVE-2023-38615 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38615 |
| CVE-2023-40412 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40412 |
| CVE-2023-40419 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40419 |
| CVE-2023-40431 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40431 |
| CVE-2023-40432 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40432 |
| CVE-2023-40443 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40443 |
| CVE-2023-41063 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41063 |
| CVE-2023-41068 | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41068 |
| CVE-2023-41071 | A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41071 |
| CVE-2023-44464 | pretix before 2023.7.2 allows Pillow to parse EPS files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44464 |
| CVE-2023-3440 | Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3440 |
| CVE-2023-4911 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4911 |
| CVE-2023-30690 | Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30690 |
| CVE-2023-42824 | The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3, iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42824 |
| CVE-2023-40299 | Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40299 |
| CVE-2023-26236 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26236 |
| CVE-2023-35897 | IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35897 |
| CVE-2023-21266 | In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21266 |
| CVE-2023-40634 | In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40634 |
| CVE-2023-40635 | In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40635 |
| CVE-2023-44400 | Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44400 |
| CVE-2022-3431 | A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3431 |
| CVE-2023-5463 | A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5463 |
| CVE-2022-30527 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries.\r\n\r\nThis could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30527 |
| CVE-2023-30900 | A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30900 |
| CVE-2023-36380 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36380 |
| CVE-2023-44081 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44081 |
| CVE-2023-44082 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44082 |
| CVE-2023-44083 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44083 |
| CVE-2023-44084 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44084 |
| CVE-2023-44085 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44085 |
| CVE-2023-44086 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44086 |
| CVE-2023-44087 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44087 |
| CVE-2023-45204 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45204 |
| CVE-2023-45205 | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45205 |
| CVE-2023-45601 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45601 |
| CVE-2023-43787 | A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43787 |
| CVE-2023-43896 | A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43896 |
| CVE-2022-22298 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22298 |
| CVE-2023-25607 | An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25607 |
| CVE-2023-42788 | An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42788 |
| CVE-2023-36417 | Microsoft SQL OLE DB Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36417 |
| CVE-2023-36418 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36418 |
| CVE-2023-36420 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36420 |
| CVE-2023-36436 | Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36436 |
| CVE-2023-36557 | PrintHTML API Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36557 |
| CVE-2023-36594 | Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36594 |
| CVE-2023-36598 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36598 |
| CVE-2023-36605 | Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36605 |
| CVE-2023-36701 | Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36701 |
| CVE-2023-36702 | Microsoft DirectMusic Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36702 |
| CVE-2023-36704 | Windows Setup Files Cleanup Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36704 |
| CVE-2023-36710 | Windows Media Foundation Core Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36710 |
| CVE-2023-36711 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36711 |
| CVE-2023-36712 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36712 |
| CVE-2023-36718 | Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36718 |
| CVE-2023-36723 | Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36723 |
| CVE-2023-36725 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36725 |
| CVE-2023-36726 | Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36726 |
| CVE-2023-36729 | Named Pipe File System Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36729 |
| CVE-2023-36730 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36730 |
| CVE-2023-36731 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36731 |
| CVE-2023-36732 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36732 |
| CVE-2023-36737 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36737 |
| CVE-2023-36743 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36743 |
| CVE-2023-36785 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36785 |
| CVE-2023-36790 | Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36790 |
| CVE-2023-41766 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41766 |
| CVE-2023-41772 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41772 |
| CVE-2023-26370 | Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26370 |
| CVE-2023-4936 | It is possible to sideload a compromised DLL during the installation at elevated privilege. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4936 |
| CVE-2023-5535 | Use After Free in GitHub repository vim/vim prior to v9.0.2010. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5535 |
| CVE-2023-32722 | The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32722 |
| CVE-2020-1108 | A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-1108 |
| CVE-2020-11080 | In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11080 |
| CVE-2020-17468 | An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in fnet_ip6.c, leading to Denial-of-Service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-17468 |
| CVE-2020-17469 | An issue was discovered in FNET through 4.6.4. The code for IPv6 fragment reassembly tries to access a previous fragment starting from a network incoming fragment that still doesn't have a reference to the previous one (which supposedly resides in the reassembly list). When faced with an incoming fragment that belongs to a non-empty fragment list, IPv6 reassembly must check that there are no empty holes between the fragments: this leads to an uninitialized pointer dereference in _fnet_ip6_reassembly in fnet_ip6.c, and causes Denial-of-Service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-17469 |
| CVE-2021-1275 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1275 |
| CVE-2021-1513 | A vulnerability in the vDaemon process of Cisco SD-WAN Software could allow an unauthenticated, remote attacker to cause a device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1513 |
| CVE-2021-27434 | Products with Unified Automation .NET based OPC UA Client/Server SDK Bundle: Versions V3.0.7 and prior (.NET 4.5, 4.0, and 3.5 Framework versions only) are vulnerable to an uncontrolled recursion, which may allow an attacker to trigger a stack overflow. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-27434 |
| CVE-2021-28651 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a buffer-management bug, it allows a denial of service. When resolving a request with the urn: scheme, the parser leaks a small amount of memory. However, there is an unspecified attack methodology that can easily trigger a large amount of memory consumption. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-28651 |
| CVE-2022-23223 | On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23223 |
| CVE-2022-40146 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40146 |
| CVE-2022-43723 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43723 |
| CVE-2022-43551 | A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43551 |
| CVE-2013-10006 | A vulnerability classified as problematic was found in Ziftr primecoin up to 0.8.4rc1. Affected by this vulnerability is the function HTTPAuthorized of the file src/bitcoinrpc.cpp. The manipulation of the argument strUserPass/strRPCUserColonPass leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.8.4rc2 is able to address this issue. The patch is named cdb3441b5cd2c1bae49fae671dc4a496f7c96322. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217171. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2013-10006 |
| CVE-2013-10007 | A vulnerability classified as problematic has been found in ethitter WP-Print-Friendly up to 0.5.2. This affects an unknown part of the file wp-print-friendly.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. Upgrading to version 0.5.3 is able to address this issue. The identifier of the patch is 437787292670c20b4abe20160ebbe8428187f2b4. It is recommended to upgrade the affected component. The identifier VDB-217269 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2013-10007 |
| CVE-2010-10006 | A vulnerability, which was classified as problematic, was found in michaelliao jopenid. Affected is the function getAuthentication of the file JOpenId/src/org/expressme/openid/OpenIdManager.java. The manipulation leads to observable timing discrepancy. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.08 is able to address this issue. The name of the patch is c9baaa976b684637f0d5a50268e91846a7a719ab. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218460. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2010-10006 |
| CVE-2022-44617 | A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44617 |
| CVE-2022-46285 | A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46285 |
| CVE-2023-24998 | Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24998 |
| CVE-2023-33297 | Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-33297 |
| CVE-2023-28709 | The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28709 |
| CVE-2023-28319 | A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28319 |
| CVE-2023-36053 | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36053 |
| CVE-2020-23804 | Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-23804 |
| CVE-2022-48560 | A use-after-free exists in Python through 3.9 via heappushpop in heapq. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48560 |
| CVE-2023-20900 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20900 |
| CVE-2023-40589 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40589 |
| CVE-2023-4540 | Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. \n\nThis issue affects lua-http: all versions before commit ddab283. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4540 |
| CVE-2023-38039 | When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38039 |
| CVE-2023-3341 | The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3341 |
| CVE-2023-4236 | A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4236 |
| CVE-2023-40407 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remote attacker may be able to cause a denial-of-service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40407 |
| CVE-2023-5157 | A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5157 |
| CVE-2023-20262 | A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected.\r\n\r This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20262 |
| CVE-2023-44488 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44488 |
| CVE-2023-5344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5344 |
| CVE-2023-43261 | An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43261 |
| CVE-2023-20259 | A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device.\r\n\r This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20259 |
| CVE-2023-43793 | Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43793 |
| CVE-2023-43805 | Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43805 |
| CVE-2023-45198 | ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45198 |
| CVE-2022-3248 | A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3248 |
| CVE-2023-43810 | OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43810 |
| CVE-2023-45282 | In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45282 |
| CVE-2023-44860 | An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44860 |
| CVE-2023-43615 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43615 |
| CVE-2023-40632 | In jpg driver, there is a possible use after free due to a logic error. This could lead to remote information disclosure no additional execution privileges needed | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40632 |
| CVE-2023-45349 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45349 |
| CVE-2023-45363 | An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45363 |
| CVE-2023-45371 | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45371 |
| CVE-2023-5330 | Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5330 |
| CVE-2023-43699 | \nImproper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU\nallows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts\nare not limited.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43699 |
| CVE-2023-43700 | Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43700 |
| CVE-2023-5459 | A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. VDB-241582 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5459 |
| CVE-2023-5462 | A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5462 |
| CVE-2023-5471 | A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument usario/senha leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241608. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5471 |
| CVE-2023-40310 | SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40310 |
| CVE-2023-42189 | Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42189 |
| CVE-2023-40542 | \nWhen TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40542 |
| CVE-2023-41085 | \nWhen IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41085 |
| CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44487 |
| CVE-2023-37935 | A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-37935 |
| CVE-2023-40718 | A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40718 |
| CVE-2023-29348 | Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29348 |
| CVE-2023-36431 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36431 |
| CVE-2023-36435 | Microsoft QUIC Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36435 |
| CVE-2023-36438 | Windows TCP/IP Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36438 |
| CVE-2023-36567 | Windows Deployment Services Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36567 |
| CVE-2023-36579 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36579 |
| CVE-2023-36581 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36581 |
| CVE-2023-36585 | Active Template Library Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36585 |
| CVE-2023-36596 | Remote Procedure Call Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36596 |
| CVE-2023-36602 | Windows TCP/IP Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36602 |
| CVE-2023-36603 | Windows TCP/IP Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36603 |
| CVE-2023-36606 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36606 |
| CVE-2023-36703 | DHCP Server Service Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36703 |
| CVE-2023-36707 | Windows Deployment Services Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36707 |
| CVE-2023-36709 | Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36709 |
| CVE-2023-36720 | Windows Mixed Reality Developer Tools Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36720 |
| CVE-2023-38171 | Microsoft QUIC Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38171 |
| CVE-2023-42794 | Incomplete Cleanup vulnerability in Apache Tomcat.\n\nThe internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, \nin progress refactoring that exposed a potential denial of service on \nWindows if a web application opened a stream for an uploaded file but \nfailed to close the stream. The file would never be deleted from disk \ncreating the possibility of an eventual denial of service due to the \ndisk being full.\n\nUsers are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42794 |
| CVE-2023-36127 | User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36127 |
| CVE-2023-4990 | Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4990 |
| CVE-2023-44093 | Vulnerability of package names' public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44093 |
| CVE-2023-44096 | Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44096 |
| CVE-2023-44109 | Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44109 |
| CVE-2023-44097 | Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44097 |
| CVE-2023-44100 | Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44100 |
| CVE-2023-44101 | The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44101 |
| CVE-2023-44103 | Out-of-bounds read vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44103 |
| CVE-2023-44104 | Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44104 |
| CVE-2023-44111 | Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44111 |
| CVE-2023-44108 | Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44108 |
| CVE-2023-44114 | Out-of-bounds array vulnerability in the dataipa module.Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44114 |
| CVE-2023-44119 | Vulnerability of mutual exclusion management in the kernel module.Successful exploitation of this vulnerability will affect availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44119 |
| CVE-2023-44961 | SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44961 |
| CVE-2023-35652 | In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35652 |
| CVE-2023-36841 | \nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows a unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS).\n\nAn attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover.\n\nThis issue affects interfaces with PPPoE configured and tcp-mss enabled.\n\nThis issue affects Juniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S2;\n * 22.4 versions prior to 22.4R2;\n\n\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36841 |
| CVE-2023-36843 | \nAn Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS).\n\nUpon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device.\n\nThis issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’).\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8, 20.4R3-S9;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n\n\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36843 |
| CVE-2023-44175 | \nA Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nNote: This issue is not noticed when all the devices in the network are Juniper devices.\n\nThis issue affects Juniper Networks:\n\nJunos OS:\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R3;\n * 22.4 versions prior to 22.4R3.\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions prior to 22.3R3-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO;\n * 23.2-EVO versions prior to 23.2R1-EVO.\n\n\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44175 |
| CVE-2023-38220 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38220 |
| CVE-2023-5571 | Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5571 |
| CVE-2023-45463 | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45463 |
| CVE-2023-45468 | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45468 |
| CVE-2023-5240 | Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5240 |
| CVE-2023-41682 | A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41682 |
| CVE-2023-22019 | Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22019 |
| CVE-2023-22086 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22086 |
| CVE-2023-22108 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22108 |
| CVE-2020-18336 | Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-18336 |
| CVE-2016-9156 | A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2016-9156 |
| CVE-2022-20739 | A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20739 |
| CVE-2022-34673 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34673 |
| CVE-2022-48338 | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-48338 |
| CVE-2023-3550 | Mediawiki v1.40.0 does not validate namespaces used in XML files.\n\nTherefore, if the instance administrator allows XML file uploads,\n\na remote attacker with a low-privileged user account can use this\n\nexploit to become an administrator by sending a malicious link to\n\nthe instance administrator.\n\n\n\n | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3550 |
| CVE-2023-45248 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45248 |
| CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36561 |
| CVE-2023-36570 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36570 |
| CVE-2023-36571 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36571 |
| CVE-2023-36572 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36572 |
| CVE-2023-36573 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36573 |
| CVE-2023-36574 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36574 |
| CVE-2023-36575 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36575 |
| CVE-2023-36578 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36578 |
| CVE-2023-36582 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36582 |
| CVE-2023-36583 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36583 |
| CVE-2023-36589 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36589 |
| CVE-2023-36590 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36590 |
| CVE-2023-36591 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36591 |
| CVE-2023-36592 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36592 |
| CVE-2023-36593 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36593 |
| CVE-2023-22098 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H). | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22098 |
| CVE-2023-22099 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox as well as unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data and unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Only applicable to 7.0.x platform. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H). | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22099 |
| CVE-2021-1506 | Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-1506 |
| CVE-2023-2744 | The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-2744 |
| CVE-2023-39362 | Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39362 |
| CVE-2023-5264 | A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-5264 |
| CVE-2023-5268 | A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-5268 |
| CVE-2023-32971 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\n | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-32971 |
| CVE-2023-44847 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-44847 |
| CVE-2023-42768 | \nWhen a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-42768 |
| CVE-2023-36780 | Skype for Business Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-36780 |
| CVE-2023-36786 | Skype for Business Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-36786 |
| CVE-2023-36789 | Skype for Business Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-36789 |
| CVE-2023-26318 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-26318 |
| CVE-2023-26319 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-26319 |
| CVE-2023-23930 | vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-23930 |
| CVE-2021-1056 | NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-1056 |
| CVE-2021-1090 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-1090 |
| CVE-2022-28183 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28183 |
| CVE-2022-28185 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28185 |
| CVE-2023-3567 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3567 |
| CVE-2022-44729 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nOn version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.\n\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-44729 |
| CVE-2023-40452 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40452 |
| CVE-2023-40454 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40454 |
| CVE-2023-45244 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45244 |
| CVE-2023-45246 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45246 |
| CVE-2023-36465 | Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-36465 |
| CVE-2023-45247 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45247 |
| CVE-2023-41838 | An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41838 |
| CVE-2023-5520 | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5520 |
| CVE-2020-11884 | In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171. A crash could also occur. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2020-11884 |
| CVE-2021-3784 | Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-3784 |
| CVE-2023-36565 | Microsoft Office Graphics Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36565 |
| CVE-2023-36568 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36568 |
| CVE-2023-36721 | Windows Error Reporting Service Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36721 |
| CVE-2023-36776 | Win32k Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36776 |
| CVE-2023-36902 | Windows Runtime Remote Code Execution Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36902 |
| CVE-2023-38159 | Windows Graphics Component Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-38159 |
| CVE-2022-3728 | \nA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. \n\n | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3728 |
| CVE-2022-48182 | \nA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. \n\n | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48182 |
| CVE-2022-48183 | \nA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. \n\n | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48183 |
| CVE-2023-26366 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application's path boundary. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26366 |
| CVE-2016-5848 | Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2016-5848 |
| CVE-2020-12464 | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-12464 |
| CVE-2020-12465 | An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-12465 |
| CVE-2020-15436 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-15436 |
| CVE-2022-20930 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20930 |
| CVE-2023-21400 | In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.\n\n | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21400 |
| CVE-2023-26237 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-26237 |
| CVE-2023-21244 | In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21244 |
| CVE-2023-40653 | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-40653 |
| CVE-2023-40654 | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-40654 |
| CVE-2023-37194 | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-37194 |
| CVE-2023-35654 | In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-35654 |
| CVE-2023-35655 | In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-35655 |
| CVE-2023-29338 | Visual Studio Code Spoofing Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-29338 |
| CVE-2023-37941 | If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend.\n\nThe Superset metadata db is an 'internal' component that is typically \nonly accessible directly by the system administrator and the superset \nprocess itself. Gaining access to that database should\n be difficult and require significant privileges.\n\nThis vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.\n\n | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-37941 |
| CVE-2023-5197 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\n\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.\n\n | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-5197 |
| CVE-2023-38221 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-38221 |
| CVE-2023-38249 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-38249 |
| CVE-2023-38250 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-38250 |
| CVE-2020-3592 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system. The vulnerability is due to insufficient authorization checking on an affected system. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to gain privileges beyond what would normally be authorized for their configured user authorization level. This could allow the attacker to modify the configuration of an affected system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-3592 |
| CVE-2021-28662 | An issue was discovered in Squid 4.x before 4.15 and 5.x before 5.0.6. If a remote server sends a certain response header over HTTP or HTTPS, there is a denial of service. This header can plausibly occur in benign network traffic. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-28662 |
| CVE-2021-31806 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy) via HTTP Range request processing. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-31806 |
| CVE-2021-31808 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to an input-validation bug, it is vulnerable to a Denial of Service attack (against all clients using the proxy). A client sends an HTTP Range request to trigger this. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-31808 |
| CVE-2021-33620 | Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33620 |
| CVE-2021-31807 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. An integer overflow problem allows a remote server to achieve Denial of Service when delivering responses to HTTP Range requests. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-31807 |
| CVE-2021-34712 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct cypher query language injection attacks on an affected system. This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface of an affected system. A successful exploit could allow the attacker to obtain sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-34712 |
| CVE-2022-25187 | Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25187 |
| CVE-2022-0856 | libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Service | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0856 |
| CVE-2022-20735 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20735 |
| CVE-2022-20747 | A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20747 |
| CVE-2022-29900 | Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29900 |
| CVE-2022-29901 | Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29901 |
| CVE-2021-46784 | In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46784 |
| CVE-2022-34665 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34665 |
| CVE-2023-23915 | A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23915 |
| CVE-2023-23916 | An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23916 |
| CVE-2023-29407 | A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29407 |
| CVE-2023-29408 | The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29408 |
| CVE-2023-3180 | A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3180 |
| CVE-2020-26065 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.\r\n The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-26065 |
| CVE-2020-35357 | A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-35357 |
| CVE-2022-37050 | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-37050 |
| CVE-2022-37051 | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-37051 |
| CVE-2022-48564 | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48564 |
| CVE-2023-39265 | Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39265 |
| CVE-2023-4874 | Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4874 |
| CVE-2023-43256 | A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43256 |
| CVE-2023-39233 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39233 |
| CVE-2023-40403 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40403 |
| CVE-2023-40420 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40420 |
| CVE-2023-40441 | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40441 |
| CVE-2023-5169 | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5169 |
| CVE-2023-5171 | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5171 |
| CVE-2023-43654 | TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43654 |
| CVE-2023-44387 | Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44387 |
| CVE-2023-45367 | An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45367 |
| CVE-2023-39854 | The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39854 |
| CVE-2023-5333 | Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs. \n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5333 |
| CVE-2023-43697 | \nModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an\nunprivileged remote attacker to make the site unable to load necessary strings via changing file paths\nusing HTTP requests.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43697 |
| CVE-2023-5100 | \nCleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an\nunprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic\nthat is not encrypted.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5100 |
| CVE-2023-25822 | ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable `ltree` field type indexing limit (path length>=120, approximately recursive nesting of the nested steps). REINDEX INDEX path_gist_idx and path_idx aren't helped. The problem was fixed in `com.epam.reportportal:service-api` module version 5.10.0 (product release 23.2), where the maximum number of nested elements were programmatically limited. A workaround is available. After deletion of the data with long paths, and reindexing both indexes (path_gist_idx and path_idx), the database becomes stable and ReportPortal works properly. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25822 |
| CVE-2023-36820 | Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36820 |
| CVE-2023-41047 | OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41047 |
| CVE-2022-36228 | Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36228 |
| CVE-2023-42477 | SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42477 |
| CVE-2023-41964 | \nThe BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41964 |
| CVE-2023-30804 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30804 |
| CVE-2023-42787 | A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42787 |
| CVE-2023-44249 | An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44249 |
| CVE-2023-36429 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36429 |
| CVE-2023-36433 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36433 |
| CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36563 |
| CVE-2023-36564 | Windows Search Security Feature Bypass Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36564 |
| CVE-2023-36566 | Microsoft Common Data Model SDK Denial of Service Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36566 |
| CVE-2023-36706 | Windows Deployment Services Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36706 |
| CVE-2023-36717 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36717 |
| CVE-2023-5475 | Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5475 |
| CVE-2023-5479 | Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5479 |
| CVE-2023-5481 | Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5481 |
| CVE-2023-5483 | Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5483 |
| CVE-2023-5484 | Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5484 |
| CVE-2023-5487 | Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5487 |
| CVE-2023-36839 | \nAn Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service(DoS).\n\nThis issue occurs when specific LLDP packets are received and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S2;\n * 22.4 versions prior to 22.4R2;\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 version 21.1R1-EVO and later versions;\n * 21.2 versions prior to 21.2R3-S5-EVO;\n * 21.3 versions prior to 21.3R3-S4-EVO;\n * 21.4 versions prior to 21.4R3-S3-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R3-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO;\n * 22.4 versions prior to 22.4R1-S1-EVO;\n\n\n\n\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36839 |
| CVE-2023-5573 | Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5573 |
| CVE-2023-22059 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22059 |
| CVE-2023-22079 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22079 |
| CVE-2023-22090 | Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Events & Notifications). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22090 |
| CVE-2023-22093 | Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iRecruitment. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iRecruitment accessible data as well as unauthorized read access to a subset of Oracle iRecruitment accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22093 |
| CVE-2023-22095 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22095 |
| CVE-2023-22106 | Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: API). Supported versions that are affected are ECC: 8, 9 and 10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22106 |
| CVE-2023-22118 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22118 |
| CVE-2020-3587 | A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-3587 |
| CVE-2020-3590 | A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-3590 |
| CVE-2023-35645 | In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-35645 |
| CVE-2023-39365 | Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-39365 |
| CVE-2023-5473 | Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5473 |
| CVE-2023-22127 | Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22127 |
| CVE-2020-3579 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-3579 |
| CVE-2021-1094 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-1094 |
| CVE-2022-21813 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-21813 |
| CVE-2022-21814 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-21814 |
| CVE-2022-25321 | An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25321 |
| CVE-2022-34674 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34674 |
| CVE-2012-10002 | A vulnerability was found in ahmyi RivetTracker. It has been declared as problematic. Affected by this vulnerability is the function changeColor of the file css.php. The manipulation of the argument set_css leads to cross site scripting. The attack can be launched remotely. The patch is named 45a0f33876d58cb7e4a0f17da149e58fc893b858. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217267. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-10002 |
| CVE-2012-10003 | A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This issue affects some unknown processing. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. The attack may be initiated remotely. The patch is named f053c5cc2bc44269b0496b5f275e349928a92ef9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217271. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-10003 |
| CVE-2010-10004 | A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The identifier of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2010-10004 |
| CVE-2012-10004 | A vulnerability was found in backdrop-contrib Basic Cart on Drupal. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The patch is identified as a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-10004 |
| CVE-2013-10010 | A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2013-10010 |
| CVE-2012-10005 | A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 74897993818d826595fd5857038e6703456a594a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218155. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-10005 |
| CVE-2009-10002 | A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2009-10002 |
| CVE-2009-10003 | A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The patch is identified as be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2009-10003 |
| CVE-2012-10007 | A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The patch is named 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-10007 |
| CVE-2008-10002 | A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The patch is identified as 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2008-10002 |
| CVE-2013-10020 | A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The identifier of the patch is 3e693197bd69b7173cc16d8d2e0a7d501a2a0b06. It is recommended to upgrade the affected component. The identifier VDB-222609 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2013-10020 |
| CVE-2022-27665 | Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-27665 |
| CVE-2009-10004 | A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The identifier of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2009-10004 |
| CVE-2023-0199 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0199 |
| CVE-2012-10013 | A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The patch is named 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-10013 |
| CVE-2010-10010 | A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The identifier of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2010-10010 |
| CVE-2023-3134 | The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3134 |
| CVE-2023-3470 | \nSpecific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password. On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest.\n\nThe following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F.\n\nThe BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations.\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3470 |
| CVE-2023-41080 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.\n\nThe vulnerability is limited to the ROOT (default) web application. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41080 |
| CVE-2023-39360 | Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39360 |
| CVE-2023-43326 | A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43326 |
| CVE-2023-5113 | Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5113 |
| CVE-2023-44390 | HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44390 |
| CVE-2023-43260 | Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43260 |
| CVE-2023-45373 | An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45373 |
| CVE-2023-43698 | \nImproper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients\nbrowser via injecting code into the website.\n\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43698 |
| CVE-2023-43643 | AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43643 |
| CVE-2023-44393 | Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS code into the HTML page, which could then be executed by admin users when they visit the URL with the payload. The vulnerability is caused by the insecure injection of the `plugin_id` value from the URL into the HTML page. An attacker can exploit this vulnerability by crafting a malicious URL that contains a specially crafted `plugin_id` value. When a victim who is logged in as an administrator visits this URL, the malicious code will be injected into the HTML page and executed. This vulnerability can be exploited by any attacker who has access to a malicious URL. However, only users who are logged in as administrators are affected. This is because the vulnerability is only present on the `/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page, which is only accessible to administrators. Version 14.0.0.beta4 contains a patch for this issue. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44393 |
| CVE-2023-44812 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44812 |
| CVE-2023-44813 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44813 |
| CVE-2023-36416 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-36416 |
| CVE-2023-36126 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-36126 |
| CVE-2023-5555 | Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5555 |
| CVE-2023-5556 | Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5556 |
| CVE-2023-41680 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41680 |
| CVE-2023-41681 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41681 |
| CVE-2023-41836 | An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41836 |
| CVE-2023-22029 | Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Guided Search. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Commerce Guided Search, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Guided Search accessible data as well as unauthorized read access to a subset of Oracle Commerce Guided Search accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22029 |
| CVE-2023-22076 | Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22076 |
| CVE-2023-22080 | Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22080 |
| CVE-2023-22107 | Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: UI Components). Supported versions that are affected are ECC: 8, 9 and 10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Command Center Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Command Center Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Command Center Framework accessible data as well as unauthorized read access to a subset of Oracle Enterprise Command Center Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22107 |
| CVE-2021-1512 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system of an affected system. This vulnerability is due to insufficient validation of the user-supplied input parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content in any arbitrary files that reside on the underlying host file system. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2021-1512 |
| CVE-2023-20098 | A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.\r\n\r This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-20098 |
| CVE-2023-39189 | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-39189 |
| CVE-2023-39192 | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-39192 |
| CVE-2023-39193 | A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-39193 |
| CVE-2022-43552 | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-43552 |
| CVE-2023-27535 | An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-27535 |
| CVE-2023-27536 | An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-27536 |
| CVE-2023-27537 | A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-27537 |
| CVE-2023-28320 | A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-28320 |
| CVE-2023-28321 | An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-28321 |
| CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-48566 |
| CVE-2023-4813 | A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4813 |
| CVE-2023-38353 | MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-38353 |
| CVE-2023-5461 | A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-5461 |
| CVE-2023-22071 | Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute on sys.utl_http privilege with network access via Oracle Net to compromise PL/SQL. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PL/SQL, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PL/SQL accessible data as well as unauthorized read access to a subset of PL/SQL accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PL/SQL. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22071 |
| CVE-2023-22119 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22119 |
| CVE-2023-22122 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data as well as unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Trade Finance. CVSS 3.1 Base Score 5.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:L). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22122 |
| CVE-2023-22130 | Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22130 |
| CVE-2022-41064 | .NET Framework Information Disclosure Vulnerability | 5.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41064 |
| CVE-2023-5054 | The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer. | 5.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5054 |
| CVE-2023-4875 | Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4875 |
| CVE-2023-5460 | A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-5460 |
| CVE-2021-1053 | NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1053 |
| CVE-2021-1077 | NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1077 |
| CVE-2021-1093 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1093 |
| CVE-2021-1095 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1095 |
| CVE-2021-34700 | A vulnerability in the CLI interface of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to read arbitrary files on the underlying file system of an affected system. This vulnerability exists because access to sensitive information on an affected system is not sufficiently controlled. An attacker could exploit this vulnerability by gaining unauthorized access to sensitive information on an affected system. A successful exploit could allow the attacker to create forged authentication requests and gain unauthorized access to the web UI of an affected system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-34700 |
| CVE-2021-1546 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information. This vulnerability is due to improper protections on file access through the CLI. An attacker could exploit this vulnerability by running a CLI command that targets an arbitrary file on the local system. A successful exploit could allow the attacker to return portions of an arbitrary file, possibly resulting in the disclosure of sensitive information. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1546 |
| CVE-2022-34666 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34666 |
| CVE-2022-31615 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31615 |
| CVE-2022-41727 | An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41727 |
| CVE-2023-27114 | radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27114 |
| CVE-2023-27538 | An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27538 |
| CVE-2023-20588 | \nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \n\n\n\n\n\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20588 |
| CVE-2023-22338 | Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22338 |
| CVE-2023-22840 | Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22840 |
| CVE-2023-39250 | \n\n\nDell Storage Integration Tools for VMware (DSITV) and Dell Storage vSphere Client Plugin (DSVCP) versions prior to 6.1.1 and Replay Manager for VMware (RMSV) versions prior to 3.1.2 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks. \n\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39250 |
| CVE-2022-48064 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48064 |
| CVE-2023-42467 | QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42467 |
| CVE-2023-36803 | Windows Kernel Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36803 |
| CVE-2023-38140 | Windows Kernel Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38140 |
| CVE-2023-41991 | A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41991 |
| CVE-2023-38596 | The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38596 |
| CVE-2023-40391 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40391 |
| CVE-2023-40399 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40399 |
| CVE-2023-40402 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40402 |
| CVE-2023-40406 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40406 |
| CVE-2023-40410 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40410 |
| CVE-2023-40418 | An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40418 |
| CVE-2023-40422 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40422 |
| CVE-2023-40424 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40424 |
| CVE-2023-40426 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40426 |
| CVE-2023-40428 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to access sensitive user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40428 |
| CVE-2023-40429 | A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40429 |
| CVE-2023-40435 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40435 |
| CVE-2023-40450 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40450 |
| CVE-2023-40541 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40541 |
| CVE-2023-41066 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41066 |
| CVE-2023-41067 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41067 |
| CVE-2023-41070 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41070 |
| CVE-2023-41073 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41073 |
| CVE-2023-20253 | A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device.\r\n\r This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20253 |
| CVE-2023-26238 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26238 |
| CVE-2023-26239 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26239 |
| CVE-2023-42754 | A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42754 |
| CVE-2023-42755 | A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42755 |
| CVE-2023-5441 | NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5441 |
| CVE-2023-5366 | A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5366 |
| CVE-2023-21252 | In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21252 |
| CVE-2023-21253 | In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21253 |
| CVE-2023-21291 | In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21291 |
| CVE-2023-5182 | Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5182 |
| CVE-2023-40633 | In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40633 |
| CVE-2023-40637 | In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40637 |
| CVE-2023-40639 | In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40639 |
| CVE-2023-40640 | In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40640 |
| CVE-2023-40641 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40641 |
| CVE-2023-40642 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40642 |
| CVE-2023-40643 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40643 |
| CVE-2023-40644 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40644 |
| CVE-2023-40645 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40645 |
| CVE-2023-40646 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40646 |
| CVE-2023-40647 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40647 |
| CVE-2023-40648 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40648 |
| CVE-2023-40649 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40649 |
| CVE-2023-40650 | In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40650 |
| CVE-2023-44378 | gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44378 |
| CVE-2023-41253 | \nWhen on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41253 |
| CVE-2023-43485 | \nWhen TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43485 |
| CVE-2023-43785 | A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43785 |
| CVE-2023-43786 | A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43786 |
| CVE-2023-43788 | A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43788 |
| CVE-2023-25604 | An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25604 |
| CVE-2023-36576 | Windows Kernel Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36576 |
| CVE-2023-36713 | Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36713 |
| CVE-2023-36724 | Windows Power Management Service Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36724 |
| CVE-2023-36728 | Microsoft SQL Server Denial of Service Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36728 |
| CVE-2023-38216 | Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38216 |
| CVE-2023-38217 | Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38217 |
| CVE-2023-42298 | An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42298 |
| CVE-2023-43789 | A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43789 |
| CVE-2023-27315 | SnapGathers versions prior to 4.9 are susceptible to a vulnerability \nwhich could allow a local authenticated attacker to discover plaintext \ndomain user credentials | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27315 |
| CVE-2023-44176 | \nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.3 versions prior to 22.3R3;\n * 22.4 versions prior to 22.4R3.\n\n\n\n\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44176 |
| CVE-2023-22129 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. Note: This vunlerability only affects SPARC Systems. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22129 |
| CVE-2021-44760 | Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-44760 |
| CVE-2022-4864 | Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4864 |
| CVE-2022-4479 | The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-4479 |
| CVE-2006-10001 | A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The identifier of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2006-10001 |
| CVE-2023-2718 | The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2718 |
| CVE-2023-3575 | The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3575 |
| CVE-2023-24516 | Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24516 |
| CVE-2023-39513 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `host.php` is used to monitor and manage hosts in the _cacti_ app, hence displays useful information such as data queries and verbose logs. _CENSUS_ found that an adversary that is able to configure a data-query template with malicious code appended in the template path, in order to deploy a stored XSS attack against any user with the _General Administration>Sites/Devices/Data_ privileges. A user that possesses the _Template Editor>Data Queries_ permissions can configure the data query template path in _cacti_. Please note that such a user may be a low privileged user. This configuration occurs through `http://<HOST>/cacti/data_queries.php` by editing an existing or adding a new data query template. If a template is linked to a device then the formatted template path will be rendered in the device's management page, when a _verbose data query_ is requested. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39513 |
| CVE-2023-39514 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `graphs.php` displays graph details such as data-source paths, data template information and graph related fields. _CENSUS_ found that an adversary that is able to configure either a data-source template with malicious code appended in the data-source name or a device with a malicious payload injected in the device name, may deploy a stored XSS attack against any user with _General Administration>Graphs_ privileges. A user that possesses the _Template Editor>Data Templates_ permissions can configure the data-source name in _cacti_. Please note that this may be a _low privileged_ user. This configuration occurs through `http://<HOST>/cacti/data_templates.php` by editing an existing or adding a new data template. If a template is linked to a graph then the formatted template name will be rendered in the graph's management page. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device name in _cacti_. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should add manual HTML escaping.\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39514 |
| CVE-2023-39364 | Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39364 |
| CVE-2023-36387 | An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36387 |
| CVE-2023-40417 | A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40417 |
| CVE-2023-43191 | SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43191 |
| CVE-2023-5232 | The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5232 |
| CVE-2023-5233 | The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5233 |
| CVE-2023-5295 | The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5295 |
| CVE-2023-32671 | A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-32671 |
| CVE-2023-44758 | GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44758 |
| CVE-2023-30910 | HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30910 |
| CVE-2023-42473 | S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-42473 |
| CVE-2023-42474 | SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-42474 |
| CVE-2023-44826 | Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44826 |
| CVE-2023-5467 | The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5467 |
| CVE-2023-5468 | The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5468 |
| CVE-2023-44315 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44315 |
| CVE-2023-44763 | Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail" file upload, which allows Cross-Site Scripting (XSS). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44763 |
| CVE-2023-36555 | An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36555 |
| CVE-2023-36637 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36637 |
| CVE-2023-36584 | Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36584 |
| CVE-2023-34354 | A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-34354 |
| CVE-2023-28635 | vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username '13', they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28635 |
| CVE-2023-32721 | A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-32721 |
| CVE-2023-5470 | The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5470 |
| CVE-2023-38000 | Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-38000 |
| CVE-2023-4517 | Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4517 |
| CVE-2023-4829 | Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4829 |
| CVE-2023-4995 | The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4995 |
| CVE-2023-41843 | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41843 |
| CVE-2023-34977 | A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.0 ( 2023/07/27 ) and later\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-34977 |
| CVE-2023-22082 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22082 |
| CVE-2023-22105 | Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of BI Publisher accessible data as well as unauthorized read access to a subset of BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22105 |
| CVE-2023-22117 | Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 and 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22117 |
| CVE-2023-22121 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22121 |
| CVE-2023-22123 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22123 |
| CVE-2023-22124 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22124 |
| CVE-2023-22125 | Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 14.5-14.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Trade Finance, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Trade Finance accessible data as well as unauthorized read access to a subset of Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22125 |
| CVE-2019-12143 | A Directory Traversal issue was discovered in SSHServerAPI.dll in Progress ipswitch WS_FTP Server 2018 before 8.6.1. An attacker can supply a string using special patterns via the SCP protocol to disclose WS_FTP usernames as well as filenames. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-12143 |
| CVE-2020-17470 | An issue was discovered in FNET through 4.6.4. The code that initializes the DNS client interface structure does not set sufficiently random transaction IDs (they are always set to 1 in _fnet_dns_poll in fnet_dns.c). This significantly simplifies DNS cache poisoning attacks. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-17470 |
| CVE-2021-1486 | A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to enumerate user accounts. This vulnerability is due to the improper handling of HTTP headers. An attacker could exploit this vulnerability by sending authenticated requests to an affected system. A successful exploit could allow the attacker to compare the HTTP responses that are returned by the affected system to determine which accounts are valid user accounts. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-1486 |
| CVE-2022-25319 | An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25319 |
| CVE-2022-38398 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to load a url thru the jar protocol. This issue affects Apache XML Graphics Batik 1.14. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38398 |
| CVE-2022-38648 | Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to fetch external resources. This issue affects Apache XML Graphics Batik 1.14. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38648 |
| CVE-2022-20830 | A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC without authentication. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20830 |
| CVE-2023-40217 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40217 |
| CVE-2023-32370 | A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. Content Security Policy to block domains with wildcards may fail. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-32370 |
| CVE-2023-40167 | Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40167 |
| CVE-2023-41295 | Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41295 |
| CVE-2022-4145 | A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4145 |
| CVE-2023-44386 | Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44386 |
| CVE-2023-4469 | The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4469 |
| CVE-2023-42445 | Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42445 |
| CVE-2023-45364 | An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45364 |
| CVE-2023-45370 | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45370 |
| CVE-2023-45372 | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45372 |
| CVE-2023-45374 | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45374 |
| CVE-2023-5331 | Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5331 |
| CVE-2023-5101 | \nFiles or Directories Accessible to External Parties in RDT400 in SICK APU allows an\nunprivileged remote attacker to download various files from the server via HTTP requests.\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5101 |
| CVE-2023-5102 | \nInsufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5102 |
| CVE-2023-43623 | A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43623 |
| CVE-2023-30802 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30802 |
| CVE-2023-41675 | A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41675 |
| CVE-2023-42782 | A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42782 |
| CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41763 |
| CVE-2023-42795 | Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could \ncause Tomcat to skip some parts of the recycling process leading to \ninformation leaking from the current request/response to the next.\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42795 |
| CVE-2023-45648 | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially \ncrafted, invalid trailer header could cause Tomcat to treat a single \nrequest as multiple requests leading to the possibility of request \nsmuggling when behind a reverse proxy.\n\nUsers are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45648 |
| CVE-2023-44094 | Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44094 |
| CVE-2023-41304 | Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41304 |
| CVE-2023-44102 | Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44102 |
| CVE-2023-44962 | File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44962 |
| CVE-2023-41261 | An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41261 |
| CVE-2023-38251 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-38251 |
| CVE-2023-22067 | Vulnerability in Oracle Java SE (component: CORBA). Supported versions that are affected are Oracle Java SE: 8u381 and 8u381-perf. Easily exploitable vulnerability allows unauthenticated attacker with network access via CORBA to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22067 |
| CVE-2023-22081 | Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22081 |
| CVE-2023-22126 | Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22126 |
| CVE-2023-21722 | .NET Framework Denial of Service Vulnerability | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21722 |
| CVE-2021-28652 | An issue was discovered in Squid before 4.15 and 5.x before 5.0.6. Due to incorrect parser validation, it allows a Denial of Service attack against the Cache Manager API. This allows a trusted client to trigger memory leaks that. over time, lead to a Denial of Service via an unspecified short query string. This attack is limited to clients with Cache Manager API access privilege. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-28652 |
| CVE-2023-45129 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-45129 |
| CVE-2023-26367 | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-26367 |
| CVE-2023-22015 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22015 |
| CVE-2023-22026 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22026 |
| CVE-2023-22028 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22028 |
| CVE-2023-22032 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22032 |
| CVE-2023-22064 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22064 |
| CVE-2023-22065 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22065 |
| CVE-2023-22066 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22066 |
| CVE-2023-22068 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22068 |
| CVE-2023-22070 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22070 |
| CVE-2023-22077 | Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having DBA account privilege with network access via Oracle Net to compromise Oracle Database Recovery Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Database Recovery Manager. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22077 |
| CVE-2023-22078 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22078 |
| CVE-2023-22084 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22084 |
| CVE-2023-22092 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22092 |
| CVE-2023-22097 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22097 |
| CVE-2023-22103 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22103 |
| CVE-2023-22104 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22104 |
| CVE-2023-22110 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22110 |
| CVE-2023-22111 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22111 |
| CVE-2023-22112 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22112 |
| CVE-2023-22114 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22114 |
| CVE-2023-22115 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22115 |
| CVE-2021-36828 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) in WP Maintenance plugin <= 6.0.7 versions.\n\n | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36828 |
| CVE-2023-1400 | The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1400 |
| CVE-2023-39366 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. \nCENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39366 |
| CVE-2023-39510 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The`reports_admin.php` script displays reporting information about graphs, devices, data sources etc.\nCENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39510 |
| CVE-2023-39512 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration, device name related to the datasource etc.) for different data visualizations of the _cacti_ app. _CENSUS_ found that an adversary that is able to configure a malicious device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39512 |
| CVE-2023-39515 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39515 |
| CVE-2023-39516 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the 'General Administration>Sites/Devices/Data' permissions can configure the data source path in Cacti. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. The same page can be used for previewing the data source path. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually escape HTML output.\n | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39516 |
| CVE-2023-39511 | Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports_admin.php` displays reporting information about graphs, devices, data sources etc. _CENSUS_ found that an adversary that is able to configure a malicious device name, related to a graph attached to a report, can deploy a stored XSS attack against any super user who has privileges of viewing the `reports_admin.php` page, such as administrative accounts. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports_admin.php` when the a graph with the maliciously altered device name is linked to the report. This issue has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to upgrade should manually filter HTML output.\n | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39511 |
| CVE-2023-4802 | A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4802 |
| CVE-2023-4803 | A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4803 |
| CVE-2022-35950 | OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a note for it. Versions 5.0.11 and 5.1.1 contain a fix for this issue.\n | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-35950 |
| CVE-2023-5564 | Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5564 |
| CVE-2023-22091 | Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM for JDK accessible data as well as unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22091 |
| CVE-2023-22109 | Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Dashboards). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-22109 |
| CVE-2022-20734 | A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20734 |
| CVE-2022-44730 | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.\n\nA malicious SVG can probe user profile / data and send it directly as parameter to a URL.\n\n | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-44730 |
| CVE-2023-23370 | An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.1.0.0518 and later\n | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23370 |
| CVE-2023-23371 | A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nQVPN Windows 2.2.0.0823 and later\n | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23371 |
| CVE-2023-40631 | In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40631 |
| CVE-2023-40636 | In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40636 |
| CVE-2023-40638 | In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40638 |
| CVE-2023-40651 | In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40651 |
| CVE-2023-40652 | In jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40652 |
| CVE-2023-39194 | A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39194 |
| CVE-2023-37195 | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-37195 |
| CVE-2023-38640 | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-38640 |
| CVE-2023-39447 | \nWhen BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39447 |
| CVE-2023-36698 | Windows Kernel Security Feature Bypass Vulnerability | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36698 |
| CVE-2023-36722 | Active Directory Domain Services Information Disclosure Vulnerability | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36722 |
| CVE-2023-35653 | In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.\n\n | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-35653 |
| CVE-2023-1259 | The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1259 |
| CVE-2019-0608 | A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-0608 |
| CVE-2019-1357 | A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-1357 |
| CVE-2020-3591 | A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-3591 |
| CVE-2023-2465 | Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2465 |
| CVE-2023-30534 | Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30534 |
| CVE-2023-4900 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4900 |
| CVE-2023-4901 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4901 |
| CVE-2023-4902 | Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4902 |
| CVE-2023-4903 | Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4903 |
| CVE-2023-4904 | Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4904 |
| CVE-2023-4905 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4905 |
| CVE-2023-4906 | Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4906 |
| CVE-2023-4907 | Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4907 |
| CVE-2023-4908 | Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4908 |
| CVE-2023-4909 | Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4909 |
| CVE-2023-36479 | Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36479 |
| CVE-2023-41900 | Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41900 |
| CVE-2023-40388 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40388 |
| CVE-2023-45369 | An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45369 |
| CVE-2023-5103 | Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into\nclicking on an actionable item using an iframe.\n\n\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5103 |
| CVE-2023-41365 | SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.\n\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41365 |
| CVE-2023-42475 | The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.\n\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42475 |
| CVE-2023-5498 | Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5498 |
| CVE-2023-33301 | An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-33301 |
| CVE-2023-44110 | Out-of-bounds access vulnerability in the audio module.Successful exploitation of this vulnerability may affect availability. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44110 |
| CVE-2023-4957 | A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4957 |
| CVE-2023-5477 | Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5477 |
| CVE-2023-5478 | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5478 |
| CVE-2023-5485 | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5485 |
| CVE-2023-5486 | Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5486 |
| CVE-2023-5531 | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image lightboxes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5531 |
| CVE-2023-39999 | Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-39999 |
| CVE-2023-4834 | In Red Lion Europe mbCONNECT24 and mymbCONNECT24 and Helmholz myREX24 and myREX24.virtual up to and including 2.14.2 an improperly implemented access validation allows an authenticated, low privileged attacker to gain read access to limited, non-critical device information in his account he should not have access to.\n\n\n\n\t\t\t\t\t\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4834 |
| CVE-2023-22073 | Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Notification Server executes to compromise Oracle Notification Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Notification Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22073 |
| CVE-2023-22083 | Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Enterprise Session Border Controller. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Enterprise Session Border Controller accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22083 |
| CVE-2023-22088 | Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management). Supported versions that are affected are 7.4.0 and 7.4.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22088 |
| CVE-2023-22096 | Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22096 |
| CVE-2023-4828 | An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that the agent sends all future communications to an attacker-chosen URL. This could result in disclosure of sensitive data events from the agent about the personally identifiable information (PII) and intellectual property it monitors, and all such data could be altered or deleted before reaching the ITM Server. An attacker must first successfully obtain valid agent credentials and agent hostname. All versions prior to 7.14.3.69 are affected. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-4828 |
| CVE-2023-36559 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-36559 |
| CVE-2023-44384 | Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. | 4.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44384 |
| CVE-2023-20867 | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | 3.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-20867 |
| CVE-2023-28322 | An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28322 |
| CVE-2023-41263 | An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-41263 |
| CVE-2023-22025 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u381-perf, 17.0.8, 20.0.2; Oracle GraalVM for JDK: 17.0.8 and 20.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-22025 |
| CVE-2023-40442 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40442 |
| CVE-2023-35990 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-35990 |
| CVE-2023-37448 | A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-37448 |
| CVE-2023-40384 | A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40384 |
| CVE-2023-40386 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40386 |
| CVE-2023-40395 | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40395 |
| CVE-2023-40427 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40427 |
| CVE-2023-40434 | A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40434 |
| CVE-2023-40456 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40456 |
| CVE-2023-40520 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40520 |
| CVE-2023-41065 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41065 |
| CVE-2023-37939 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-37939 |
| CVE-2023-22128 | Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via rquota to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | 3.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22128 |
| CVE-2023-4089 | On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4089 |
| CVE-2023-22113 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-22113 |
| CVE-2016-5849 | Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. | 2.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-5849 |
| CVE-2023-22074 | Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L). | 2.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22074 |
| CVE-2023-22075 | Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Create Any View, Select Any Table privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L). | 2.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22075 |
| CVE-1999-1170 | IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | – | https://nvd.nist.gov/vuln/detail/CVE-1999-1170 |
| CVE-1999-1171 | IPswitch WS_FTP allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920. | – | https://nvd.nist.gov/vuln/detail/CVE-1999-1171 |
| CVE-2001-1021 | Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD. | – | https://nvd.nist.gov/vuln/detail/CVE-2001-1021 |
| CVE-2002-0826 | Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. | – | https://nvd.nist.gov/vuln/detail/CVE-2002-0826 |
| CVE-2003-0772 | Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via long (1) APPE (append) or (2) STAT (status) arguments. | – | https://nvd.nist.gov/vuln/detail/CVE-2003-0772 |
| CVE-2004-1884 | Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | – | https://nvd.nist.gov/vuln/detail/CVE-2004-1884 |
| CVE-2004-1643 | WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence. | – | https://nvd.nist.gov/vuln/detail/CVE-2004-1643 |
| CVE-2004-1885 | Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. | – | https://nvd.nist.gov/vuln/detail/CVE-2004-1885 |
| CVE-2004-1883 | Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. | – | https://nvd.nist.gov/vuln/detail/CVE-2004-1883 |
| CVE-2004-1848 | Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. | – | https://nvd.nist.gov/vuln/detail/CVE-2004-1848 |
| CVE-2006-4847 | Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix 1 allow remote authenticated users to execute arbitrary code via long (1) XCRC, (2) XSHA1, or (3) XMD5 commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2006-4847 |
| CVE-2006-5001 | Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, prevents certain sensitive information from being displayed in the (1) Files and (2) Summary tabs. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2006-5001 |
| CVE-2006-5000 | Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2006-5000 |
| CVE-2006-5541 | backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. | – | https://nvd.nist.gov/vuln/detail/CVE-2006-5541 |
| CVE-2008-0590 | Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-0590 |
| CVE-2011-4330 | Stack-based buffer overflow in the hfs_mac2asc function in fs/hfs/trans.c in the Linux kernel 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via an HFS image with a crafted len field. | – | https://nvd.nist.gov/vuln/detail/CVE-2011-4330 |
| CVE-2012-2123 | The cap_bprm_set_creds function in security/commoncap.c in the Linux kernel before 3.3.3 does not properly handle the use of file system capabilities (aka fcaps) for implementing a privileged executable file, which allows local users to bypass intended personality restrictions via a crafted application, as demonstrated by an attack that uses a parent process to disable ASLR. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-2123 |
| CVE-2012-2136 | The sock_alloc_send_pskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service (heap-based buffer overflow and system crash) or possibly gain privileges by leveraging access to a TUN/TAP device. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-2136 |
| CVE-2012-3380 | Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-3380 |
| CVE-2023-43641 | libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43641 |
| CVE-2023-5495 | A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5495 |
| CVE-2023-44689 | e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44689 |
| CVE-2023-45194 | Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45194 |
| CVE-2022-42451 | Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42451 |
| CVE-2022-44757 | BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44757 |
| CVE-2022-44758 | BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44758 |
| CVE-2023-37536 | An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37536 |
| CVE-2023-42138 | Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42138 |
| CVE-2023-44095 | Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44095 |
| CVE-2023-44981 | Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default.\n\nUsers are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue.\n\nAlternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue.\n\nSee the documentation for more details on correct cluster administration.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44981 |
| CVE-2023-37538 | HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37538 |
| CVE-2023-45396 | An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45396 |
| CVE-2023-27380 | An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27380 |
| CVE-2023-28381 | An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28381 |
| CVE-2023-34356 | An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34356 |
| CVE-2023-35193 | An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35193 |
| CVE-2023-35194 | An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35194 |
| CVE-2023-38817 | An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\\SYSTEM was "deactivated by Microsoft itself." | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38817 |
| CVE-2023-35649 | In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35649 |
| CVE-2023-35660 | In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35660 |
| CVE-2023-35661 | In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35661 |
| CVE-2023-35662 | there is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35662 |
| CVE-2023-40141 | In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40141 |
| CVE-2023-40142 | In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40142 |
| CVE-2023-41881 | vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41881 |
| CVE-2023-41882 | vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41882 |
| CVE-2023-43661 | Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43661 |
| CVE-2023-3781 | there is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3781 |
| CVE-2023-44186 | \nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44186 |
| CVE-2023-44187 | An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 20.4R3-S7-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S5-EVO;\n * 21.3 versions prior to 21.3R3-S4-EVO;\n * 21.4 versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R2-EVO.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44187 |
| CVE-2023-44188 | \nA Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition.\n\nThis issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart.\n\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * 20.4 versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S2, 22.4R3;\n * 23.1 versions prior to 23.1R2;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 19.4R1.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44188 |
| CVE-2023-45132 | NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45132 |
| CVE-2023-39325 | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39325 |
| CVE-2023-44189 | \nAn Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.\n\nThis issue affects Juniper Networks Junos OS Evolved on PTX10003 Series:\n\n\n\n * All versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 version 22.2R1-EVO and later versions;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44189 |
| CVE-2023-44190 | \nAn Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device.\n\nThis issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016:\n\n\n\n * All versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions 22.2R1-EVO and later;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44190 |
| CVE-2023-1943 | Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1943 |
| CVE-2023-40829 | There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40829 |
| CVE-2023-29453 | Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29453 |
| CVE-2023-22308 | An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22308 |
| CVE-2023-22325 | A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22325 |
| CVE-2023-23581 | A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23581 |
| CVE-2023-25774 | A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25774 |
| CVE-2023-27395 | A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27395 |
| CVE-2023-27516 | An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27516 |
| CVE-2023-31192 | An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31192 |
| CVE-2023-32275 | An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32275 |
| CVE-2023-32634 | An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32634 |
| CVE-2023-43147 | PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43147 |
| CVE-2023-45133 | Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45133 |
| CVE-2023-45138 | Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights. The vulnerability has been fixed in Change Request 1.9.2. It's possible to workaround the issue without upgrading by editing the document `ChangeRequest.Code.ChangeRequestSheet` and by performing the same change as in the fix commit. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45138 |
| CVE-2023-45142 | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45142 |
| CVE-2023-45143 | Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45143 |
| CVE-2023-5072 | Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. \n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5072 |
| CVE-2023-27312 | SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are \nsusceptible to a vulnerability which may allow authenticated \nunprivileged users to modify email and snapshot name settings within the\n VMware vSphere user interface.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27312 |
| CVE-2023-27313 | SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a \nvulnerability which may allow an authenticated unprivileged user to gain\n access as an admin user.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27313 |
| CVE-2023-27314 | ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, \n9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow\n a remote unauthenticated attacker to cause a crash of the HTTP service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27314 |
| CVE-2023-43148 | SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43148 |
| CVE-2023-23632 | BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23632 |
| CVE-2023-5562 | An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently.\n\n\n\n\nKNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks.\n\n\nKNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor's knime.ini.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5562 |
| CVE-2023-45510 | tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45510 |
| CVE-2023-45511 | A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45511 |
| CVE-2023-27316 | SnapCenter versions 4.8 through 4.9 are susceptible to a \nvulnerability which may allow an authenticated SnapCenter Server user to\n become an admin user on a remote system where a SnapCenter plug-in has \nbeen installed. \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27316 |
| CVE-2023-22392 | \nA Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nPTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc".\n\nThe following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.\n\nexpr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw\nexpr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware\nexpr_dfw_base_hw_add:52 Failed to add h/w sfm data.\nexpr_dfw_base_hw_create:114 Failed to add h/w data.\nexpr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__\nexpr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0\nexpr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!\nexpr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure\nexpr_dfw_bp_topo_handler:1102 Failed to program fnum.\nexpr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.\nThis issue affects Juniper Networks Junos OS:\n\non PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs:\n\n\n\n * All versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R3;\n * 21.4 versions prior to 21.4R2-S2, 21.4R3;\n * 22.1 versions prior to 22.1R1-S2, 22.1R2.\n\n\n\n\non PTX3000, PTX5000, QFX10000:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3\n * 22.2 versions prior to 22.2R3-S1\n * 22.3 versions prior to 22.3R2-S2, 22.3R3\n * 22.4 versions prior to 22.4R2.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22392 |
| CVE-2023-44177 | \nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS:\n\n\n\n * All versions prior to 19.1R3-S10;\n * 19.2 versions prior to 19.2R3-S7;\n * 19.3 versions prior to 19.3R3-S8;\n * 19.4 versions prior to 19.4R3-S12;\n * 20.2 versions prior to 20.2R3-S8;\n * 20.4 versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S1;\n * 22.3 versions prior to 22.3R3;\n * 22.4 versions prior to 22.4R2.\n\n\n\n\nJunos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 versions prior to 22.2R3-S1-EVO;\n * 22.3 versions prior to 22.3R3-EVO;\n * 22.4 versions prior to 22.4R2-EVO.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44177 |
| CVE-2023-44178 | \nA Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service.\n\nRepeated actions by the attacker will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\n\nJunos OS\n\n\n\n * All versions prior to 19.1R3-S10;\n * 19.2 versions prior to 19.2R3-S7;\n * 19.3 versions prior to 19.3R3-S8;\n * 19.4 versions prior to 19.4R3-S12;\n * 20.2 versions prior to 20.2R3-S8;\n * 20.4 versions prior to 20.4R3-S8;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44178 |
| CVE-2023-44181 | \nAn Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog.\n\nThis issue is triggered when Storm control is enabled and ICMPv6 packets are present on device.\n\nThis issue affects Juniper Networks:\n\nJunos OS\n\n\n\n * All versions prior to 20.2R3-S6 on QFX5k;\n * 20.3 versions prior to 20.3R3-S5 on QFX5k;\n * 20.4 versions prior to 20.4R3-S5 on QFX5k;\n * 21.1 versions prior to 21.1R3-S4 on QFX5k;\n * 21.2 versions prior to 21.2R3-S3 on QFX5k;\n * 21.3 versions prior to 21.3R3-S2 on QFX5k;\n * 21.4 versions prior to 21.4R3 on QFX5k;\n * 22.1 versions prior to 22.1R3 on QFX5k;\n * 22.2 versions prior to 22.2R2 on QFX5k.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44181 |
| CVE-2023-44182 | \nAn Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operators actions to occur.\n\nMultiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R2-S2, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO;\n * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44182 |
| CVE-2023-44183 | \nAn Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur.\n\nAn indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing.\n\nUse the following command to determine if FPC0 has gone missing from the device.\n\nshow chassis fpc detail\nThis issue affects:\n\nJuniper Networks Junos OS on QFX5000 Series, EX4600 Series:\n\n\n\n * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S1;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44183 |
| CVE-2023-44184 | \nAn Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3;\n * 22.4 versions prior to 22.4R1-S2, 22.4R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 21.4R3-S4-EVO;\n * 22.1 versions prior to 22.1R3-S2-EVO;\n * 22.2 versions prior to 22.2R3-EVO;\n * 22.3 versions prior to 22.3R3-EVO;\n * 22.4 versions prior to 22.4R2-EVO.\n\n\n\n\nAn indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command:\n\nmgd process example:\n\nuser@device-re#> show system processes extensive | match "mgd|PID" | except last\nPID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND\n92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage.\nExample to check for NETCONF activity:\n\nWhile there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'"\n\nFor example:\n\nmgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf'\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44184 |
| CVE-2023-44185 | \nAn Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS )to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet.\n\nContinued receipt of this packet will cause a sustained Denial of Service condition.\n\nThis issue affects:\n\n\n\n * Juniper Networks Junos OS:\n * All versions prior to 20.4R3-S6;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R2-S2, 22.1R3;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nJuniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S6-EVO;\n * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO;\n * 21.3-EVO versions prior to 21.3R3-S3-EVO;\n * 21.4-EVO versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO versions prior to 22.1R3-EVO;\n * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\n * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44185 |
| CVE-2023-44191 | \nAn Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS).\n\nOn all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections.\n\nThis issue affects:\n\nJuniper Networks Junos OS on QFX5000 Series and EX4000 Series\n\n\n\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S1;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 21.1R1\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44191 |
| CVE-2023-44192 | \nAn Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS).\n\nOn all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak.\n\nTo confirm the memory leak, monitor for "sheaf:possible leak" and "vtep not found" messages in the logs.\n\nThis issue affects:\n\nJuniper Networks Junos OS QFX5000 Series:\n\n\n\n * All versions prior to 20.4R3-S6;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S5;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S2;\n * 22.2 versions prior to 22.2R2-S2, 22.2R3;\n * 22.3 versions prior to 22.3R2-S1, 22.3R3;\n * 22.4 versions prior to 22.4R1-S2, 22.4R2.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44192 |
| CVE-2023-44193 | \nAn Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS).\n\nOn all Junos MX Series with MPC1 - MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition.\n\nThis issue affects:\n\nJuniper Networks Junos OS on MX Series:\n\n\n\n * All versions prior to 20.4R3-S7;\n * 21.1 versions prior to 21.1R3-S5;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S4;\n * 21.4 versions prior to 21.4R3-S3;\n * 22.1 versions prior to 22.1R3-S1;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44193 |
| CVE-2023-44194 | \nAn Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges.\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S1.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44194 |
| CVE-2023-44195 | \nAn Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network based attacker to cause limited impact to the availability of the system.\n\nIf specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access.\n\nCVE-2023-44196 is a prerequisite for this issue.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * 21.3-EVO versions prior to 21.3R3-S5-EVO;\n * 21.4-EVO versions prior to 21.4R3-S4-EVO;\n * 22.1-EVO version 22.1R1-EVO and later;\n * 22.2-EVO version 22.2R1-EVO and later;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO.\n\n\n\n\nThis issue doesn't not affected Junos OS Evolved versions prior to 21.3R1-EVO.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44195 |
| CVE-2023-44196 | \nAn Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system.\n\nWhen specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195.\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1-EVO version 21.1R1-EVO and later;\n * 21.2-EVO versions prior to 21.2R3-S6-EVO;\n * 21.3-EVO version 21.3R1-EVO and later;\n * 21.4-EVO versions prior to 21.4R3-S3-EVO;\n * 22.1-EVO versions prior to 22.1R3-S4-EVO;\n * 22.2-EVO versions prior to 22.2R3-S3-EVO;\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO;\n * 22.4-EVO versions prior to 22.4R2-EVO.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44196 |
| CVE-2023-44197 | \nAn Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes.\n\nThis issue affects Juniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5.\n\n\n\n\nThis issue affects Juniper Networks Junos OS Evolved:\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1-EVO version 21.1R1-EVO and later versions;\n * 21.2-EVO versions prior to 21.2R3-S2-EVO;\n * 21.3-EVO version 21.3R1-EVO and later versions;\n * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44197 |
| CVE-2023-44198 | \nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks.\n\nIf the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid.\n\nThis issue affects Juniper Networks Junos OS on SRX Series and MX Series:\n\n\n\n * 20.4 versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S4;\n * 21.3 versions prior to 21.3R3-S3;\n * 21.4 versions prior to 21.4R3-S2;\n * 22.1 versions prior to 22.1R2-S2, 22.1R3;\n * 22.2 versions prior to 22.2R2-S1, 22.2R3;\n * 22.3 versions prior to 22.3R1-S2, 22.3R2.\n\n\n\n\nThis issue doesn't not affected releases prior to 20.4R1.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44198 |
| CVE-2023-44199 | \nAn Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\nOn Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\n\n\n\n * All versions prior to 20.4R3-S4;\n * 21.1 version 21.1R1 and later versions;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3;\n * 22.1 versions prior to 22.1R3;\n * 22.2 versions prior to 22.2R1-S1, 22.2R2.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44199 |
| CVE-2023-44201 | \nAn Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions.\n\nWhen a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions prior to 20.4R3-S4;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S2;\n * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1;\n * 21.4 versions prior to 21.4R2-S1, 21.4R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S4-EVO;\n * 21.1 versions prior to 21.1R3-S2-EVO;\n * 21.2 versions prior to 21.2R3-S2-EVO;\n * 21.3 versions prior to 21.3R3-S1-EVO;\n * 21.4 versions prior to 21.4R2-S2-EVO.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44201 |
| CVE-2023-44203 | \nAn Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS).\n\nWhen a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood.\n\nThis issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only.\n\nThis issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600:\n\n\n\n * All versions prior to 20.4R3-S5;\n * 21.1 versions prior to 21.1R3-S4;\n * 21.2 versions prior to 21.2R3-S3;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S2;\n * 22.1 versions prior to 22.1R3;\n * 22.2 versions prior to 22.2R3;\n * 22.3 versions prior to 22.3R2.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44203 |
| CVE-2023-44204 | \nAn Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nWhen a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts.\n\nThis issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * 21.4 versions prior to 21.4R3-S4;\n * 22.1 versions prior to 22.1R3-S3;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1, 23.2R2;\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S3-EVO;\n * 22.2 versions prior to 22.2R3-S3-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO;\n * 22.4 versions prior to 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO;\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44204 |
| CVE-2023-5563 | The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5563 |
| CVE-2023-42752 | An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42752 |
| CVE-2023-4562 | Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4562 |
| CVE-2023-5557 | A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5557 |
| CVE-2023-43079 | \nDell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43079 |
| CVE-2023-29464 | \nFactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29464 |
| CVE-2023-39960 | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39960 |
| CVE-2023-45130 | Frontier is Substrate's Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier's maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain's limit. This is especially an issue for XCM transactions, because they can't be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it's recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It's recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45130 |
| CVE-2023-45162 | Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. \n\nApplication of the relevant hotfix remediates this issue.\n\nfor v8.1.2 apply hotfix Q23166\nfor v8.4.1 apply hotfix Q23164\nfor v9.0.1 apply hotfix Q23173\n\nSaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45162 |
| CVE-2023-45464 | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45464 |
| CVE-2023-45465 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45465 |
| CVE-2023-45467 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45467 |
| CVE-2023-45109 | Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45109 |
| CVE-2023-45391 | A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45391 |
| CVE-2023-45393 | An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45393 |
| CVE-2023-45267 | Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45267 |
| CVE-2023-45268 | Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45268 |
| CVE-2023-40682 | IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40682 |
| CVE-2023-45269 | Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.23 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45269 |
| CVE-2023-45270 | Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45270 |
| CVE-2023-45276 | Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45276 |
| CVE-2023-4499 | A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4499 |
| CVE-2023-5409 | HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5409 |
| CVE-2023-5449 | A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5449 |
| CVE-2023-32970 | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.\nQES is not affected.\n\nWe have already fixed the vulnerability in the following versions:\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2453 build 20230708 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32970 |
| CVE-2023-32973 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.0.1.2515 build 20230907 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\nQuTScloud c5.1.0.2498 and later\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32973 |
| CVE-2023-32974 | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.0.2444 build 20230629 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTScloud c5.1.0.2498 and later\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32974 |
| CVE-2023-32976 | An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nContainer Station 2.6.7.44 and later\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32976 |
| CVE-2023-34975 | A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.0 ( 2023/07/27 ) and later\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34975 |
| CVE-2023-34976 | A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.0 ( 2023/07/27 ) and later\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34976 |
| CVE-2023-4263 | Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4263 |
| CVE-2023-4257 | Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4257 |
| CVE-2023-45674 | Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot's web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45674 |
| CVE-2023-45852 | In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45852 |
| CVE-2023-45853 | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45853 |
| CVE-2023-30148 | Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30148 |
| CVE-2023-30154 | Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the 'id_product' parameter in hooks DisplayRightColumnProduct and DisplayProductButtons. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30154 |
| CVE-2023-26155 | All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26155 |
| CVE-2023-44037 | An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44037 |
| CVE-2023-45855 | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45855 |
| CVE-2023-45856 | qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45856 |
| CVE-2023-42663 | Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42663 |
| CVE-2023-42780 | Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42780 |
| CVE-2023-42792 | Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42792 |
| CVE-2023-45348 | \nApache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default.\nIt is recommended to upgrade to a version that is not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45348 |
| CVE-2023-5578 | A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \\intranet\\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument cod_agenda with the input ");'> --redacted-- leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5578 |
| CVE-2023-5579 | A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242144. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5579 |
| CVE-2023-5580 | A vulnerability classified as critical has been found in SourceCodester Library System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-242145 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5580 |
| CVE-2023-5581 | A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5581 |
| CVE-2023-5582 | A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5582 |
| CVE-2022-32755 | IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32755 |
| CVE-2022-33161 | IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33161 |
| CVE-2022-33165 | IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33165 |
| CVE-2022-43740 | IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43740 |
| CVE-2022-43868 | IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43868 |
| CVE-2023-35024 | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35024 |
| CVE-2023-45176 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45176 |
| CVE-2023-30994 | IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30994 |
| CVE-2023-40367 | IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40367 |
| CVE-2023-45862 | An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45862 |
| CVE-2023-45863 | An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45863 |
| CVE-2023-5585 | A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input ">--redacted-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5585 |
| CVE-2023-45871 | An issue was discovered in drivers/net/ethernet/intel/igb/igb_main.c in the IGB driver in the Linux kernel before 6.5.3. A buffer size may not be adequate for frames larger than the MTU. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45871 |
| CVE-2023-5586 | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3.0-DEV. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5586 |
| CVE-2023-40378 | IBM Directory Server for IBM i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263584. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40378 |
| CVE-2018-25091 | urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive). | – | https://nvd.nist.gov/vuln/detail/CVE-2018-25091 |
| CVE-2023-38312 | A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38312 |
| CVE-2023-5587 | A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /vm/admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-242186 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5587 |
| CVE-2023-5588 | A vulnerability was found in kphrx pleroma. It has been classified as problematic. This affects the function Pleroma.Emoji.Pack of the file lib/pleroma/emoji/pack.ex. The manipulation of the argument name leads to path traversal. The complexity of an attack is rather high. The exploitability is told to be difficult. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 2c795094535537a8607cc0d3b7f076a609636f40. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-242187. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5588 |
| CVE-2023-5589 | A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242188. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5589 |
| CVE-2023-5590 | NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5590 |
| CVE-2022-48612 | A Universal Cross Site Scripting (UXSS) vulnerability in ClassLink OneClick Extension through 10.7 allows remote attackers to inject JavaScript into any webpage, because a regular expression (validating whether a URL is controlled by ClassLink) is not present in all applicable places. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48612 |
| CVE-2023-35013 | IBM Security Verify Governance 10.0, Identity Manager could allow a local privileged user to obtain sensitive information from source code. IBM X-Force ID: 257769. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35013 |
| CVE-2023-35018 | IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. IBM X-Force ID: 259382. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35018 |
| CVE-2023-33836 | IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 256016. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33836 |
| CVE-2023-40377 | Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain component access to the host operating system. IBM X-Force ID: 263583. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40377 |
| CVE-2023-5591 | SQL Injection in GitHub repository librenms/librenms prior to 23.10.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5591 |
| CVE-2023-38280 | IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. IBM X-Force ID: 260740. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38280 |
| CVE-2023-40791 | extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40791 |
| CVE-2023-45898 | The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45898 |
| CVE-2023-36340 | TOTOLINK NR1800X V9.1.0u.6279_B20210910 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36340 |
| CVE-2023-36947 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36947 |
| CVE-2023-36952 | TOTOLINK CP300+ V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the pingIp parameter in the function setDiagnosisCfg. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36952 |
| CVE-2023-36950 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the http_host parameter in the function loginAuth. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36950 |
| CVE-2023-36953 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36953 |
| CVE-2023-36954 | TOTOLINK CP300+ V5.2cu.7594_B20200910 and before is vulnerable to command injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36954 |
| CVE-2023-36955 | TOTOLINK CP300+ <=V5.2cu.7594_B20200910 was discovered to contain a stack overflow via the File parameter in the function UploadCustomModule. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36955 |
| CVE-2023-44808 | D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the sub_4507CC function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44808 |
| CVE-2023-44809 | D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44809 |
| CVE-2023-45572 | Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the tgfile.htm function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45572 |
| CVE-2023-45573 | Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx parameter of the ddns.asp function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45573 |
| CVE-2023-45574 | Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the fn parameter of the file.data function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45574 |
| CVE-2023-45575 | Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip parameter of the ip_position.asp function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45575 |
| CVE-2023-21413 | GoSecure on behalf of Genetec Inc. has found a flaw that allows for a remote code execution during the installation of ACAP applications on the Axis device. The application handling service in AXIS OS was vulnerable to command injection allowing an attacker to run arbitrary code. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21413 |
| CVE-2023-21414 | NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. The protection for device tampering (commonly known as Secure Boot) contains a flaw which provides an opportunity for a sophisticated attack to bypass this protection. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21414 |
| CVE-2023-21415 | Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. \n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21415 |
| CVE-2023-45576 | Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the remove_ext_proto/remove_ext_port parameter of the upnp_ctrl.asp function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45576 |
| CVE-2023-45577 | An issue in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wanid parameter of the H5/speedlimit.data function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45577 |
| CVE-2023-45578 | Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the pap_en/chap_en parameter of the pppoe_base.asp function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45578 |
| CVE-2023-45579 | Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the ip/type parameter of the jingx.asp function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45579 |
| CVE-2023-45580 | Buffer Overflow vulnerability in DI-7003GV2.D1 v.23.08.25D1 and before, DI-7100G+V2.D1 v.23.08.23D1 and before, DI-7100GV2.D1 v.23.08.23D1, DI-7200G+V2.D1 v.23.08.23D1 and before, DI-7200GV2.E1 v.23.08.23E1 and before, DI-7300G+V2.D1 v.23.08.23D1, and DI-7400G+V2.D1 v.23.08.23D1 and before allows a remote attacker to execute arbitrary code via the wild/mx parameter of the ddns.asp function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45580 |
| CVE-2023-45158 | An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging (not the default configuration), a crafted web request may execute an arbitrary OS command on the web server using the product. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45158 |
| CVE-2023-38059 | The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. This can be used to retreive the IP of the user.This issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38059 |
| CVE-2023-3392 | The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3392 |
| CVE-2023-43666 | Insufficient Verification of Data Authenticity vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, \n\nGeneral user can view all user data like Admin account.\n\nUsers are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/8623 \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43666 |
| CVE-2023-43667 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, the attacker can create misleading or false records, making it harder to audit\nand trace malicious activities. Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/8628 \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43667 |
| CVE-2023-43668 | Authorization Bypass Through User-Controlled Key vulnerability in Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.8.0, \n\nsome sensitive params checks will be bypassed, like "autoDeserizalize","allowLoadLocalInfile"....\n\n. \n\nUsers are advised to upgrade to Apache InLong's 1.9.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/8604 \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43668 |
| CVE-2023-45273 | Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45273 |
| CVE-2023-45274 | Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45274 |
| CVE-2023-45605 | Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45605 |
| CVE-2023-45606 | Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45606 |
| CVE-2023-45629 | Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45629 |
| CVE-2023-45638 | Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45638 |
| CVE-2023-45650 | Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 Maps plugin <= 1.7.1.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45650 |
| CVE-2023-45651 | Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments plugin <= 5.0.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45651 |
| CVE-2023-45653 | Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45653 |
| CVE-2023-45654 | Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45654 |
| CVE-2023-45655 | Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45655 |
| CVE-2023-45656 | Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45656 |
| CVE-2023-45757 | Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page.\nAn attacker that can send http request to bRPC server with rpcz enabled can inject arbitrary XSS code to the builtin rpcz page.\n\nSolution (choose one of three):\n1. upgrade to bRPC > 1.6.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.6.1/ \n2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2411 \n3. disable rpcz feature | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45757 |
| CVE-2023-4620 | The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4620 |
| CVE-2023-4822 | Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.\n\nIt also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.\n\nThis means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user.\n\nThe vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4822 |
| CVE-2023-4827 | The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4827 |
| CVE-2023-5421 | An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs \nimmediatly after the data is saved.The issue onlyoccurs if the configuration for AdminCustomerUser::UseAutoComplete was changed before.\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5421 |
| CVE-2023-5422 | The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the \nSSL_get_verify_result() function is not used the certificated is trusted always and it can not be ensured that the certificate \nsatisfies all necessary security requirements.\n\nThis could allow an \nattacker to use an invalid certificate to claim to be a trusted host, \nuse expired certificates, or conduct other attacks that could be \ndetected if the certificate is properly validated.\n\nThis issue affects OTRS: from 7.0.X before 7.0.47, from 8.0.X before 8.0.37; ((OTRS)) Community Edition: from 6.0.X through 6.0.34.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5422 |
| CVE-2023-5595 | Denial of Service in GitHub repository gpac/gpac prior to 2.3.0-DEV. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5595 |
| CVE-2023-3991 | An OS command injection vulnerability exists in the httpd iperfrun.cgi functionality of FreshTomato 2023.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3991 |
| CVE-2023-45639 | Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45639 |
| CVE-2023-45641 | Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45641 |
| CVE-2023-45642 | Cross-Site Request Forgery (CSRF) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45642 |
| CVE-2023-45643 | Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45643 |
| CVE-2023-45645 | Cross-Site Request Forgery (CSRF) vulnerability in InfoD74 WP Open Street Map plugin <= 1.25 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45645 |
| CVE-2023-45647 | Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant Contact Forms by MailMunch plugin <= 2.0.10 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45647 |
| CVE-2023-4457 | Grafana is an open-source platform for monitoring and observability.\n\nThe Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability.\n\nThe plugin did not properly sanitize error messages, making it potentially expose the Google Sheet API-key that is configured for the data source.\n\nThis vulnerability was fixed in version 1.2.2.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4457 |
| CVE-2023-44229 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin <= 8.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44229 |
| CVE-2023-44984 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.6.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44984 |
| CVE-2023-44985 | Auth. (contributo+) Stored Cross-Site Scripting (XSS) vulnerability in Cytech BuddyMeet plugin <= 2.2.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44985 |
| CVE-2023-44986 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce plugin <= 5.15.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44986 |
| CVE-2023-45748 | Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45748 |
| CVE-2023-45749 | Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45749 |
| CVE-2023-45752 | Cross-Site Request Forgery (CSRF) vulnerability in 10 Quality Post Gallery plugin <= 2.3.12 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45752 |
| CVE-2023-45753 | Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45753 |
| CVE-2023-45763 | Cross-Site Request Forgery (CSRF) vulnerability in Taggbox plugin <= 2.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45763 |
| CVE-2023-45831 | Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45831 |
| CVE-2023-45836 | Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45836 |
| CVE-2023-44987 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Timely - Appointment software Timely Booking Button plugin <= 2.0.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44987 |
| CVE-2023-46066 | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Codedrafty Mediabay – Media Library Folders plugin <= 1.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46066 |
| CVE-2023-5575 | \n\nImproper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combination of permissions in the entry and in its parent.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5575 |
| CVE-2023-46087 | Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46087 |
| CVE-2023-20198 | Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.\r\n\r For steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory \r\n\r Cisco will provide updates on the status of this investigation and when a software patch is available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20198 |
| CVE-2023-45685 | Insufficient path validation when extracting a zip archive in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45685 |
| CVE-2023-45686 | Insufficient path validation when writing a file via WebDAV in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to write a file to any location on the filesystem via path traversal | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45686 |
| CVE-2023-45687 | A session fixation vulnerability in South River Technologies' Titan MFT and Titan SFTP servers on Linux and Windows allows an attacker to bypass the server's authentication if they can trick an administrator into authorizating a session id of their choosing | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45687 |
| CVE-2023-45688 | Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using path traversal in the ftp "SIZE" command | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45688 |
| CVE-2023-45689 | Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Windows and Linux allows an authenticated attacker with administrative privileges to read any file on the filesystem via path traversal | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45689 |
| CVE-2023-45690 | Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45690 |
| CVE-2023-45984 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45984 |
| CVE-2023-45985 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and TOTOLINK A7000R V9.1.0u.6115_B20201022 were discovered to contain a stack overflow in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45985 |
| CVE-2023-40180 | silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. An attacker could use a recursive graphql query to execute a Distributed Denial of Service attack (DDOS attack) against a website. This mostly affects websites with publicly exposed graphql schemas. If your Silverstripe CMS project does not expose a public facing graphql schema, a user account is required to trigger the DDOS attack. If your site is hosted behind a content delivery network (CDN), such as Imperva or CloudFlare, this may further mitigate the risk. This issue has been addressed in versions 3.8.2, 4.1.3, 4.2.5, 4.3.4, and 5.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40180 |
| CVE-2023-43120 | An issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7 and before 31.7.1 allows attackers to gain escalated privileges via crafted HTTP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43120 |
| CVE-2023-45148 | Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\\OC\\Memcache\\Redis` and install Redis instead of Memcached. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45148 |
| CVE-2023-45151 | Nextcloud server is an open source home cloud platform. Affected versions of Nextcloud stored OAuth2 tokens in plaintext which allows an attacker who has gained access to the server to potentially elevate their privilege. This issue has been addressed and users are recommended to upgrade their Nextcloud Server to version 25.0.8, 26.0.3 or 27.0.1. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45151 |
| CVE-2023-45660 | Nextcloud mail is an email app for the Nextcloud home server platform. In affected versions a missing check of origin, target and cookies allows for an attacker to abuse the proxy endpoint to denial of service a third server. It is recommended that the Nextcloud Mail is upgraded to 2.2.8 or 3.3.0. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45660 |
| CVE-2023-45669 | WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Affected versions are subject to improper signature counter value handling. A flaw was found in webauthn4j-spring-security-core. When an authneticator returns an incremented signature counter value during authentication, webauthn4j-spring-security-core does not properly persist the value, which means cloned authenticator detection does not work. An attacker who cloned valid authenticator in some way can use the cloned authenticator without being detected. This issue has been addressed in version `0.9.1.RELEASE`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45669 |
| CVE-2023-45683 | github.com/crewjam/saml is a saml library for the go language. In affected versions the package does not validate the ACS Location URI according to the SAML binding being parsed. If abused, this flaw allows attackers to register malicious Service Providers at the IdP and inject Javascript in the ACS endpoint definition, achieving Cross-Site-Scripting (XSS) in the IdP context during the redirection at the end of a SAML SSO Flow. Consequently, an attacker may perform any authenticated action as the victim once the victim’s browser loaded the SAML IdP initiated SSO link for the malicious service provider. Note: SP registration is commonly an unrestricted operation in IdPs, hence not requiring particular permissions or publicly accessible to ease the IdP interoperability. This issue is fixed in version 0.4.14. Users unable to upgrade may perform external validation of URLs provided in SAML metadata, or restrict the ability for end-users to upload arbitrary metadata. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45683 |
| CVE-2023-29484 | In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29484 |
| CVE-2023-3154 | The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3154 |
| CVE-2023-3155 | The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read and Delete due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to access arbitrary resources on the server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3155 |
| CVE-2023-3279 | The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3279 |
| CVE-2023-3706 | The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the title of arbitrary post (such as draft and private) via an IDOR vector | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3706 |
| CVE-2023-3707 | The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the content of arbitrary post (such as draft and private) via an IDOR vector. Password protected posts are not affected by this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3707 |
| CVE-2023-3746 | The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3746 |
| CVE-2023-43118 | Cross Site Request Forgery (CSRF) vulnerability in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, fixed in 31.7.2 and 32.5.1.5 allows attackers to run arbitrary code and cause other unspecified impacts via /jsonrpc API. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43118 |
| CVE-2023-43119 | An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43119 |
| CVE-2023-43121 | A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43121 |
| CVE-2023-45149 | Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45149 |
| CVE-2023-45150 | Nextcloud calendar is a calendar app for the Nextcloud server platform. Due to missing precondition checks the server was trying to validate strings of any length as email addresses even when megabytes of data were provided, eventually making the server busy and unresponsive. It is recommended that the Nextcloud Calendar app is upgraded to 4.4.4. The only workaround for users unable to upgrade is to disable the calendar app. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45150 |
| CVE-2023-4289 | The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4289 |
| CVE-2023-4290 | The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4290 |
| CVE-2023-4388 | The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4388 |
| CVE-2023-4643 | The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4643 |
| CVE-2023-4646 | The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4646 |
| CVE-2023-4666 | The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lead to RCE | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4666 |
| CVE-2023-4687 | The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4687 |
| CVE-2023-4691 | The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4691 |
| CVE-2023-4725 | The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4725 |
| CVE-2023-4776 | The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4776 |
| CVE-2023-4783 | The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4783 |
| CVE-2023-4795 | The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4795 |
| CVE-2023-4798 | The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduct Stored XSS attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4798 |
| CVE-2023-4800 | The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4800 |
| CVE-2023-4805 | The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4805 |
| CVE-2023-4811 | The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4811 |
| CVE-2023-4819 | The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with malicious scripts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4819 |
| CVE-2023-4820 | The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to inject arbitrary web scripts that could target a site admin or superadmin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4820 |
| CVE-2023-4821 | The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg files containing malicious scripts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4821 |
| CVE-2023-4861 | The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4861 |
| CVE-2023-4862 | The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4862 |
| CVE-2023-4933 | The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4933 |
| CVE-2023-4950 | The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4950 |
| CVE-2023-4971 | The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4971 |
| CVE-2023-5003 | The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log file is never removed, and remains accessible to any users knowing the URL to do so. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5003 |
| CVE-2023-5057 | The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5057 |
| CVE-2023-5087 | The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5087 |
| CVE-2023-5089 | The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5089 |
| CVE-2023-5133 | This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5133 |
| CVE-2023-5167 | The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5167 |
| CVE-2023-5177 | The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5177 |
| CVE-2023-5561 | The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5561 |
| CVE-2023-30987 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30987 |
| CVE-2023-38720 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38720 |
| CVE-2023-40851 | Cross Site Scripting (XSS) vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to run arbitrary code via fname, lname, email, and contact fields of the user registration page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40851 |
| CVE-2023-40852 | SQL Injection vulnerability in Phpgurukul User Registration & Login and User Management System With admin panel 3.0 allows attackers to obtain sensitive information via crafted string in the admin user name field on the admin log in page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40852 |
| CVE-2023-42459 | Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). In affected versions specific DATA submessages can be sent to a discovery locator which may trigger a free error. This can remotely crash any Fast-DDS process. The call to free() could potentially leave the pointer in the attackers control which could lead to a double free. This issue has been addressed in versions 2.12.0, 2.11.3, 2.10.3, and 2.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42459 |
| CVE-2023-45128 | Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to inject arbitrary values and forge malicious requests on behalf of a user. This vulnerability can allow an attacker to inject arbitrary values without any authentication, or perform various malicious actions on behalf of an authenticated user, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This issue has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes as defense in depth measures. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45128 |
| CVE-2023-45141 | Fiber is an express inspired web framework written in Go. A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the application, which allows an attacker to obtain tokens and forge malicious requests on behalf of a user. This can lead to unauthorized actions being taken on the user's behalf, potentially compromising the security and integrity of the application. The vulnerability is caused by improper validation and enforcement of CSRF tokens within the application. This vulnerability has been addressed in version 2.50.0 and users are advised to upgrade. Users should take additional security measures like captchas or Two-Factor Authentication (2FA) and set Session cookies with SameSite=Lax or SameSite=Secure, and the Secure and HttpOnly attributes. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45141 |
| CVE-2023-45144 | com.xwiki.identity-oauth:identity-oauth-ui is a package to aid in building identity and service providers based on OAuth authorizations. When a user logs in via the OAuth method, the identityOAuth parameters sent in the GET request is vulnerable to cross site scripting (XSS) and XWiki syntax injection. This allows remote code execution via the groovy macro and thus affects the confidentiality, integrity and availability of the whole XWiki installation. The issue has been fixed in Identity OAuth version 1.6. There are no known workarounds for this vulnerability and users are advised to upgrade. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45144 |
| CVE-2023-45147 | Discourse is an open source community platform. In affected versions any user can create a topic and add arbitrary custom fields to a topic. The severity of this vulnerability depends on what plugins are installed and how the plugins uses topic custom fields. For a default Discourse installation with the default plugins, this vulnerability has no impact. The problem has been patched in the latest version of Discourse. Users are advised to update to version 3.1.1 if they are on the stable branch or 3.2.0.beta2 if they are on the beta branch. Users unable to upgrade should disable any plugins that access topic custom fields. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45147 |
| CVE-2023-45542 | Cross Site Scripting vulnerability in mooSocial 3.1.8 allows a remote attacker to obtain sensitive information via a crafted script to the q parameter in the Search function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45542 |
| CVE-2023-38728 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38728 |
| CVE-2023-38740 | IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38740 |
| CVE-2023-43658 | dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Improper escaping of event titles could lead to Cross-site Scripting (XSS) within the 'email preview' UI when a site has CSP disabled. Having CSP disabled is a non-default configuration, so the vast majority of sites are unaffected. This problem is resolved in the latest version of the discourse-calendar plugin. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43658 |
| CVE-2023-43659 | Discourse is an open source platform for community discussion. Improper escaping of user input allowed for Cross-site Scripting attacks via the digest email preview UI. This issue only affects sites with CSP disabled. This issue has been patched in the 3.1.1 stable release as well as the 3.2.0.beta1 release. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43659 |
| CVE-2023-43814 | Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the `/polls/grouped_poll_results` endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where the results were intended to only be viewable by authorized users. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. There is no workaround for this issue apart from upgrading to the fixed version.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43814 |
| CVE-2023-44388 | Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running out of disk space. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. It is possible to temporarily work around this problem by reducing the `client_max_body_size nginx directive`. `client_max_body_size` will limit the size of uploads that can be uploaded directly to the server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44388 |
| CVE-2023-44391 | Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when `hide_user_profiles_from_public` is enabled. This problem has been patched in the 3.1.1 stable and 3.2.0.beta2 version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44391 |
| CVE-2023-44394 | MantisBT is an open source bug tracker. Due to insufficient access-level checks on the Wiki redirection page, any user can reveal private Projects' names, by accessing wiki.php with sequentially incremented IDs. This issue has been addressed in commit `65c44883f` which has been included in release `2.258`. Users are advised to upgrade. Users unable to upgrade should disable wiki integration ( `$g_wiki_enable = OFF;`). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44394 |
| CVE-2023-45131 | Discourse is an open source platform for community discussion. New chat messages can be read by making an unauthenticated POST request to MessageBus. This issue is patched in the 3.1.1 stable and 3.2.0.beta2 versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45131 |
| CVE-2023-45540 | An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45540 |
| CVE-2023-45807 | OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. There is an issue with the implementation of tenant permissions in OpenSearch Dashboards where authenticated users with read-only access to a tenant can perform create, edit and delete operations on index metadata of dashboards and visualizations in that tenant, potentially rendering them unavailable. This issue does not affect index data, only metadata. Dashboards correctly enforces read-only permissions when indexing and updating documents. This issue does not provide additional read access to data users don’t already have. This issue can be mitigated by disabling the tenants functionality for the cluster. Versions 1.3.14 and 2.11.0 contain a fix for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45807 |
| CVE-2023-30991 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30991 |
| CVE-2023-40374 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40374 |
| CVE-2011-10004 | A vulnerability was found in reciply Plugin up to 1.1.7 on WordPress. It has been rated as critical. This issue affects some unknown processing of the file uploadImage.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. Upgrading to version 1.1.8 is able to address this issue. The identifier of the patch is e3ff616dc08d3aadff9253f1085e13f677d0c676. It is recommended to upgrade the affected component. The identifier VDB-242189 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2011-10004 |
| CVE-2012-10016 | A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-10016 |
| CVE-2023-38719 | IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38719 |
| CVE-2023-40372 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40372 |
| CVE-2023-40373 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40373 |
| CVE-2023-45152 | Engelsystem is a shift planning system for chaos events. A Blind SSRF in the "Import schedule" functionality makes it possible to perform a port scan against the local environment. This vulnerability has been fixed in commit ee7d30b33. If a patch cannot be deployed, operators should ensure that no HTTP(s) services listen on localhost and/or systems only reachable from the host running the engelsystem software. If such services are necessary, they should utilize additional authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45152 |
| CVE-2023-45659 | Engelsystem is a shift planning system for chaos events. If a users' password is compromised and an attacker gained access to a users' account, i.e., logged in and obtained a session, an attackers' session is not terminated if the users' account password is reset. This vulnerability has been fixed in the commit `dbb089315ff3d`. Users are advised to update their installations. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45659 |
| CVE-2023-4215 | Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4215 |
| CVE-2022-22377 | IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221827. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22377 |
| CVE-2022-22384 | \nIBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22384 |
| CVE-2021-20581 | \nIBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 199324.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-20581 |
| CVE-2021-29913 | \nIBM Security Verify Privilege On-Premise 11.5 could allow an authenticated user to obtain sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 207898.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-29913 |
| CVE-2021-38859 | \nIBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-38859 |
| CVE-2022-22375 | \nIBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22375 |
| CVE-2022-22380 | \nIBM Security Verify Privilege On-Premises 11.5 could allow an attacker to spoof a trusted entity due to improperly validating certificates. IBM X-Force ID: 221957.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22380 |
| CVE-2022-22385 | \nIBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22385 |
| CVE-2022-22386 | \nIBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 221963.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22386 |
| CVE-2022-43889 | \nIBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information through an HTTP request that could aid an attacker in further attacks against the system. IBM X-Force ID: 240452.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43889 |
| CVE-2022-43893 | \nIBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43893 |
| CVE-2022-43891 | \nIBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43891 |
| CVE-2022-43892 | \nIBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43892 |
| CVE-2023-34207 | Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\\SYSTEM‘ privilege via a crafted ZIP archive. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34207 |
| CVE-2023-34208 | Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34208 |
| CVE-2023-34209 | Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34209 |
| CVE-2023-34210 | SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34210 |
| CVE-2023-45357 | Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 (6.14.0) is also a fixed release. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45357 |
| CVE-2023-45358 | Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45358 |
| CVE-2023-45375 | In the module "PireosPay" (pireospay) before version 1.7.10 from 01generator.com for PrestaShop, a guest can perform SQL injection via `PireosPayValidationModuleFrontController::postProcess().` | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45375 |
| CVE-2023-45386 | In the module extratabspro before version 2.2.8 from MyPresta.eu for PrestaShop, a guest can perform SQL injection via `extratabspro::searchcategory()`, `extratabspro::searchproduct()` and `extratabspro::searchmanufacturer().' | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45386 |
| CVE-2023-44693 | D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /importexport.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44693 |
| CVE-2023-44694 | D-Link Online behavior audit gateway DAR-7000 V31R02B1413C is vulnerable to SQL Injection via /log/mailrecvview.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44694 |
| CVE-2023-39456 | Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2.\n\nUsers are recommended to upgrade to version 9.2.3, which fixes the issue.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39456 |
| CVE-2023-41752 | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2.\n\nUsers are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41752 |
| CVE-2023-42497 | Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42497 |
| CVE-2023-4399 | Grafana is an open-source platform for monitoring and observability. \n\nIn Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts.\n\nHowever, the restriction can be bypassed used punycode encoding of the characters in the request address.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4399 |
| CVE-2023-24385 | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in David Lingren Media Library Assistant plugin <= 3.11 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24385 |
| CVE-2023-42629 | Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42629 |
| CVE-2023-44309 | Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44309 |
| CVE-2023-44310 | Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44310 |
| CVE-2023-44311 | Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44311 |
| CVE-2023-44990 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44990 |
| CVE-2023-45005 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Castos Seriously Simple Stats plugin <= 1.5.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45005 |
| CVE-2023-5339 | Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5339 |
| CVE-2023-5522 | Mattermost Mobile fails to limit the maximum number of Markdown elements in a post allowing an attacker to send a post with hundreds of emojis to a channel and freeze the mobile app of users when viewing that particular channel. \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5522 |
| CVE-2023-45003 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins Social Feed | Custom Feed for Social Media Networks plugin <= 2.2.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45003 |
| CVE-2023-45010 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex MacArthur Complete Open Graph plugin <= 3.4.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45010 |
| CVE-2023-39902 | A software vulnerability has been identified in the U-Boot Secondary Program Loader (SPL) before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree (FIT) format structure can be used to overwrite SPL memory, allowing unauthenticated software to execute on the target, leading to privilege escalation. This affects i.MX 8M, i.MX 8M Mini, i.MX 8M Nano, and i.MX 8M Plus. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39902 |
| CVE-2023-42628 | Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42628 |
| CVE-2023-45004 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wp3sixty Woo Custom Emails plugin <= 2.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45004 |
| CVE-2023-45006 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ByConsole WooODT Lite – WooCommerce Order Delivery or Pickup with Date Time Location plugin <= 2.4.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45006 |
| CVE-2023-45007 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fotomoto plugin <= 1.2.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45007 |
| CVE-2022-3761 | OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3761 |
| CVE-2023-42627 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42627 |
| CVE-2023-43776 | Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. It was observed that the device password was stored with a weak encoding algorithm in the easyE4 program file when exported to SD card (*.PRG file ending). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43776 |
| CVE-2023-43777 | Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. This software has a password protection functionality to secure the project file from unauthorized access. This password was being stored insecurely and could be retrieved by skilled adversaries. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43777 |
| CVE-2023-44824 | An issue in Expense Management System v.1.0 allows a local attacker to execute arbitrary code via a crafted file uploaded to the sign-up.php component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44824 |
| CVE-2023-20598 | \n\n\nAn improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20598 |
| CVE-2023-43959 | An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43959 |
| CVE-2023-45901 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\\/category\\/add. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45901 |
| CVE-2023-45902 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45902 |
| CVE-2023-45903 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45903 |
| CVE-2023-45904 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45904 |
| CVE-2023-45905 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45905 |
| CVE-2023-45906 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45906 |
| CVE-2023-45907 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45907 |
| CVE-2023-37537 | An unquoted service path vulnerability in HCL AppScan Presence, deployed as a Windows service in HCL AppScan on Cloud (ASoC), may allow a local attacker to gain elevated privileges. \n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37537 |
| CVE-2023-27132 | TSplus Remote Work 16.0.0.0 places a cleartext password on the "var pass" line of the HTML source code for the secure single sign-on web portal. NOTE: CVE-2023-31069 is only about the TSplus Remote Access product, not the TSplus Remote Work product. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27132 |
| CVE-2023-27133 | TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILES(X86)%\\TSplus-RemoteWork\\Clients\\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remote Access product, not the TSplus Remote Work product. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27133 |
| CVE-2023-45803 | urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body (like `POST`) to `GET` as is required by HTTP RFCs. Although this behavior is not specified in the section for redirects, it can be inferred by piecing together information from different sections and we have observed the behavior in other major HTTP client implementations like curl and web browsers. Because the vulnerability requires a previously trusted service to become compromised in order to have an impact on confidentiality we believe the exploitability of this vulnerability is low. Additionally, many users aren't putting sensitive data in HTTP request bodies, if this is the case then this vulnerability isn't exploitable. Both of the following conditions must be true to be affected by this vulnerability: 1. Using urllib3 and submitting sensitive information in the HTTP request body (such as form data or JSON) and 2. The origin service is compromised and starts redirecting using 301, 302, or 303 to a malicious peer or the redirected-to service becomes compromised. This issue has been addressed in versions 1.26.18 and 2.0.7 and users are advised to update to resolve this issue. Users unable to update should disable redirects for services that aren't expecting to respond with redirects with `redirects=False` and disable automatic redirects with `redirects=False` and handle 301, 302, and 303 redirects manually by stripping the HTTP request body.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45803 |
| CVE-2023-45951 | lylme_spage v1.7.0 was discovered to contain a SQL injection vulnerability via the $userip parameter at function.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45951 |
| CVE-2023-45952 | An arbitrary file upload vulnerability in the component ajax_link.php of lylme_spage v1.7.0 allows attackers to execute arbitrary code via uploading a crafted file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45952 |
| CVE-2023-4896 | A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4896 |
| CVE-2023-43794 | Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL queries to be executed. Since this is a blind SQL injection, an attacker may need to use time-based payloads which would include a function to delay execution for a given number of seconds. The response time indicates, whether the result of the query execution was true or false. Depending on the result, the HTTP response will be returned after a given number of seconds, indicating TRUE, or immediately, indicating FALSE. In that way, an attacker can reveal the data present in the database. This vulnerability has been addressed in version 0.111.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-141`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43794 |
| CVE-2023-41629 | A lack of input sanitizing in the file download feature of eSST Monitoring v2.147.1 allows attackers to execute a path traversal. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41629 |
| CVE-2023-41630 | eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the Gii code generator component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41630 |
| CVE-2023-41631 | eSST Monitoring v2.147.1 was discovered to contain a remote code execution (RCE) vulnerability via the file upload function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41631 |
| CVE-2023-36321 | Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 wwas discovered to contain a buffer overflow via the component /shared/dlt_common.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36321 |
| CVE-2023-39276 | \nSonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39276 |
| CVE-2023-39277 | \nSonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39277 |
| CVE-2023-39278 | SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39278 |
| CVE-2023-39279 | SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39279 |
| CVE-2023-39280 | SonicOS p\n\nost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39280 |
| CVE-2023-3042 | In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp https://demo.dotcms.com//html/portlet/ext/files/edit_text_inc.jsp , which should return a 404 response but didn't. \n\nThe oversight in the default invalid URL character list can be viewed at the provided GitHub link https://github.com/dotCMS/core/blob/master/dotCMS/src/main/java/com/dotcms/filters/NormalizationFilter.java#L37 . \n\nTo mitigate, users can block URLs with double slashes at firewalls or utilize dotCMS config variables.\n\nSpecifically, they can use the DOT_URI_NORMALIZATION_FORBIDDEN_STRINGS environmental variable to add // to the list of invalid strings. \n\nAdditionally, the DOT_URI_NORMALIZATION_FORBIDDEN_REGEX variable offers more detailed control, for instance, to block //html.* URLs.\n\nFix Version:23.06+, LTS 22.03.7+, LTS 23.01.4+\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3042 |
| CVE-2023-41711 | SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41711 |
| CVE-2023-41712 | SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41712 |
| CVE-2023-41713 | SonicOS Use of Hard-coded Password vulnerability in the 'dynHandleBuyToolbar' demo function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41713 |
| CVE-2023-41715 | SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41715 |
| CVE-2023-42506 | Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42506 |
| CVE-2023-42507 | Stack-based buffer overflow vulnerability exists in OnSinView2 versions 2.0.1 and earlier. If this vulnerability is exploited, information may be disclosed or arbitrary code may be executed by having a user open a specially crafted OnSinView2 project file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42507 |
| CVE-2023-45810 | OpenFGA is a flexible authorization/permission engine built for developers and inspired by Google Zanzibar. Affected versions of OpenFGA are vulnerable to a denial of service attack. When a number of `ListObjects` calls are executed, in some scenarios, those calls are not releasing resources even after a response has been sent, and given a sufficient call volume the service as a whole becomes unresponsive. This issue has been addressed in version 1.3.4 and the upgrade is considered backwards compatible. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45810 |
| CVE-2023-45811 | Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A `__proto__` pollution vulnerability exists in the `LiteralMap` transformer allowing crafted input to modify properties in the Object prototype. A fix has been released in `deobfuscator@2.4.4`. Users are advised to upgrade. Users unable to upgrade should launch node with the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45811 |