Published on 13 Dec 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2023-50245 | OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Versions prior to 0.6.1 have a memory overflow vulnerability. This issue is fixed in version 0.6.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-50245 |
CVE-2023-47254 | An OS Command Injection in the CLI interface on DrayTek Vigor167 version 5.2.2, allows remote attackers to execute arbitrary system commands and escalate privileges via any account created within the web interface. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-47254 |
CVE-2023-46932 | Heap Buffer Overflow vulnerability in GPAC version 2.3-DEV-rev617-g671976fcc-master, allows attackers to execute arbitrary code and cause a denial of service (DoS) via str2ulong class in src/media_tools/avilib.c in gpac/MP4Box. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46932 |
CVE-2023-46498 | An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46498 |
CVE-2023-6619 | A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6619 |
CVE-2023-6617 | A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6617 |
CVE-2023-6612 | A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6612 |
CVE-2023-49443 | DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49443 |
CVE-2023-49007 | In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49007 |
CVE-2023-48929 | Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive information. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48929 |
CVE-2023-5008 | Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5008 |
CVE-2023-6581 | A vulnerability has been found in D-Link DAR-7000 up to 20231126 and classified as critical. This vulnerability affects unknown code of the file /user/inc/workidajax.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6581 |
CVE-2023-6579 | A vulnerability, which was classified as critical, has been found in osCommerce 4. Affected by this issue is some unknown functionality of the file /b2b-supermarket/shopping-cart of the component POST Parameter Handler. The manipulation of the argument estimate[country_id] leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-247160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6579 |
CVE-2023-49411 | Tenda W30E V16.01.0.12(4843) contains a stack overflow vulnerability via the function formDeleteMeshNode. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49411 |
CVE-2023-49409 | Tenda AX3 V16.03.12.11 was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49409 |
CVE-2023-49408 | Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the function set_device_name. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49408 |
CVE-2023-49406 | Tenda W30E V16.01.0.12(4843) was discovered to contain a Command Execution vulnerability via the function /goform/telnet. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49406 |
CVE-2023-49405 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function UploadCfg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49405 |
CVE-2023-49404 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formAdvancedSetListSet. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49404 |
CVE-2023-40301 | NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40301 |
CVE-2023-40300 | NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40300 |
CVE-2023-39909 | Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39909 |
CVE-2023-50002 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formRebootMeshNode. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-50002 |
CVE-2023-50001 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formUpgradeMeshOnline. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-50001 |
CVE-2023-50000 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function formResetMeshNode. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-50000 |
CVE-2023-49999 | Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setUmountUSBPartition. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49999 |
CVE-2023-49410 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function via the function set_wan_status. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49410 |
CVE-2023-49403 | Tenda W30E V16.01.0.12(4843) was discovered to contain a command injection vulnerability via the function setFixTools. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49403 |
CVE-2023-49402 | Tenda W30E V16.01.0.12(4843) was discovered to contain a stack overflow via the function localMsg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49402 |
CVE-2023-49436 | Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49436 |
CVE-2023-49435 | Tenda AX9 V22.03.01.46 is vulnerable to command injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49435 |
CVE-2023-49434 | Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetNetControlList. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49434 |
CVE-2023-49433 | Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetVirtualServerCfg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49433 |
CVE-2023-49432 | Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'deviceList' parameter at /goform/setMacFilterCfg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49432 |
CVE-2023-49431 | Tenda AX9 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49431 |
CVE-2023-49430 | Tenda AX9 V22.03.01.46 has been found to contain a stack overflow vulnerability in the 'list' parameter at /goform/SetStaticRouteCfg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49430 |
CVE-2023-49429 | Tenda AX9 V22.03.01.46 was discovered to contain a SQL command injection vulnerability in the 'setDeviceInfo' feature through the 'mac' parameter at /goform/setModules. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49429 |
CVE-2023-49437 | Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'list' parameter at /goform/SetNetControlList. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49437 |
CVE-2023-49428 | Tenda AX12 V22.03.01.46 has been discovered to contain a command injection vulnerability in the 'mac' parameter at /goform/SetOnlineDevName. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49428 |
CVE-2023-49426 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetStaticRouteCfg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49426 |
CVE-2023-49425 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg . | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49425 |
CVE-2023-39169 | The affected devices use publicly available default credentials with administrative privileges. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39169 |
CVE-2023-49424 | Tenda AX12 V22.03.01.46 was discovered to contain a stack overflow via the list parameter at /goform/SetVirtualServerCfg. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49424 |
CVE-2023-35039 | Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.This issue affects Password Reset with Code for WordPress REST API: from n/a through 0.0.15. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35039 |
CVE-2023-50164 | An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or greater to fix this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-50164 |
CVE-2023-48860 | TOTOLINK N300RT version 3.2.4-B20180730.0906 has a post-authentication RCE due to incorrect access control, allows attackers can bypass front-end security restrictions and execute arbitrary code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48860 |
CVE-2023-48823 | A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48823 |
CVE-2023-41913 | strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41913 |
CVE-2023-46353 | In the module "Product Tag Icons Pro" (ticons) before 1.8.4 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The method TiconProduct::getTiconByProductAndTicon() has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46353 |
CVE-2023-36655 | The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36655 |
CVE-2023-6458 | Mattermost webapp fails to validate route parameters in/<TEAM_NAME>/channels/<CHANNEL_NAME> allowing an attacker to perform a client-side path traversal. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6458 |
CVE-2023-46773 | Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46773 |
CVE-2023-48849 | Ruijie EG Series Routers version EG_3.0(1)B11P216 and before allows unauthenticated attackers to remotely execute arbitrary code due to incorrect filtering. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48849 |
CVE-2023-22524 | Certain versions of the Atlassian Companion App for MacOS were affected by a remote code execution vulnerability. An attacker could utilize WebSockets to bypass Atlassian Companion’s blocklist and MacOS Gatekeeper to allow execution of code. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22524 |
CVE-2023-41268 | Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41268 |
CVE-2023-48930 | xinhu xinhuoa 2.2.1 contains a File upload vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48930 |
CVE-2023-36019 | Microsoft Power Platform Connector Spoofing Vulnerability | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-36019 |
CVE-2023-35618 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-35618 |
CVE-2023-50424 | SAP BTP Security Services Integration Library ([Golang] github.com/sap/cloud-security-client-go) - versions < 0.17.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-50424 |
CVE-2023-50423 | SAP BTP Security Services Integration Library ([Python] sap-xssec) - versions < 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-50423 |
CVE-2023-50422 | SAP BTP Security Services Integration Library ([Java] cloud-security-services-integration-library) - versions below 2.17.0 and versions from 3.0.0 to before 3.3.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-50422 |
CVE-2023-49583 | SAP BTP Security Services Integration Library ([Node.js] @sap/xssec - versions < 3.6.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-49583 |
CVE-2023-6394 | A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-6394 |
CVE-2023-40302 | NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40302 |
CVE-2023-39172 | The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39172 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2023-48225 | Laf is a cloud development platform. Prior to version 1.0.0-beta.13, the control of LAF app enV is not strict enough, and in certain scenarios of privatization environment, it may lead to sensitive information leakage in secret and configmap. In ES6 syntax, if an obj directly references another obj, the name of the obj itself will be used as the key, and the entire object structure will be integrated intact. When constructing the deployment instance of the app, env was found from the database and directly inserted into the template, resulting in controllability here. Sensitive information in the secret and configmap can be read through the k8s envFrom field. In a privatization environment, when `namespaceConf. fixed` is marked, it may lead to the leakage of sensitive information in the system. As of time of publication, it is unclear whether any patches or workarounds exist. | 8.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-48225 |
CVE-2023-36006 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36006 |
CVE-2023-35641 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35641 |
CVE-2023-35639 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35639 |
CVE-2023-35630 | Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35630 |
CVE-2023-41119 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the function _dbms_aq_move_to_exception_queue that may be used to elevate a user's privileges to superuser. This function accepts the OID of a table, and then accesses that table as the superuser by using SELECT and DML commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41119 |
CVE-2023-41117 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41117 |
CVE-2023-5500 | This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5500 |
CVE-2023-5869 | A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5869 |
CVE-2023-5756 | The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5756 |
CVE-2023-6618 | A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6618 |
CVE-2023-46157 | File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-46157 |
CVE-2023-32460 | Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32460 |
CVE-2023-4122 | Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4122 |
CVE-2023-6580 | A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. This affects an unknown part of the file /HNAP1/ of the component QoS POST Handler. The manipulation of the argument smartqos_express_devices/smartqos_normal_devices leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6580 |
CVE-2023-6576 | A vulnerability was found in Beijing Baichuo S210 up to 20231123. It has been declared as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php of the component HTTP POST Request Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247156. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6576 |
CVE-2023-49468 | Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49468 |
CVE-2023-49467 | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49467 |
CVE-2023-49465 | Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49465 |
CVE-2023-49464 | libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49464 |
CVE-2023-49463 | libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49463 |
CVE-2023-49462 | libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49462 |
CVE-2023-49460 | libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49460 |
CVE-2023-48841 | Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48841 |
CVE-2023-48835 | Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48835 |
CVE-2023-48830 | Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48830 |
CVE-2023-48826 | Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48826 |
CVE-2023-48207 | Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48207 |
CVE-2023-49096 | Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the `/Videos/<itemId>/stream` and `/Videos/<itemId>/stream.<container>` endpoints which are present in the current Jellyfin version. Additional endpoints in the AudioController might also be vulnerable, as they differ only slightly in execution. Those endpoints are reachable by an unauthenticated user. In order to exploit this vulnerability an unauthenticated attacker has to guess an itemId, which is a completely random GUID. It’s a very unlikely case even for a large media database with lots of items. Without an additional information leak, this vulnerability shouldn’t be directly exploitable, even if the instance is reachable from the Internet. There are a lot of query parameters that get accepted by the method. At least two of those, videoCodec and audioCodec are vulnerable to the argument injection. The values can be traced through a lot of code and might be changed in the process. However, the fallback is to always use them as-is, which means we can inject our own arguments. Those arguments land in the command line of FFmpeg. Because UseShellExecute is always set to false, we can’t simply terminate the FFmpeg command and execute our own. It should only be possible to add additional arguments to FFmpeg, which is powerful enough as it stands. There is probably a way of overwriting an arbitrary file with malicious content. This vulnerability has been addressed in version 10.8.13. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49096 |
CVE-2023-48123 | An issue in Netgate pfSense Plus v.23.05.1 and before and pfSense CE v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the packet_capture.php file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48123 |
CVE-2023-48859 | TOTOLINK A3002RU version 2.0.0-B20190902.1958 has a post-authentication RCE due to incorrect access control, allows attackers to bypass front-end security restrictions and execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48859 |
CVE-2023-6514 | The Bluetooth module of some Huawei Smart Screen products has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions. Successful exploitation of this vulnerability may allow attackers to access restricted functions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6514 |
CVE-2023-49897 | An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49897 |
CVE-2023-22523 | This vulnerability, if exploited, allows an attacker to perform privileged RCE (Remote Code Execution) on machines with the Assets Discovery agent installed. The vulnerability exists between the Assets Discovery application (formerly known as Insight Discovery) and the Assets Discovery agent. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22523 |
CVE-2023-22522 | This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22522 |
CVE-2023-6510 | Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6510 |
CVE-2023-6509 | Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6509 |
CVE-2023-6508 | Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6508 |
CVE-2023-49803 | @koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Prior to version 5.0.0, the middleware operates in a way that if an allowed origin is not provided, it will return an `Access-Control-Allow-Origin` header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy (SOP), this could cause a very serious security threat to the users of this middleware. If such behavior is expected, for instance, when middleware is used exclusively for prototypes and not for production applications, it should be heavily emphasized in the documentation along with an indication of the risks associated with such behavior, as many users may not be aware of it. Version 5.0.0 fixes this vulnerability. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-49803 |
CVE-2023-3517 | Hitachi Vantara Pentaho Data Integration & Analytics versions before 9.5.0.1 and 9.3.0.5, including 8.3.x does not restrict JNDI identifiers during the creation of XActions, allowing control of system level data sources. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3517 |
CVE-2023-50252 | php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling `<use>` tag that references an `<image>` tag, it merges the attributes from the `<use>` tag to the `<image>` tag. The problem pops up especially when the `href` attribute from the `<use>` tag has not been sanitized. This can lead to an unsafe file read that can cause PHAR Deserialization vulnerability in PHP prior to version 8. Version 0.5.1 contains a patch for this issue. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-50252 |
CVE-2023-6186 | Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6186 |
CVE-2023-6185 | Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6185 |
CVE-2023-46496 | Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-46496 |
CVE-2023-26158 | All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or modifying attributes of an object prototype, it is possible to create attributes that exist on every object, or replace critical attributes with malicious ones. This can be problematic if the software depends on existence or non-existence of certain attributes, or uses pre-defined attributes of object prototype (such as hasOwnProperty, toString or valueOf).\r\rUser controlled inputs inside the extend() method of the Mock.Handler, Mock.Random, Mock.RE.Handler or Mock.Util, will allow an attacker to exploit this vulnerability.\r\r Workaround\r\rBy using a denylist of dangerous attributes, this weakness can be eliminated.\r\rAdd the following line in the Util.extend function:\r\rjs\rjs if (["__proto__", "constructor", "prototype"].includes(name)) continue\r\r\rjs\r// src/mock/handler.js\rUtil.extend = function extend() {\r var target = arguments[0] || {},\r i = 1,\r length = arguments.length,\r options, name, src, copy, clone\r\r if (length === 1) {\r target = this\r i = 0\r }\r\r for (; i < length; i++) {\r options = arguments[i]\r if (!options) continue\r\r for (name in options) {\r if (["__proto__", "constructor", "prototype"].includes(name)) continue\r src = target[name]\r copy = options[name]\r\r if (target === copy) continue\r if (copy === undefined) continue\r\r if (Util.isArray(copy) || Util.isObject(copy)) {\r if (Util.isArray(copy)) clone = src && Util.isArray(src) ? src : []\r if (Util.isObject(copy)) clone = src && Util.isObject(src) ? src : {}\r\r target[name] = Util.extend(clone, copy)\r } else {\r target[name] = copy\r }\r }\r }\r\r return target\r }\r | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-26158 |
CVE-2023-43305 | An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-43305 |
CVE-2023-35628 | Windows MSHTML Platform Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-35628 |
CVE-2023-48427 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-48427 |
CVE-2023-42481 | In SAP Commerce Cloud - versions HY_COM 1905, HY_COM 2005, HY_COM2105, HY_COM 2011, HY_COM 2205, COM_CLOUD 2211, a locked B2B user can misuse the forgotten password functionality to un-block his user account again and re-gain access if SAP Commerce Cloud - Composable Storefront is used as storefront, due to weak access controls in place. This leads to a considerable impact on confidentiality and integrity. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42481 |
CVE-2023-28868 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to delete arbitrary files on the operating system by creating a symbolic link. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28868 |
CVE-2021-27795 | Brocade Fabric OS (FOS) hardware platforms running any version of Brocade Fabric OS software, which supports the license string format; contain cryptographic issues that could allow for the installation of forged or fraudulent license keys. This would allow attackers or a malicious party to forge a counterfeit license key that the Brocade Fabric OS platform would authenticate and activate as if it were a legitimate license key. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-27795 |
CVE-2023-35634 | Windows Bluetooth Driver Remote Code Execution Vulnerability | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35634 |
CVE-2023-48311 | dockerspawner is a tool to spawn JupyterHub single user servers in Docker containers. Users of JupyterHub deployments running DockerSpawner starting with 0.11.0 without specifying `DockerSpawner.allowed_images` configuration allow users to launch _any_ pullable docker image, instead of restricting to only the single configured image, as intended. This issue has been addressed in commit `3ba4b665b` which has been included in dockerspawner release version 13. Users are advised to upgrade. Users unable to upgrade should explicitly set `DockerSpawner.allowed_images` to a non-empty list containing only the default image will result in the intended default behavior. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48311 |
CVE-2023-47565 | An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-47565 |
CVE-2023-36696 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36696 |
CVE-2023-36391 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36391 |
CVE-2023-36011 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36011 |
CVE-2023-35644 | Windows Sysmain Service Elevation of Privilege | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35644 |
CVE-2023-35633 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35633 |
CVE-2023-35632 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35632 |
CVE-2023-35631 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35631 |
CVE-2023-21740 | Windows Media Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21740 |
CVE-2021-46899 | SyncTrayzor 1.1.29 enables CEF (Chromium Embedded Framework) remote debugging, allowing a local attacker to control the application. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46899 |
CVE-2023-28523 | IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28523 |
CVE-2023-48409 | In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48409 |
CVE-2023-48407 | there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48407 |
CVE-2023-48402 | In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48402 |
CVE-2023-6061 | Multiple components of Iconics SCADA Suite are prone to a Phantom DLL loading vulnerability. This issue arises from the applications improperly searching for and loading dynamic link libraries, potentially allowing an attacker to execute malicious code via a DLL with a matching name in an accessible search path. The affected components are: * MMXFax.exe * winfax.dll * MelSim2ComProc.exe * Sim2ComProc.dll * MMXCall_in.exe * libdxxmt.dll * libsrlmt.dll | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6061 |
CVE-2023-5058 | Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5058 |
CVE-2023-48861 | DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48861 |
CVE-2023-39539 | AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39539 |
CVE-2023-39538 | AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39538 |
CVE-2023-6288 | Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIB_INSERT_LIBRARIES environment variable. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6288 |
CVE-2023-49089 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10.8.1, and 12.3.0 contain a patch for this issue. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-49089 |
CVE-2023-36020 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-36020 |
CVE-2022-42784 | A vulnerability has been identified in LOGO! 12/24RCE (All versions >= V8.3), LOGO! 12/24RCEo (All versions >= V8.3), LOGO! 230RCE (All versions >= V8.3), LOGO! 230RCEo (All versions >= V8.3), LOGO! 24CE (All versions >= V8.3), LOGO! 24CEo (All versions >= V8.3), LOGO! 24RCE (All versions >= V8.3), LOGO! 24RCEo (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (All versions >= V8.3), SIPLUS LOGO! 230RCE (All versions >= V8.3), SIPLUS LOGO! 230RCEo (All versions >= V8.3), SIPLUS LOGO! 24CE (All versions >= V8.3), SIPLUS LOGO! 24CEo (All versions >= V8.3), SIPLUS LOGO! 24RCE (All versions >= V8.3), SIPLUS LOGO! 24RCEo (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-42784 |
CVE-2023-6538 | SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Authenticated users in Storage, Server or combined Server+Storage administrative roles are able to access SMU configuration backup, that would normally be barred to those specific administrative roles. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-6538 |
CVE-2023-5379 | A flaw was found in Undertow. When an AJP request is sent that exceeds the max-header-size attribute in ajp-listener, JBoss EAP is marked in an error state by mod_cluster in httpd, causing JBoss EAP to close the TCP connection without returning an AJP response. This happens because mod_proxy_cluster marks the JBoss EAP instance as an error worker when the TCP connection is closed from the backend after sending the AJP request without receiving an AJP response, and stops forwarding. This issue could allow a malicious user could to repeatedly send requests that exceed the max-header-size, causing a Denial of Service (DoS). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5379 |
CVE-2023-36010 | Microsoft Defender Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36010 |
CVE-2023-36005 | Windows Telephony Server Elevation of Privilege Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36005 |
CVE-2023-36004 | Windows DPAPI (Data Protection Application Programming Interface) Spoofing Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36004 |
CVE-2023-35643 | DHCP Server Service Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35643 |
CVE-2023-35638 | DHCP Server Service Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35638 |
CVE-2023-35622 | Windows DNS Spoofing Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35622 |
CVE-2023-35621 | Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35621 |
CVE-2023-46285 | A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46285 |
CVE-2023-46284 | A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46284 |
CVE-2023-46283 | A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46283 |
CVE-2023-46156 | Affected devices improperly handle specially crafted packets sent to port 102/tcp.\r This could allow an attacker to create a denial of service condition. A restart is needed to restore\r normal operations. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46156 |
CVE-2023-38380 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1543-1 (All versions), SINAMICS S210 (6SL5...) (All versions >= V6.1 < V6.1 HF2), SIPLUS NET CP 1543-1 (All versions). The webserver implementation of the affected products does not correctly release allocated memory after it has been used.\r \r An attacker with network access could use this vulnerability to cause a denial-of-service condition in the webserver of the affected product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38380 |
CVE-2022-47375 | A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle long file names correctly.\r \r This could allow an attacker to create a buffer overflow and create a denial of service condition for the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47375 |
CVE-2022-47374 | A vulnerability has been identified in SIMATIC PC-Station Plus (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions < V5.2 SP3 HF15), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions). The affected products do not handle HTTP(S) requests to the web server correctly.\r \r This could allow an attacker to exhaust system resources and create a denial of service condition for the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47374 |
CVE-2023-48641 | Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. An authenticated malicious user in a multi-instance installation could potentially exploit this vulnerability by manipulating application resource references in user requests to bypass authorization checks, in order to gain execute access to AWF application resources. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48641 |
CVE-2023-42478 | SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to upload agnostic documents in the system which when opened by any other user could lead to high impact on integrity of the application. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42478 |
CVE-2023-49800 | `nuxt-api-party` is an open source module to proxy API requests. The library allows the user to send many options directly to `ofetch`. There is no filter on which options are available. We can abuse the retry logic to cause the server to crash from a stack overflow. fetchOptions are obtained directly from the request body. A malicious user can construct a URL known to not fetch successfully, then set the retry attempts to a high value, this will cause a stack overflow as ofetch error handling works recursively resulting in a denial of service. This issue has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should limit ofetch options. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49800 |
CVE-2023-49799 | `nuxt-api-party` is an open source module to proxy API requests. nuxt-api-party attempts to check if the user has passed an absolute URL to prevent the aforementioned attack. This has been recently changed to use the regular expression `^https?://`, however this regular expression can be bypassed by an absolute URL with leading whitespace. For example `\ https://whatever.com` which has a leading newline. According to the fetch specification, before a fetch is made the URL is normalized. "To normalize a byte sequence potentialValue, remove any leading and trailing HTTP whitespace bytes from potentialValue.". This means the final request will be normalized to `https://whatever.com` bypassing the check and nuxt-api-party will send a request outside of the whitelist. This could allow us to leak credentials or perform Server-Side Request Forgery (SSRF). This vulnerability has been addressed in version 0.22.1. Users are advised to upgrade. Users unable to upgrade should revert to the previous method of detecting absolute URLs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49799 |
CVE-2023-6337 | HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests from a client. Vault will attempt to map the request to memory, resulting in the exhaustion of available memory on the host, which may cause Vault to crash. Fixed in Vault 1.15.4, 1.14.8, 1.13.12. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6337 |
CVE-2023-48410 | In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48410 |
CVE-2023-48403 | In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48403 |
CVE-2023-6245 | The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. For example, if the payload is `record { * ; empty }` and the canister interface expects `record { * }` then the Rust candid decoder treats empty as an extra field required by the type. The problem with the type empty is that the candid Rust library wrongly categorizes empty as a recoverable error when skipping the field and thus causing an infinite decoding loop. Canisters using affected versions of candid are exposed to denial of service by causing the decoding to run indefinitely until the canister traps due to reaching maximum instruction limit per execution round. Repeated exposure to the payload will result in degraded performance of the canister. Note: Canisters written in Motoko are unaffected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6245 |
CVE-2023-6607 | A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/wiki/cp/manage/delete.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247243. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6607 |
CVE-2023-48122 | An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48122 |
CVE-2023-4486 | Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to version 12.0.4 and Facility Explorer F4-SNC engines prior to versions 11.0.6 and 12.0.4 to cause denial-of-service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4486 |
CVE-2023-33411 | A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to 3.17.02, allows remote unauthenticated users to perform directory traversal, potentially disclosing sensitive information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-33411 |
CVE-2023-49967 | Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49967 |
CVE-2023-39167 | In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39167 |
CVE-2023-48840 | A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48840 |
CVE-2023-48834 | A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48834 |
CVE-2023-48833 | A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48833 |
CVE-2023-48831 | A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48831 |
CVE-2023-46307 | An issue was discovered in server.js in etcd-browser 87ae63d75260. By supplying a /../../../ Directory Traversal input to the URL's GET request while connecting to the remote server port specified during setup, an attacker can retrieve local operating system files from the remote system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46307 |
CVE-2023-41106 | An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41106 |
CVE-2023-5761 | The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to 1.5.0 (pro) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5761 |
CVE-2023-46354 | In the module "Orders (CSV, Excel) Export PRO" (ordersexport) < 5.2.0 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer/ps_address tables such as name / surname / email / phone number / full postal address. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46354 |
CVE-2023-46751 | An issue was discovered in the function gdev_prn_open_printer_seekable() in Artifex Ghostscript through 10.02.0 allows remote attackers to crash the application via a dangling pointer. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46751 |
CVE-2023-45285 | Using go get to fetch a module with the ".git" suffix may unexpectedly fallback to the insecure "git://" protocol if the module is unavailable via the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not set for said module. This only affects users who are not using the module proxy and are fetching modules directly (i.e. GOPROXY=off). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45285 |
CVE-2023-49247 | Permission verification vulnerability in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49247 |
CVE-2023-49246 | Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49246 |
CVE-2023-49245 | Unauthorized access vulnerability in the Huawei Share module. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49245 |
CVE-2023-49244 | Permission management vulnerability in the multi-user module. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49244 |
CVE-2023-49243 | Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49243 |
CVE-2023-49242 | Free broadcast vulnerability in the running management module. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49242 |
CVE-2023-49241 | API permission control vulnerability in the network management module. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49241 |
CVE-2023-49240 | Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49240 |
CVE-2023-49239 | Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49239 |
CVE-2023-44113 | Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module. Successful exploitation of this vulnerability may affect service confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44113 |
CVE-2023-44099 | Vulnerability of data verification errors in the kernel module. Successful exploitation of this vulnerability may cause WLAN interruption. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44099 |
CVE-2023-35624 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-35624 |
CVE-2023-45316 | Mattermost fails to validate if a relative path is passed in /plugins/playbooks/api/v0/telemetry/run/<telem_run_id> as a telemetry run ID, allowing an attacker to use a path traversal payload that points to a different endpoint leading to a CSRF attack. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45316 |
CVE-2023-49580 | SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-49580 |
CVE-2023-6655 | A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /w_selfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument parentid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247358 is the identifier assigned to this vulnerability. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6655 |
CVE-2023-6652 | A vulnerability was found in code-projects Matrimonial Site 1.0. It has been declared as critical. Affected by this vulnerability is the function register of the file /register.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247345 was assigned to this vulnerability. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6652 |
CVE-2023-6651 | A vulnerability was found in code-projects Matrimonial Site 1.0. It has been classified as critical. Affected is an unknown function of the file /auth/auth.php?user=1. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247344. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6651 |
CVE-2023-6648 | A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file password-recovery.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247341 was assigned to this vulnerability. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6648 |
CVE-2023-6647 | A vulnerability, which was classified as critical, has been found in AMTT HiBOS 1.0. Affected by this issue is some unknown functionality. The manipulation of the argument Type leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247340. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6647 |
CVE-2023-6578 | A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6578 |
CVE-2023-49692 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2.2), SCALANCE M804PB (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2.2), SCALANCE M874-2 (All versions < V7.2.2), SCALANCE M874-3 (All versions < V7.2.2), SCALANCE M876-3 (EVDO) (All versions < V7.2.2), SCALANCE M876-3 (ROK) (All versions < V7.2.2), SCALANCE M876-4 (All versions < V7.2.2), SCALANCE M876-4 (EU) (All versions < V7.2.2), SCALANCE M876-4 (NAM) (All versions < V7.2.2), SCALANCE MUM853-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (EU) (All versions < V7.2.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2.2), SCALANCE S615 (All versions < V7.2.2), SCALANCE S615 EEC (All versions < V7.2.2). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the parsing of the IPSEC configuration. This could allow malicious local administrators to issue commands on system level after a new connection is established. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-49692 |
CVE-2023-49691 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V8.0), SCALANCE M804PB (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V8.0), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V8.0), SCALANCE M826-2 SHDSL-Router (All versions < V8.0), SCALANCE M874-2 (All versions < V8.0), SCALANCE M874-3 (All versions < V8.0), SCALANCE M876-3 (EVDO) (All versions < V8.0), SCALANCE M876-3 (ROK) (All versions < V8.0), SCALANCE M876-4 (All versions < V8.0), SCALANCE M876-4 (EU) (All versions < V8.0), SCALANCE M876-4 (NAM) (All versions < V8.0), SCALANCE MUM853-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (EU) (All versions < V8.0), SCALANCE MUM856-1 (RoW) (All versions < V8.0), SCALANCE S615 (All versions < V8.0), SCALANCE S615 EEC (All versions < V8.0). An Improper Neutralization of Special Elements used in an OS Command with root privileges vulnerability exists in the handling of the DDNS configuration. This could allow malicious local administrators to issue commands on system level after a successful IP address update. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-49691 |
CVE-2023-48428 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-48428 |
CVE-2023-49788 | Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server (richdocumentscode) is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attack via modified client->server commands to overwrite files outside the sub directory the server has provided for the transient session. Files which can be accessed are limited to those that the server process has access to. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.602. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-49788 |
CVE-2023-39171 | SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39171 |
CVE-2023-32268 | Exposure of Proxy Administrator Credentials An authenticated administrator equivalent Filr user can access the credentials of proxy administrators. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-32268 |
CVE-2023-46282 | A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46282 |
CVE-2023-46281 | A vulnerability has been identified in Opcenter Quality (All versions), SIMATIC PCS neo (All versions < V4.1), SINUMERIK Integrate RunMyHMI /Automotive (All versions), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46281 |
CVE-2023-6542 | Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. On successful attack, an attacker could navigate to arbitrary URL including application deep links on the device. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-6542 |
CVE-2023-49782 | Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with `Collabora Online - Built-in CODE Server` app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server (richdocumentscode) release 23.5.601. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-49782 |
CVE-2023-6610 | An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-6610 |
CVE-2023-6606 | An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-6606 |
CVE-2023-2861 | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2861 |
CVE-2023-6687 | An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6687 |
CVE-2023-49922 | An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent attempted to ingest, this could lead to the insertion of sensitive or private information in the Beats or Elastic Agent logs. Elastic has released 8.11.3 and 7.17.16 that prevents this issue by limiting these types of logs to DEBUG level logging, which is disabled by default. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49922 |
CVE-2023-49923 | An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by changing the log level at which these are logged to DEBUG, which is disabled by default. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-49923 |
CVE-2023-35629 | Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35629 |
CVE-2023-48431 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427). | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-48431 |
CVE-2023-42476 | SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each time the vulnerable page is visited. Successful exploitation can lead to exposure of the data that the user has access to. In the worst case, attacker could access data from reporting databases. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42476 |
CVE-2023-36003 | XAML Diagnostics Elevation of Privilege Vulnerability | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36003 |
CVE-2023-49804 | Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, when a user changes their login password in Uptime Kuma, a previously logged-in user retains access without being logged out. This behavior persists consistently, even after system restarts or browser restarts. This vulnerability allows unauthorized access to user accounts, compromising the security of sensitive information. The same vulnerability was partially fixed in CVE-2023-44400, but logging existing users out of their accounts was forgotten. To mitigate the risks associated with this vulnerability, the maintainers made the server emit a `refresh` event (clients handle this by reloading) and then disconnecting all clients except the one initiating the password change. It is recommended to update Uptime Kuma to version 1.23.9. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-49804 |
CVE-2023-49802 | The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Prior to version 2.0.1, cross-site scripting in the MantisBT LinkedCustomFields plugin allows Javascript execution, when a crafted Custom Field is linked via the plugin and displayed when reporting a new Issue or editing an existing one. This issue is fixed in version 2.0.1. As a workaround, one may utilize MantisBT's default Content Security Policy, which blocks script execution. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-49802 |
CVE-2023-5764 | A template injection flaw was found in Ansible where a user's controller internal templating operations may remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to introduce code injection when supplying templating data. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-5764 |
CVE-2023-35642 | Internet Connection Sharing (ICS) Denial of Service Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35642 |
CVE-2023-35636 | Microsoft Outlook Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35636 |
CVE-2023-46701 | Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46701 |
CVE-2023-41120 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It permits an authenticated user to use DBMS_PROFILER to remove all accumulated profiling data on a system-wide basis, regardless of that user's permissions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41120 |
CVE-2023-41115 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. When using UTL_ENCODE, an authenticated user can read any large object, regardless of that user's permissions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41115 |
CVE-2023-41114 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contains the functions get_url_as_text and get_url_as_bytea that are publicly executable, thus permitting an authenticated user to read any file from the local filesystem or remote system regardless of that user's permissions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41114 |
CVE-2023-49795 | MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49795 |
CVE-2023-28870 | Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28870 |
CVE-2023-28869 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28869 |
CVE-2023-47440 | Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-47440 |
CVE-2023-6588 | Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6588 |
CVE-2022-45362 | Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.This issue affects Paytm Payment Gateway: from n/a through 2.7.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45362 |
CVE-2023-46218 | This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-46218 |
CVE-2023-6566 | Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6566 |
CVE-2023-6512 | Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6512 |
CVE-2023-24547 | On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by authenticated users, as well as appear in clear text in the device’s running config. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24547 |
CVE-2022-48616 | A Huawei data communication product has a command injection vulnerability. Successful exploitation of this vulnerability may allow attackers to gain higher privileges. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-48616 |
CVE-2023-49587 | SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-49587 |
CVE-2023-4932 | SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in the `_program` parameter of the the `/SASStoredProcess/do` endpoint allows arbitrary JavaScript to be executed when specially crafted URL is opened by an authenticated user. The attack is possible from a low-privileged user. Only versions 9.4_M7 and 9.4_M8 were tested and confirmed to be vulnerable, status of others is unknown. For above mentioned versions hot fixes were published. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4932 |
CVE-2023-6671 | A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6671 |
CVE-2023-6659 | A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0. This issue affects some unknown processing of the file /libsystem/login.php. The manipulation of the argument student leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247367. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6659 |
CVE-2023-6654 | A vulnerability classified as critical was found in PHPEMS 6.x/7.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6654 |
CVE-2023-6575 | A vulnerability was found in Beijing Baichuo S210 up to 20231121. It has been classified as critical. This affects an unknown part of the file /Tool/repair.php of the component HTTP POST Request Handler. The manipulation of the argument txt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247155. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6575 |
CVE-2023-6574 | A vulnerability was found in Beijing Baichuo Smart S20 up to 20231120 and classified as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updateos.php of the component HTTP POST Request Handler. The manipulation of the argument 1_file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247154 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6574 |
CVE-2023-41337 | h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent. The attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to force the victim connection to wrongfully resume against a different server address or port on which the same h2o instance is listening. Once a TLS session is misdirected to resume to a server address / port that is configured to use an attacker-controlled server as the backend, depending on the configuration, HTTPS requests from the victim client may be forwarded to the attacker's server. An H2O instance is vulnerable to this attack only if the instance is configured to listen to different addresses or ports using the listen directive at the host level and the instance is configured to connect to backend servers managed by multiple entities. A patch is available at commit 35760540337a47e5150da0f4a66a609fad2ef0ab. As a workaround, one may stop using using host-level listen directives in favor of global-level ones. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41337 |
CVE-2023-4958 | In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. An attacker could exploit this by convincing a valid RHACS user to visit an attacker-controlled web page, that deceptively points to valid RHACS endpoints, hijacking the user's account permissions to perform other actions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4958 |
CVE-2023-49577 | The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-49577 |
CVE-2023-42479 | An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42479 |
CVE-2023-28874 | The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28874 |
CVE-2023-46499 | Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46499 |
CVE-2023-46495 | Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46495 |
CVE-2023-46494 | Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46494 |
CVE-2023-6507 | An issue was found in CPython 3.12.0 `subprocess` module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the `extra_groups=` parameter with an empty list as a value (ie `extra_groups=[]`) the logic regressed to not call `setgroups(0, NULL)` before calling `exec()`, thus not dropping the original processes' groups before starting the new process. There is no issue when the parameter isn't used or when any value is used besides an empty list. This issue only impacts CPython processes run with sufficient privilege to make the `setgroups` system call (typically `root`). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-6507 |
CVE-2023-6616 | A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247253 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-6616 |
CVE-2023-23372 | A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h4.5.4.2476 build 20230728 and later | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23372 |
CVE-2023-48928 | Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-48928 |
CVE-2023-46693 | Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46693 |
CVE-2023-41170 | NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41170 |
CVE-2023-49493 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-49493 |
CVE-2023-49492 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-49492 |
CVE-2023-45762 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.This issue affects Responsive Column Widgets: from n/a through 1.2.7. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-45762 |
CVE-2023-48325 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages.This issue affects Landing Page Builder – Lead Page – Optin Page – Squeeze Page – WordPress Landing Pages: from n/a through 1.5.1.5. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-48325 |
CVE-2023-47779 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.1.4. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-47779 |
CVE-2023-49225 | A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in the product. As for the affected products/models/versions, see the information provided by the vendor listed under [References] section or the list under [Product Status] section. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-49225 |
CVE-2023-48208 | A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country name parameter to index.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-48208 |
CVE-2023-48206 | A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-48206 |
CVE-2023-43103 | An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43103 |
CVE-2023-43102 | An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43102 |
CVE-2023-6568 | Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlflow prior to 2.9.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-6568 |
CVE-2023-46688 | Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-46688 |
CVE-2023-6527 | The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-6527 |
CVE-2023-49805 | Uptime Kuma is an easy-to-use self-hosted monitoring tool. Prior to version 1.23.9, the application uses WebSocket (with Socket.io), but it does not verify that the source of communication is valid. This allows third-party website to access the application on behalf of their client. When connecting to the server using Socket.IO, the server does not validate the `Origin` header leading to other site being able to open connections to the server and communicate with it. Other websites still need to authenticate to access most features, however this can be used to circumvent firewall protections made in place by people deploying the application. Without origin validation, Javascript executed from another origin would be allowed to connect to the application without any user interaction. Without login credentials, such a connection is unable to access protected endpoints containing sensitive data of the application. However, such a connection may allow attacker to further exploit unseen vulnerabilities of the application. Users with "No-auth" mode configured who are relying on a reverse proxy or firewall to provide protection to the application would be especially vulnerable as it would grant the attacker full access to the application. In version 1.23.9, additional verification of the HTTP Origin header has been added to the socket.io connection handler. By default, if the `Origin` header is present, it would be checked against the Host header. Connection would be denied if the hostnames do not match, which would indicate that the request is cross-origin. Connection would be allowed if the `Origin` header is not present. Users can override this behavior by setting environment variable `UPTIME_KUMA_WS_ORIGIN_CHECK=bypass`. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-49805 |
CVE-2023-49798 | OpenZeppelin Contracts is a library for smart contract development. A merge issue when porting the 5.0.1 patch to the 4.9 branch caused a line duplication. In the version of `Multicall.sol` released in `@openzeppelin/contracts@4.9.4` and `@openzeppelin/contracts-upgradeable@4.9.4`, all subcalls are executed twice. Concretely, this exposes a user to unintentionally duplicate operations like asset transfers. The duplicated delegatecall was removed in version 4.9.5. The 4.9.4 version is marked as deprecated. Users are advised to upgrade. There are no known workarounds for this issue. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-49798 |
CVE-2023-26154 | Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of the package github.com/pubnub/go/v7 before 7.2.0; versions of the package pubnub before 7.3.0; versions of the package pubnub/pubnub before 6.1.0; versions of the package pubnub before 5.3.0; versions of the package pubnub before 0.4.0; versions of the package pubnub/c-core before 4.5.0; versions of the package com.pubnub:pubnub-kotlin before 7.7.0; versions of the package pubnub/swift before 6.2.0; versions of the package pubnub before 5.2.0; versions of the package pubnub before 4.3.0 are vulnerable to Insufficient Entropy via the getKey function, due to inefficient implementation of the AES-256-CBC cryptographic algorithm. The provided encrypt function is less secure when hex encoding and trimming are applied, leaving half of the bits in the key always the same for every encoded message or file.\r\r**Note:**\r\rIn order to exploit this vulnerability, the attacker needs to invest resources in preparing the attack and brute-force the encryption. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-26154 |
CVE-2023-36009 | Microsoft Word Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36009 |
CVE-2023-35635 | Windows Kernel Denial of Service Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35635 |
CVE-2023-42894 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access information about a user's contacts. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42894 |
CVE-2023-6658 | A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6658 |
CVE-2023-6657 | A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6657 |
CVE-2023-50431 | sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-50431 |
CVE-2023-47465 | An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-47465 |
CVE-2023-47722 | IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. IBM X-Force ID: 271912. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-47722 |
CVE-2023-28527 | IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28527 |
CVE-2023-28526 | IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28526 |
CVE-2023-6560 | An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6560 |
CVE-2023-6622 | A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6622 |
CVE-2023-48412 | In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48412 |
CVE-2023-48411 | In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48411 |
CVE-2023-48408 | In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48408 |
CVE-2023-48401 | In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48401 |
CVE-2023-6611 | A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file pda/pad/email/delete.php. The manipulation of the argument EMAIL_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-247246 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6611 |
CVE-2023-6608 | A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/notify/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-247244. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6608 |
CVE-2023-48958 | gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-48958 |
CVE-2023-40238 | A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for certain Lenovo devices. Image parsing of crafted BMP logo files can copy data to a specific address during the DXE phase of UEFI execution. This occurs because of an integer signedness error involving PixelHeight and PixelWidth during RLE4/RLE8 compression. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40238 |
CVE-2023-49248 | Vulnerability of unauthorized file access in the Settings app. Successful exploitation of this vulnerability may cause unauthorized file access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49248 |
CVE-2023-49273 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-49273 |
CVE-2023-48715 | Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 or Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48715 |
CVE-2023-28873 | An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28873 |
CVE-2020-25835 | A potential vulnerability has been identified in Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited resulting in stored Cross-Site Scripting (XSS). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-25835 |
CVE-2023-46497 | Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46497 |
CVE-2023-6146 | A Qualys web application was found to have a stored XSS vulnerability resulting from the absence of HTML encoding in the presentation of logging information to users. This vulnerability allowed a user with login access to the application to introduce XSS payload via browser details. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-6146 |
CVE-2023-49487 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-49487 |
CVE-2023-49486 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-49486 |
CVE-2023-49485 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-49485 |
CVE-2023-49484 | Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-49484 |
CVE-2023-49444 | An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-49444 |
CVE-2023-6333 | The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface that could run malicious javascript code during a user's session. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-6333 |
CVE-2023-41905 | NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41905 |
CVE-2023-41172 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41172 |
CVE-2023-41171 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41171 |
CVE-2023-41169 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41169 |
CVE-2023-41168 | NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41168 |
CVE-2023-46974 | Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46974 |
CVE-2023-46641 | Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.This issue affects 12 Step Meeting List: from n/a through 3.14.24. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46641 |
CVE-2023-41804 | Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41804 |
CVE-2023-48839 | Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48839 |
CVE-2023-48838 | Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48838 |
CVE-2023-48837 | Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48837 |
CVE-2023-48836 | Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48836 |
CVE-2023-48828 | Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48828 |
CVE-2023-48827 | Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48827 |
CVE-2023-48825 | Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48825 |
CVE-2023-48824 | BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48824 |
CVE-2023-48172 | A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48172 |
CVE-2023-46857 | Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. This occurs because there is an incomplete blacklist in the SVG inspection, allowing JavaScript in the SRC attribute of an IFRAME element. An authenticated attack with assets.create permission is required for exploitation. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-46857 |
CVE-2023-28017 | HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which leads to executing malicious script code. This may let the attacker steal cookie-based authentication credentials and comprise a user's account then launch other attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28017 |
CVE-2023-34439 | Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-34439 |
CVE-2023-48940 | A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-48940 |
CVE-2023-28875 | A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28875 |
CVE-2023-50251 | php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when parsing the attributes passed to a `use` tag inside an svg document, an attacker can cause the system to go to an infinite recursion. Depending on the system configuration and attack pattern this could exhaust the memory available to the executing process and/or to the server itself. An attacker sending multiple request to a system to render the above payload can potentially cause resource exhaustion to the point that the system is unable to handle incoming request. Version 0.5.1 contains a patch for this issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-50251 |
CVE-2023-49278 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a brute force exploit can be used to collect valid usernames. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-49278 |
CVE-2023-36012 | DHCP Server Service Information Disclosure Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36012 |
CVE-2023-35619 | Microsoft Outlook for Mac Spoofing Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-35619 |
CVE-2023-6193 | quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE frames can only be sent at the slower rate than they are received; leading to storage of path validation data in an unbounded queue. Quiche versions greater than 0.19.0 address this problem. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6193 |
CVE-2023-49796 | MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-49796 |
CVE-2023-50428 | In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-50428 |
CVE-2023-46493 | Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-46493 |
CVE-2023-6615 | A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Affected by this issue is some unknown functionality of the file /admin/manage-users.php. The manipulation of the argument page leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-247250 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6615 |
CVE-2023-46871 | GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. This vulnerability may lead to a denial of service. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-46871 |
CVE-2023-35909 | Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress leading to DoS.This issue affects Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress: from n/a through 3.6.25. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-35909 |
CVE-2023-48205 | Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-48205 |
CVE-2023-43304 | An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43304 |
CVE-2023-43303 | An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43303 |
CVE-2023-43302 | An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43302 |
CVE-2023-43301 | An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43301 |
CVE-2023-43300 | An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43300 |
CVE-2023-43299 | An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43299 |
CVE-2023-43298 | An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43298 |
CVE-2023-6393 | A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6393 |
CVE-2023-39326 | A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-39326 |
CVE-2023-6459 | Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Since this id is the channelID, the public /metrics endpoint is revealing channelIDs. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6459 |
CVE-2023-6273 | Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6273 |
CVE-2023-5536 | A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5536 |
CVE-2023-40053 | A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40053 |
CVE-2023-48413 | In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-48413 |
CVE-2023-48397 | In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-48397 |
CVE-2023-32975 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-32975 |
CVE-2022-48615 | An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48615 |
CVE-2023-6613 | A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6613 |
CVE-2023-36880 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36880 |
CVE-2023-35625 | Azure Machine Learning Compute Instance for SDK Users Information Disclosure Vulnerability | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-35625 |
CVE-2023-47548 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site.This issue affects Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site: from n/a through 1.3.2. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-47548 |
CVE-2023-32968 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.2.2534 build 20230927 and later | 4.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32968 |
CVE-2023-6679 | A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. This issue could be exploited to trigger a denial of service. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-6679 |
CVE-2023-48313 | Umbraco is an ASP.NET content management system (CMS). Starting in 10.0.0 and prior to versions 10.8.1 and 12.3.4, Umbraco contains a cross-site scripting (XSS) vulnerability enabling attackers to bring malicious content into a website or application. Versions 10.8.1 and 12.3.4 contain a patch for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-48313 |
CVE-2023-48227 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.3.0, Backoffice users with send for approval permission but not publish permission are able to publish in some scenarios. Versions 8.18.10, 10.7.0, and 12.3.0 contains a patch for this issue. No known workarounds are available. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-48227 |
CVE-2023-49874 | Mattermost fails to check whether a user is a guest when updating the tasks of a private playbook run allowing a guest to update the tasks of a private playbook run if they know the run ID. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-49874 |
CVE-2023-49809 | Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. After a few repetitions, the plugin is disabled. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-49809 |
CVE-2023-49607 | Mattermost fails to validate the type of the "reminder" body request parameter allowing an attacker to crash the Playbook Plugin when updating the status dialog. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-49607 |
CVE-2023-45847 | Mattermost fails to to check the length when setting the title in a run checklist in Playbooks, allowing an attacker to send a specially crafted request and crash the Playbooks plugin | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45847 |
CVE-2023-41116 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to refresh any materialized view, regardless of that user's permissions. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41116 |
CVE-2023-41113 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occur when attempting to read them, and some limited information about their contents (regardless of permissions). This can occur when a superuser has configured one or more directories for filesystem access via CREATE DIRECTORY and adopted certain non-default settings for log_line_prefix and log_connections. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41113 |
CVE-2023-49584 | SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-49584 |
CVE-2023-5868 | A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5868 |
CVE-2023-6653 | A vulnerability was found in PHPGurukul Teacher Subject Allocation Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/subject.php of the component Create a new Subject. The manipulation of the argument cid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-247346 is the identifier assigned to this vulnerability. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6653 |
CVE-2023-6650 | A vulnerability was found in SourceCodester Simple Invoice Generator System 1.0 and classified as problematic. This issue affects some unknown processing of the file login.php. The manipulation of the argument cashier leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247343. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6650 |
CVE-2023-6649 | A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file index.php. The manipulation of the argument searchdata with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-247342 is the identifier assigned to this vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6649 |
CVE-2023-28871 | Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28871 |
CVE-2023-6599 | Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6599 |
CVE-2023-6577 | A vulnerability was found in Beijing Baichuo PatrolFlow 2530Pro up to 20231126. It has been rated as problematic. This issue affects some unknown processing of the file /log/mailsendview.php. The manipulation of the argument file with the input /boot/phpConfig/tb_admin.txt leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6577 |
CVE-2023-38174 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-38174 |
CVE-2023-49746 | Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache – Cache, Optimization, Performance.This issue affects SpeedyCache – Cache, Optimization, Performance: from n/a through 1.1.2. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-49746 |
CVE-2023-46916 | Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-46916 |
CVE-2023-5714 | The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve data key specs. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5714 |
CVE-2023-5713 | The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve potentially sensitive option values, and deserialize the content of those values. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5713 |
CVE-2023-5712 | The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive global value information. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5712 |
CVE-2023-5711 | The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information provided by PHP info. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5711 |
CVE-2023-5710 | The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve sensitive information such as database credentials. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5710 |
CVE-2023-45210 | Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not permitted to access. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-45210 |
CVE-2023-6511 | Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-6511 |
CVE-2023-28876 | A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28876 |
CVE-2022-46141 | A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) (All versions < V19). An information disclosure vulnerability could allow a local attacker to gain access to the access level password of the SIMATIC S7-1200 and S7-1500 CPUs, when entered by a legitimate user in the hardware configuration of the affected application. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-46141 |
CVE-2023-20275 | A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to send packets with another VPN user's source IP address. This vulnerability is due to improper validation of the packet's inner source IP address after decryption. An attacker could exploit this vulnerability by sending crafted packets through the tunnel. A successful exploit could allow the attacker to send a packet impersonating another VPN user's IP address. It is not possible for the attacker to receive return packets. | 4.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-20275 |
CVE-2023-49581 | SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability. | 4.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-49581 |
CVE-2023-50263 | Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 1.x and 2.0.x prior to 1.6.7 and 2.0.6, the URLs `/files/get/?name=...` and `/files/download/?name=...` are used to provide admin access to files that have been uploaded as part of a run request for a Job that has FileVar inputs. Under normal operation these files are ephemeral and are deleted once the Job in question runs. In the default implementation used in Nautobot, as provided by `django-db-file-storage`, these URLs do not by default require any user authentication to access; they should instead be restricted to only users who have permissions to view Nautobot's `FileProxy` model instances. Note that no URL mechanism is provided for listing or traversal of the available file `name` values, so in practice an unauthenticated user would have to guess names to discover arbitrary files for download, but if a user knows the file name/path value, they can access it without authenticating, so we are considering this a vulnerability. Fixes are included in Nautobot 1.6.7 and Nautobot 2.0.6. No known workarounds are available other than applying the patches included in those versions. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-50263 |
CVE-2023-50247 | h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. The QUIC stack (quicly), as used by H2O up to commit 43f86e5 (in version 2.3.0-beta and prior), is susceptible to a state exhaustion attack. When H2O is serving HTTP/3, a remote attacker can exploit this vulnerability to progressively increase the memory retained by the QUIC stack. This can eventually cause H2O to abort due to memory exhaustion. The vulnerability has been resolved in commit d67e81d03be12a9d53dc8271af6530f40164cd35. HTTP/1 and HTTP/2 are not affected by this vulnerability as they do not use QUIC. Administrators looking to mitigate this issue without upgrading can disable HTTP/3 support. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-50247 |
CVE-2023-49279 | Umbraco is an ASP.NET content management system (CMS). Starting in version 7.0.0 and prior to versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0, a user with access to the backoffice can upload SVG files that include scripts. If the user can trick another user to load the media directly in a browser, the scripts can be executed. Versions 7.15.11, 8.18.9, 10.7.0, 11.5.0, and 12.2.0 contain a patch for this issue. Some workarounds are available. Implement the server side file validation or serve all media from an different host (e.g cdn) than where Umbraco is hosted. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-49279 |
CVE-2023-49274 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, a user enumeration attack is possible when SMTP is not set up correctly, but reset password is enabled. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for this issue. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-49274 |
CVE-2023-6547 | Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and modify the playbook. This can happen if the user was once a member of the team, got permissions to the playbook and was then removed from the team. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-6547 |
CVE-2023-6710 | A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page. The impact of this vulnerability is considered as Low, as the cluster_manager URL should not be exposed outside and is protected by user/password. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6710 |
CVE-2023-38694 | Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, and 12.1.0 contain a patch for this issue. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38694 |
CVE-2023-49578 | SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49578 |
CVE-2023-49058 | SAP Master Data Governance File Upload application allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing ‘traverse to parent directory’ are passed through to the file APIs. As a result, it has a low impact to the confidentiality. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-49058 |
CVE-2023-6646 | A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6646 |
CVE-2023-6609 | A vulnerability was found in osCommerce 4. It has been classified as problematic. This affects an unknown part of the file /b2b-supermarket/catalog/all-products. The manipulation of the argument keywords with the input %27%22%3E%3Cimg%2Fsrc%3D1+onerror%3Dalert%28document.cookie%29%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-6609 |
CVE-2023-6727 | Mattermost fails to perform correct authorization checks when creating a playbook action, allowing users without access to the playbook to create playbook actions. If the playbook action created is to post a message in a channel based on specific keywords in a post, some playbook information, like the name, can be leaked. | 3.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-6727 |
CVE-2023-6194 | In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. | 2.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-6194 |
CVE-2023-48430 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-48430 |
CVE-2023-48429 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-48429 |
CVE-2023-6120 | The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. This makes it possible for administrators to upload .pem or .crt files to arbitrary locations on the server. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-6120 |
CVE-2023-6614 | A vulnerability classified as problematic was found in Typecho 1.2.1. Affected by this vulnerability is an unknown functionality of the file /admin/manage-pages.php of the component Page Handler. The manipulation leads to backdoor. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-6614 |
CVE-2023-5870 | A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. | 2.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-5870 |
CVE-2023-34064 | Workspace ONE Launcher contains a Privilege Escalation Vulnerability. A malicious actor with physical access to Workspace ONE Launcher could utilize the Edge Panel feature to bypass setup to gain access to sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34064 |
CVE-2023-43364 | main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43364 |
CVE-2023-4421 | The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. This vulnerability affects NSS < 3.61. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4421 |
CVE-2023-31048 | The OPC UA .NET Standard Reference Server before 1.4.371.86. places sensitive information into an error message that may be seen remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31048 |
CVE-2023-28604 | The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28604 |
CVE-2023-28465 | The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28465 |
CVE-2023-26920 | fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26920 |
CVE-2022-44543 | The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44543 |
CVE-2020-10676 | In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-10676 |
CVE-2018-16153 | An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations. | – | https://nvd.nist.gov/vuln/detail/CVE-2018-16153 |
CVE-2015-8314 | The Devise gem before 3.5.4 for Ruby mishandles Remember Me cookies for sessions, which may allow an adversary to obtain unauthorized persistent application access. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-8314 |
CVE-2015-2179 | The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-2179 |
CVE-2013-2513 | The flash_tool gem through 0.6.0 for Ruby allows command execution via shell metacharacters in the name of a downloaded file. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-2513 |
CVE-2009-4123 | The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | – | https://nvd.nist.gov/vuln/detail/CVE-2009-4123 |
CVE-2023-6593 | Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-6593 |
CVE-2023-50495 | NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50495 |
CVE-2023-46456 | In GL.iNET GL-AR300M routers with firmware 3.216 it is possible to inject arbitrary shell commands through the OpenVPN client file upload functionality. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46456 |
CVE-2023-46455 | In GL.iNET GL-AR300M routers with firmware v4.3.7 it is possible to write arbitrary files through a path traversal attack in the OpenVPN client file upload functionality. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46455 |
CVE-2023-46454 | In GL.iNET GL-AR300M routers with firmware v4.3.7, it is possible to inject arbitrary shell commands through a crafted package name in the package information functionality. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46454 |
CVE-2020-28369 | In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\\Temp. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-28369 |
CVE-2020-12614 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-12614 |
CVE-2023-49994 | Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49994 |
CVE-2023-49993 | Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49993 |
CVE-2023-49992 | Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49992 |
CVE-2023-49991 | Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49991 |
CVE-2023-49990 | Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49990 |
CVE-2020-12612 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-12612 |
CVE-2020-12615 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-12615 |
CVE-2023-49713 | Denial-of-service (DoS) vulnerability exists in NetBIOS service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49713 |
CVE-2023-49143 | Denial-of-service (DoS) vulnerability exists in rfe service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49143 |
CVE-2023-49140 | Denial-of-service (DoS) vulnerability exists in commplex-link service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49140 |
CVE-2023-41963 | Denial-of-service (DoS) vulnerability exists in FTP service of HMI GC-A2 series. If a remote unauthenticated attacker sends a specially crafted packets to specific ports, a denial-of-service (DoS) condition may occur. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41963 |
CVE-2023-49695 | OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command by sending a specially crafted request to the product. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49695 |
CVE-2023-49563 | Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49563 |
CVE-2023-48677 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48677 |
CVE-2023-41623 | Emlog version pro2.1.14 was discovered to contain a SQL injection vulnerability via the uid parameter at /admin/media.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41623 |
CVE-2023-48642 | Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.14 (6.14.0) is also a fixed release. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48642 |
CVE-2023-41118 | An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. When a superuser has configured file locations using CREATE DIRECTORY, these functions allow users to take a wide range of actions, including read, write, copy, rename, and delete. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41118 |
CVE-2023-6709 | Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-6709 |
CVE-2023-46219 | When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-46219 |
CVE-2023-42932 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to access protected user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42932 |
CVE-2023-42927 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2. An app may be able to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42927 |
CVE-2023-42926 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42926 |
CVE-2023-42924 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3. An app may be able to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42924 |
CVE-2023-42923 | This issue was addressed through improved state management. This issue is fixed in iOS 17.2 and iPadOS 17.2. Private Browsing tabs may be accessed without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42923 |
CVE-2023-42922 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to read sensitive location information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42922 |
CVE-2023-42919 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42919 |
CVE-2023-42914 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. An app may be able to break out of its sandbox. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42914 |
CVE-2023-42912 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42912 |
CVE-2023-42911 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42911 |
CVE-2023-42910 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42910 |
CVE-2023-42909 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42909 |
CVE-2023-42908 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42908 |
CVE-2023-42907 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42907 |
CVE-2023-42906 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42906 |
CVE-2023-42905 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42905 |
CVE-2023-42904 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42904 |
CVE-2023-42903 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42903 |
CVE-2023-42902 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42902 |
CVE-2023-42901 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42901 |
CVE-2023-42900 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.2. An app may be able to access user-sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42900 |
CVE-2023-42899 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, macOS Monterey 12.7.2. Processing an image may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42899 |
CVE-2023-42898 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing an image may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42898 |
CVE-2023-42897 | The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker with physical access may be able to use Siri to access sensitive user data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42897 |
CVE-2023-42891 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. An app may be able to monitor keystrokes without user permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42891 |
CVE-2023-42890 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, watchOS 10.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2. Processing web content may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42890 |
CVE-2023-42886 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2. A user may be able to cause unexpected app termination or arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42886 |
CVE-2023-42884 | This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, macOS Ventura 13.6.3, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. An app may be able to disclose kernel memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42884 |
CVE-2023-42883 | The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42883 |
CVE-2023-42882 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.2. Processing an image may lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42882 |
CVE-2023-42874 | This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.2. Secure text fields may be displayed via the Accessibility Keyboard when using a physical keyboard. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42874 |
CVE-2023-40446 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing maliciously crafted input may lead to arbitrary code execution in user-installed apps. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40446 |
CVE-2023-36654 | Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36654 |
CVE-2023-36652 | A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36652 |
CVE-2023-36651 | Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36651 |
CVE-2023-36650 | A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36650 |
CVE-2023-36649 | Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the Loki REST API without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36649 |
CVE-2023-36648 | Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36648 |
CVE-2023-36647 | A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36647 |
CVE-2023-36646 | Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36646 |
CVE-2021-3187 | An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.) | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3187 |
CVE-2023-45292 | When using the default implementation of Verify to check a Captcha, verification can be bypassed. For example, if the first parameter is a non-existent id, the second parameter is an empty string, and the third parameter is true, the function will always consider the Captcha to be correct. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45292 |
CVE-2020-12613 | An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-12613 |
CVE-2023-49494 | DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49494 |
CVE-2023-49490 | XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49490 |
CVE-2023-49488 | A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49488 |
CVE-2023-6035 | The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-6035 |
CVE-2023-5955 | The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5955 |
CVE-2023-5940 | The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5940 |
CVE-2023-5907 | The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site administrators should not be allowed to modify the sites files. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5907 |
CVE-2023-5757 | The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5757 |
CVE-2023-5750 | The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5750 |
CVE-2023-5749 | The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5749 |
CVE-2023-49418 | TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49418 |
CVE-2023-49417 | TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49417 |
CVE-2023-49964 | An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. By inserting malicious content in the folder.get.html.ftl file, an attacker may perform SSTI (Server-Side Template Injection) attacks, which can leverage FreeMarker exposed objects to bypass restrictions and achieve RCE (Remote Code Execution). NOTE: this issue exists because of an incomplete fix for CVE-2020-12873. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49964 |
CVE-2023-49355 | decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49355 |
CVE-2023-6181 | An oversight in BCB handling of reboot reason that allows for persistent code execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-6181 |
CVE-2023-48425 | U-Boot vulnerability resulting in persistent Code Execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48425 |
CVE-2023-48424 | U-Boot shell vulnerability resulting in Privilege escalation in a production device | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48424 |
CVE-2023-48417 | Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48417 |
CVE-2023-50465 | A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50465 |
CVE-2023-50463 | The caddy-geo-ip (aka GeoIP) middleware through 0.6.0 for Caddy 2, when trust_header X-Forwarded-For is used, allows attackers to spoof their source IP address via an X-Forwarded-For header, which may bypass a protection mechanism (trusted_proxy directive in reverse_proxy or IP address range restrictions). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50463 |
CVE-2023-50457 | An issue was discovered in Zammad before 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50457 |
CVE-2023-50456 | An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50456 |
CVE-2023-50455 | An issue was discovered in Zammad before 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50455 |
CVE-2023-50454 | An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50454 |
CVE-2023-50453 | An issue was discovered in Zammad before 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50453 |
CVE-2022-48614 | Special:Ask in Semantic MediaWiki before 4.0.2 allows Reflected XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48614 |
CVE-2023-50449 | JFinalCMS 5.0.0 could allow a remote attacker to read files via ../ Directory Traversal in the /common/down/file fileKey parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50449 |
CVE-2023-50446 | An issue was discovered in Mullvad VPN Windows app before 2023.6-beta1. Insufficient permissions on a directory allow any local unprivileged user to escalate privileges to SYSTEM. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50446 |
CVE-2023-50430 | The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated configuration packet to select the Windows template database, which allows bypass of Windows Hello authentication by enrolling an attacker's fingerprint. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50430 |
CVE-2023-50429 | IzyBat Orange casiers before 20230803_1 allows getEnsemble.php ensemble SQL injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-50429 |
CVE-2023-34320 | Cortex-A77 cores (r0p0 and r1p0) are affected by erratum 1508412 where software, under certain circumstances, could deadlock a core due to the execution of either a load to device or non-cacheable memory, and either a store exclusive or register read of the Physical Address Register (PAR_EL1) in close proximity. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34320 |
CVE-2023-48423 | In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48423 |
CVE-2023-48422 | In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48422 |
CVE-2023-48421 | In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48421 |
CVE-2023-48420 | there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48420 |
CVE-2023-48416 | In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48416 |
CVE-2023-48415 | In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48415 |
CVE-2023-48414 | In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48414 |
CVE-2023-48406 | there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48406 |
CVE-2023-48405 | there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48405 |
CVE-2023-48404 | In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48404 |
CVE-2023-48399 | In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48399 |
CVE-2023-48398 | In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-48398 |
CVE-2023-45866 | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45866 |
CVE-2023-43744 | An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to execute arbitrary OS commands via a file name parameter in a patch application function. The Zultys MX Administrator client has a "Patch Manager" section that allows administrators to apply patches to the device. The user supplied filename for the patch file is passed to a shell script without validation. Including bash command substitution characters in a patch file name results in execution of the provided command. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43744 |
CVE-2023-43743 | A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker to execute arbitrary SQL queries on the backend database via the filter parameter in requests to the /newapi/ endpoint in the Zultys MX web interface. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43743 |
CVE-2023-43742 | An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function. In normal operation, the Zultys MX Administrator Windows client connects to port 7505 and attempts authentication, submitting the administrator username and password to the server. Upon authentication failure, the server sends a login failure message prompting the client to disconnect. However, if the client ignores the failure message instead and attempts to continue, the server does not forcibly close the connection and processes all subsequent requests from the client as if authentication had been successful. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43742 |
CVE-2023-49787 | Rejected reason: CVE request originates from private repository | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49787 |
CVE-2023-33413 | The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33413 |
CVE-2023-33412 | The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before 3.17.02, allows remote authenticated users to execute arbitrary commands via a crafted request targeting vulnerable cgi endpoints. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33412 |
CVE-2023-39170 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it's a duplicate of CVE-2023-39169. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39170 |
CVE-2023-39168 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it's a duplicate of CVE-2023-39167. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39168 |
CVE-2023-49958 | An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional, arbitrary properties, or duplicate properties. The last occurrence of a duplicate property is accepted. This could be exploited to alter transaction records or impact system integrity. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49958 |
CVE-2023-49957 | An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It permits multiple transactions with the same connectorId and idTag, contrary to the expected ConcurrentTx status. This could result in critical transaction management and billing errors. NOTE: the vendor's perspective is "Imagine you've got two cars in your family and want to charge both in parallel on the same account/token? Why should that be rejected?" | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49957 |
CVE-2023-49956 | An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. A StopTransaction message with any random transactionId terminates active transactions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49956 |
CVE-2023-49955 | An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. It does not validate the length of the chargePointVendor field in a BootNotification message, potentially leading to server instability and a denial of service when processing excessively large inputs. NOTE: the vendor's perspective is "OCPP.Core is intended for use in a protected environment/network." | – | https://nvd.nist.gov/vuln/detail/CVE-2023-49955 |