Published on 24 May 2023 | Updated on 24 May 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2023-27482 | homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-27482 |
CVE-2023-2712 | Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.\n\n | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-2712 |
CVE-2018-3878 | Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-3878 |
CVE-2018-3919 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process insecurely extracts the fields from the "clips" table of its SQLite database, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-3919 |
CVE-2018-3880 | An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-3880 |
CVE-2018-3875 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy overflows the destination buffer, which has a size of 2,000 bytes. An attacker can send an arbitrarily long "sessionToken" value in order to exploit this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-3875 |
CVE-2018-3873 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-3873 |
CVE-2018-3877 | An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 160 bytes. An attacker can send an arbitrarily long "directory" value in order to exploit this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-3877 |
CVE-2017-15702 | In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured with different authentication providers on different ports one of which is an HTTP port, then the broker can be tricked by a remote unauthenticated attacker connecting to the HTTP port into using an authentication provider that was configured on a different port. The attacker still needs valid credentials with the authentication provider on the spoofed port. This becomes an issue when the spoofed port has weaker authentication protection (e.g., anonymous access, default accounts) and is normally protected by firewall rules or similar which can be circumvented by this vulnerability. AMQP ports are not affected. Versions 6.0.0 and newer are not affected. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-15702 |
CVE-2018-0150 | A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-0150 |
CVE-2018-17191 | Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17191 |
CVE-2019-10692 | In the wp-google-maps plugin before 7.11.18 for WordPress, includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-10692 |
CVE-2020-11514 | The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to update arbitrary WordPress metadata, including the ability to escalate or revoke administrative privileges for existing users via the unsecured rankmath/v1/updateMeta REST API endpoint. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-11514 |
CVE-2020-8758 | Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-8758 |
CVE-2020-8752 | Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-8752 |
CVE-2021-34727 | A vulnerability in the vDaemon process in Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes traffic. An attacker could exploit this vulnerability by sending crafted traffic to the device. A successful exploit could allow the attacker to cause a buffer overflow and possibly execute arbitrary commands with root-level privileges, or cause the device to reload, which could result in a denial of service condition. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34727 |
CVE-2021-35368 | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35368 |
CVE-2022-28205 | An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28205 |
CVE-2022-28206 | An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28206 |
CVE-2022-28209 | An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28209 |
CVE-2022-30601 | Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30601 |
CVE-2022-36376 | Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36376 |
CVE-2022-39955 | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. A vulnerable back-end can potentially be exploited by declaring multiple Content-Type "charset" names and therefore bypassing the configurable CRS Content-Type header "charset" allow list. An encoded payload can bypass CRS detection this way and may then be decoded by the backend. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39955 |
CVE-2022-39956 | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. The multipart payload will therefore bypass detection. A vulnerable backend that supports these encoding schemes can potentially be exploited. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised upgrade to 3.2.2 and 3.3.3 respectively. The mitigation against these vulnerabilities depends on the installation of the latest ModSecurity version (v2.9.6 / v3.0.8). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39956 |
CVE-2022-26845 | Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26845 |
CVE-2022-32221 | When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32221 |
CVE-2022-47629 | Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47629 |
CVE-2022-3515 | A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3515 |
CVE-2023-22884 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22884 |
CVE-2023-25693 | Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25693 |
CVE-2023-25696 | Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25696 |
CVE-2022-22512 | Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22512 |
CVE-2022-0194 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0194 |
CVE-2022-23121 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23121 |
CVE-2022-23122 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23122 |
CVE-2022-23123 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23123 |
CVE-2022-23124 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23124 |
CVE-2022-23125 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23125 |
CVE-2022-43634 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43634 |
CVE-2021-46880 | x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46880 |
CVE-2023-26463 | strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26463 |
CVE-2023-27973 | Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27973 |
CVE-2023-2479 | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2479 |
CVE-2023-27953 | The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27953 |
CVE-2023-28201 | This issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28201 |
CVE-2021-26379 | Insufficient input validation of mailbox data in the\nSMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially\nleading to a loss of integrity and privilege escalation.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26379 |
CVE-2023-20520 | Improper access control settings in ASP\nBootloader may allow an attacker to corrupt the return address causing a\nstack-based buffer overrun potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20520 |
CVE-2021-46760 | A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46760 |
CVE-2023-28316 | A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28316 |
CVE-2023-31471 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31471 |
CVE-2023-30352 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30352 |
CVE-2023-30353 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30353 |
CVE-2023-30354 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30354 |
CVE-2022-36937 | HHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3.\n\nApplications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36937 |
CVE-2023-30194 | Prestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook(). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30194 |
CVE-2022-29842 | Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29842 |
CVE-2022-29841 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29841 |
CVE-2023-2641 | A vulnerability was found in SourceCodester Online Internship Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/login.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228770 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2641 |
CVE-2023-2642 | A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. This affects an unknown part of the file adminpanel/admin/facebox_modal/updateCourse.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228771. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2642 |
CVE-2023-2643 | A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/update_password.php of the component POST Parameter Handler. The manipulation of the argument new_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228772. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2643 |
CVE-2023-2645 | A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2645 |
CVE-2023-2648 | A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2648 |
CVE-2023-2652 | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228780. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2652 |
CVE-2023-2653 | A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2653 |
CVE-2023-31475 | An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31475 |
CVE-2023-31498 | A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31498 |
CVE-2023-0851 | Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0851 |
CVE-2023-0852 | Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0852 |
CVE-2023-0853 | Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0853 |
CVE-2023-0854 | Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0854 |
CVE-2023-0855 | Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0855 |
CVE-2023-0856 | Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0856 |
CVE-2023-29863 | Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29863 |
CVE-2023-2656 | A vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228798 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2656 |
CVE-2022-47129 | PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47129 |
CVE-2023-2658 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228800. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2658 |
CVE-2023-2659 | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2659 |
CVE-2023-2660 | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2660 |
CVE-2023-2661 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2661 |
CVE-2023-24540 | Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\\t\\n\\f\\r\\u0020\\u2028\\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24540 |
CVE-2023-30192 | Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find(). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30192 |
CVE-2023-29809 | SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29809 |
CVE-2023-30330 | SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30330 |
CVE-2023-2668 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-228884. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2668 |
CVE-2023-2669 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-228885 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2669 |
CVE-2023-2670 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. VDB-228886 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2670 |
CVE-2023-32243 | Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32243 |
CVE-2023-2672 | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228888. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2672 |
CVE-2023-2676 | A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Affected by this issue is some unknown functionality of the file /goForm/aspForm. The manipulation of the argument go leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-228890 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2676 |
CVE-2023-27238 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27238 |
CVE-2023-30246 | SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30246 |
CVE-2023-31985 | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31985 |
CVE-2023-30247 | File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30247 |
CVE-2023-2693 | A vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228974 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2693 |
CVE-2023-2694 | A vulnerability was found in SourceCodester Online Exam System 1.0. It has been classified as critical. This affects an unknown part of the file /dosen/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228975. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2694 |
CVE-2023-2695 | A vulnerability was found in SourceCodester Online Exam System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /kelas/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228976. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2695 |
CVE-2023-2696 | A vulnerability was found in SourceCodester Online Exam System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228977 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2696 |
CVE-2023-2697 | A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /jurusan/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228978 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2697 |
CVE-2023-2698 | A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2698 |
CVE-2023-2699 | A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2699 |
CVE-2023-31986 | A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31986 |
CVE-2022-4774 | The Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4774 |
CVE-2023-0600 | The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0600 |
CVE-2023-29862 | An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29862 |
CVE-2023-29861 | An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29861 |
CVE-2023-2499 | The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2499 |
CVE-2023-31519 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31519 |
CVE-2023-31587 | Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31587 |
CVE-2023-31857 | Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31857 |
CVE-2023-1508 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1508 |
CVE-2020-8747 | Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-8747 |
CVE-2023-27958 | The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27958 |
CVE-2021-46753 | Failure to validate the length fields of the ASP\n(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a\nmalicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite\ndata structures leading to a potential loss of confidentiality and integrity.\n\n\n\n\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46753 |
CVE-2021-46762 | Insufficient input validation in the SMU may\nallow an attacker to corrupt SMU SRAM potentially leading to a loss of\nintegrity or denial of service.\n\n\n\n\n\n\n\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46762 |
CVE-2021-46754 | Insufficient input validation in the ASP (AMD\nSecure Processor) bootloader may allow an attacker with a compromised Uapp or\nABL to coerce the bootloader into exposing sensitive information to the SMU\n(System Management Unit) resulting in a potential loss of confidentiality and\nintegrity.\n\n\n\n\n\n\n\n\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46754 |
CVE-2021-46756 | Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46756 |
CVE-2023-1834 | \nRockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. This could potentially allow attackers unauthorized access to the device through the open ports. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1834 |
CVE-2023-27554 | \nIBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.\n\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27554 |
CVE-2023-31146 | Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-31146 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2018-3879 | An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the video-core database. An attacker can send a series of HTTP requests to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-3879 |
CVE-2015-9307 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-9307 |
CVE-2015-9308 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-9308 |
CVE-2015-9309 | The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-9309 |
CVE-2019-14788 | wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14788 |
CVE-2019-12650 | Multiple vulnerabilities in the web-based user interface (Web UI) of Cisco IOS XE Software could allow an authenticated, remote attacker to execute commands with elevated privileges on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12650 |
CVE-2020-3381 | A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. The vulnerability is due to a lack of proper validation of files that are uploaded to an affected device. An attacker could exploit this vulnerability by uploading a crafted file to an affected system. An exploit could allow the attacker to view or modify arbitrary files on the targeted system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3381 |
CVE-2020-3387 | A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. The vulnerability is due to insufficient input sanitization during user authentication processing. An attacker could exploit this vulnerability by sending a crafted response to the Cisco SD-WAN vManage Software. A successful exploit could allow the attacker to access the software and execute commands they should not be authorized to execute. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3387 |
CVE-2020-3141 | Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3141 |
CVE-2020-3425 | Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3425 |
CVE-2020-8749 | Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-8749 |
CVE-2021-32819 | Squirrelly is a template engine implemented in JavaScript that works out of the box with ExpressJS. Squirrelly mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options remote code execution may be triggered in downstream applications. This issue is fixed in version 9.0.0. For complete details refer to the referenced GHSL-2021-023. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32819 |
CVE-2021-31439 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31439 |
CVE-2021-21899 | A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21899 |
CVE-2021-21900 | A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21900 |
CVE-2021-21898 | A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21898 |
CVE-2021-45341 | A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-45341 |
CVE-2022-22026 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22026 |
CVE-2022-30216 | Windows Server Service Tampering Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30216 |
CVE-2022-30221 | Windows Graphics Component Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30221 |
CVE-2022-41128 | Windows Scripting Languages Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41128 |
CVE-2022-29893 | Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29893 |
CVE-2023-23532 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to break out of its sandbox | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23532 |
CVE-2023-27935 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27935 |
CVE-2023-30898 | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30898 |
CVE-2023-30899 | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30899 |
CVE-2023-29462 | An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \n\n potentially resulting in a complete loss of confidentiality, integrity, and availability.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29462 |
CVE-2023-20046 | A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20046 |
CVE-2021-46769 | Insufficient syscall input validation in the ASP\nBootloader may allow a privileged attacker to execute arbitrary DMA copies,\nwhich can lead to code execution. \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46769 |
CVE-2021-46773 | Insufficient input validation in ABL may enable\na privileged attacker to corrupt ASP memory, potentially resulting in a loss of\nintegrity or code execution.\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46773 |
CVE-2023-25832 | There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25832 |
CVE-2023-27889 | Cross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27889 |
CVE-2022-41979 | Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41979 |
CVE-2022-43507 | Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43507 |
CVE-2022-44610 | Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44610 |
CVE-2023-27298 | Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27298 |
CVE-2023-27563 | The n8n package 0.218.0 for Node.js allows Escalation of Privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27563 |
CVE-2023-31148 | An Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31148 |
CVE-2023-31149 | \nAn Improper Input Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31149 |
CVE-2023-31152 | An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. \nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31152 |
CVE-2023-31161 | An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31161 |
CVE-2023-32080 | Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server's install script or the install script executes code supplied by the user (either through environment variables, or commands that execute commands based off of user data). This vulnerability has been resolved in version `v1.11.6` of Wings, and has been back-ported to the 1.7 release series in `v1.7.5`. Anyone running `v1.11.x` should upgrade to `v1.11.6` and anyone running `v1.7.x` should upgrade to `v1.7.5`.\n\nThere are no workarounds aside from upgrading. Running Wings with a rootless container runtime may mitigate the severity of any attacks, however the majority of users are using container runtimes that run as root as per the Wings documentation. SELinux may prevent attackers from performing certain operations against the host system, however privileged containers have a lot of freedom even on systems with SELinux enabled.\n\nIt should be noted that this was a known attack vector, for attackers to easily exploit this attack it would require compromising an administrator account on a Panel. However, certain eggs (the data structure that holds the install scripts that get passed to Wings) have an issue where they are unknowingly executing shell commands with escalated privileges provided by untrusted user data. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32080 |
CVE-2023-2647 | A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2647 |
CVE-2023-2649 | A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2649 |
CVE-2021-34076 | File Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34076 |
CVE-2023-2444 | \nA cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product. Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2444 |
CVE-2023-31528 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31528 |
CVE-2023-31529 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31529 |
CVE-2023-31530 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31530 |
CVE-2023-31531 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31531 |
CVE-2020-13378 | Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13378 |
CVE-2023-28522 | IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28522 |
CVE-2023-2515 | Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2515 |
CVE-2023-2677 | A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. This affects an unknown part of the file admin/establishment/manage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228891. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2677 |
CVE-2023-29657 | eXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29657 |
CVE-2023-30130 | An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30130 |
CVE-2023-2457 | Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2457 |
CVE-2023-2458 | Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2458 |
CVE-2023-2689 | A vulnerability classified as critical was found in SourceCodester Billing Management System 1.0. This vulnerability affects unknown code of the file editproduct.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228970 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2689 |
CVE-2023-2690 | A vulnerability, which was classified as critical, has been found in SourceCodester Personnel Property Equipment System 1.0. This issue affects some unknown processing of the file admin/returned_reuse_form.php of the component GET Parameter Handler. The manipulation of the argument client_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228971. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2690 |
CVE-2022-47379 | An authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47379 |
CVE-2022-47380 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47380 |
CVE-2022-47381 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47381 |
CVE-2022-47382 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47382 |
CVE-2022-47383 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47383 |
CVE-2022-47384 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47384 |
CVE-2022-47385 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47385 |
CVE-2022-47386 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47386 |
CVE-2022-47387 | An authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47387 |
CVE-2022-47388 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47388 |
CVE-2022-47389 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47389 |
CVE-2022-47390 | An authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47390 |
CVE-2023-31572 | An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31572 |
CVE-2023-31576 | An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31576 |
CVE-2023-2713 | Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2713 |
CVE-2023-2702 | Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2702 |
CVE-2020-3407 | A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-3407 |
CVE-2020-3408 | A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-3408 |
CVE-2020-3414 | A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IPv4 or IPv6 traffic to or through an affected device. An attacker could exploit this vulnerability by sending IP traffic to or through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-3414 |
CVE-2020-3480 | Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-3480 |
CVE-2022-4904 | A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-4904 |
CVE-2023-20027 | A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-20027 |
CVE-2022-46720 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to break out of its sandbox | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-46720 |
CVE-2023-27944 | This issue was addressed with a new entitlement. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to break out of its sandbox | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-27944 |
CVE-2023-22441 | Missing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-22441 |
CVE-2019-1950 | A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthenticated, local attacker to gain unauthorized access to an affected device. The vulnerability is due to the existence of default credentials within the default configuration of an affected device. An attacker who has access to an affected device could log in with elevated privileges. A successful exploit could allow the attacker to take complete control of the device. This vulnerability affects Cisco devices that are running Cisco IOS XE SD-WAN Software releases 16.11 and earlier. | 8.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-1950 |
CVE-2022-30222 | Windows Shell Remote Code Execution Vulnerability | 8.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30222 |
CVE-2022-33674 | Azure Site Recovery Elevation of Privilege Vulnerability | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-33674 |
CVE-2021-0187 | Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-0187 |
CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-24892 |
CVE-2023-1732 | When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1732 |
CVE-2019-16012 | A vulnerability in the web UI of Cisco SD-WAN Solution vManage software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web UI improperly validates SQL values. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on, or return values from, the underlying database as well as the operating system. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-16012 |
CVE-2020-3474 | Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-3474 |
CVE-2020-3475 | Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-3475 |
CVE-2022-22029 | Windows Network File System Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-22029 |
CVE-2022-22038 | Remote Procedure Call Runtime Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-22038 |
CVE-2023-0568 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0568 |
CVE-2022-36330 | A buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.\n\nThis issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. \n\n\n\n | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-36330 |
CVE-2023-29032 | An attacker that has gained access to certain private information can use this to act as other user.\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0 | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29032 |
CVE-2020-13377 | The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-13377 |
CVE-2019-0096 | Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2019-0096 |
CVE-2017-5711 | Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-5711 |
CVE-2018-0598 | Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-0598 |
CVE-2019-12671 | A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS). The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the CLI and requesting shell access on an affected device. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12671 |
CVE-2020-3265 | A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3265 |
CVE-2020-3266 | A vulnerability in the CLI of Cisco SD-WAN Solution software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3266 |
CVE-2019-16011 | A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI utility. The attacker must be authenticated to access the CLI utility. A successful exploit could allow the attacker to execute commands with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16011 |
CVE-2020-3180 | A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. This account has root privileges. The vulnerability exists because the affected software has a user account with a default, static password. An attacker could exploit this vulnerability by remotely connecting to an affected system by using this account. A successful exploit could allow the attacker to log in by using this account with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3180 |
CVE-2020-3388 | A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated to access the CLI. A successful exploit could allow the attacker to execute commands with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3388 |
CVE-2020-3393 | A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3393 |
CVE-2020-3404 | A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3404 |
CVE-2020-8760 | Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-8760 |
CVE-2021-1529 | A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with root privileges. The vulnerability is due to insufficient input validation by the system CLI. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1529 |
CVE-2021-45342 | A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-45342 |
CVE-2022-28463 | ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28463 |
CVE-2022-32545 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32545 |
CVE-2022-32546 | A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32546 |
CVE-2022-32547 | In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32547 |
CVE-2022-22024 | Windows Fax Service Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22024 |
CVE-2022-22027 | Windows Fax Service Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22027 |
CVE-2022-22031 | Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22031 |
CVE-2022-22034 | Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22034 |
CVE-2022-22043 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22043 |
CVE-2022-22045 | Windows.Devices.Picker.dll Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22045 |
CVE-2022-22047 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22047 |
CVE-2022-22049 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22049 |
CVE-2022-22050 | Windows Fax Service Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22050 |
CVE-2022-30206 | Windows Print Spooler Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30206 |
CVE-2022-30220 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30220 |
CVE-2022-33675 | Azure Site Recovery Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33675 |
CVE-2022-20775 | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20775 |
CVE-2022-20818 | Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20818 |
CVE-2022-45188 | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45188 |
CVE-2023-22809 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22809 |
CVE-2022-45770 | Improper input validation in adgnetworkwfpdrv.sys in Adguard For Windows x86 through 7.11 allows local privilege escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45770 |
CVE-2023-26606 | In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26606 |
CVE-2022-3424 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3424 |
CVE-2023-20035 | A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20035 |
CVE-2023-20065 | A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. \r\n\r This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20065 |
CVE-2023-0664 | A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0664 |
CVE-2023-28464 | hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28464 |
CVE-2023-29491 | ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29491 |
CVE-2023-2008 | A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2008 |
CVE-2023-28528 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28528 |
CVE-2023-23525 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to gain root privileges | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23525 |
CVE-2023-23536 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to execute arbitrary code with kernel privileges | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23536 |
CVE-2023-23540 | The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23540 |
CVE-2023-27936 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27936 |
CVE-2023-27937 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27937 |
CVE-2023-27946 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27946 |
CVE-2023-27949 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27949 |
CVE-2023-27965 | A memory corruption issue was addressed with improved state management. This issue is fixed in Studio Display Firmware Update 16.4, macOS Ventura 13.3. An app may be able to execute arbitrary code with kernel privileges | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27965 |
CVE-2023-27969 | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27969 |
CVE-2023-28181 | The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.7, macOS Ventura 13.3, tvOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28181 |
CVE-2023-30986 | A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30986 |
CVE-2023-27385 | Heap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27385 |
CVE-2022-21804 | Out-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-21804 |
CVE-2022-27180 | Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27180 |
CVE-2022-29508 | Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29508 |
CVE-2022-29919 | Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29919 |
CVE-2022-30338 | Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30338 |
CVE-2022-32576 | Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32576 |
CVE-2022-32578 | Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32578 |
CVE-2022-32766 | Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32766 |
CVE-2022-33894 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33894 |
CVE-2022-33963 | Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33963 |
CVE-2022-34147 | Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34147 |
CVE-2022-34848 | Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34848 |
CVE-2022-34855 | Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34855 |
CVE-2022-36339 | Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36339 |
CVE-2022-36391 | Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36391 |
CVE-2022-38101 | Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38101 |
CVE-2022-38103 | Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38103 |
CVE-2022-38787 | Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38787 |
CVE-2022-40207 | Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40207 |
CVE-2022-40210 | Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40210 |
CVE-2022-40971 | Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40971 |
CVE-2022-40972 | Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40972 |
CVE-2022-41628 | Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41628 |
CVE-2022-41658 | Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41658 |
CVE-2022-41687 | Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41687 |
CVE-2022-41690 | Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41690 |
CVE-2022-41693 | Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41693 |
CVE-2022-41699 | Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41699 |
CVE-2022-41769 | Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41769 |
CVE-2022-41784 | Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41784 |
CVE-2022-41982 | Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41982 |
CVE-2022-41998 | Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41998 |
CVE-2022-43474 | Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43474 |
CVE-2022-43475 | Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43475 |
CVE-2022-44619 | Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44619 |
CVE-2022-46656 | Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46656 |
CVE-2023-22297 | Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22297 |
CVE-2023-22312 | Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22312 |
CVE-2023-22355 | Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22355 |
CVE-2023-22440 | Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22440 |
CVE-2023-22661 | Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22661 |
CVE-2023-23569 | Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23569 |
CVE-2023-23580 | Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23580 |
CVE-2023-23910 | Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23910 |
CVE-2023-27382 | Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27382 |
CVE-2023-28410 | Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28410 |
CVE-2023-31908 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31908 |
CVE-2023-31910 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31910 |
CVE-2023-2629 | Improper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2629 |
CVE-2023-2644 | A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1. This issue affects some unknown processing of the file C:\\Program Files (x86)\\FPSensor\\bin\\DpHost.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-228773 was assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2644 |
CVE-2023-31497 | Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31497 |
CVE-2023-29273 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29273 |
CVE-2023-29274 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29274 |
CVE-2023-29275 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29275 |
CVE-2023-29276 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29276 |
CVE-2023-29278 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29278 |
CVE-2023-29280 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29280 |
CVE-2023-29281 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29281 |
CVE-2023-29282 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29282 |
CVE-2023-29283 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29283 |
CVE-2023-29284 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29284 |
CVE-2023-29285 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29285 |
CVE-2023-25006 | A malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25006 |
CVE-2023-25007 | A malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25007 |
CVE-2023-25008 | A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25008 |
CVE-2023-25009 | A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25009 |
CVE-2023-32700 | LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32700 |
CVE-2021-1620 | A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-1620 |
CVE-2022-31090 | Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-31090 |
CVE-2022-31091 | Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-31091 |
CVE-2023-2703 | Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.\n\n | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-2703 |
CVE-2016-4353 | ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service (abort) via crafted BER data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-4353 |
CVE-2016-4354 | ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data type, which allows remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-4354 |
CVE-2016-4355 | Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 allow remote attackers to cause a denial of service (crash) via crafted BER data, which leads to a buffer overflow. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-4355 |
CVE-2016-4356 | The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-4356 |
CVE-2016-4574 | Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-4574 |
CVE-2016-4579 | Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-4579 |
CVE-2015-6289 | Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2015-6289 |
CVE-2016-8741 | The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-8741 |
CVE-2017-15701 | In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the broker does not properly enforce a maximum frame size in AMQP 1.0 frames. A remote unauthenticated attacker could exploit this to cause the broker to exhaust all available memory and eventually terminate. Older AMQP protocols are not affected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-15701 |
CVE-2018-8740 | In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-8740 |
CVE-2019-12646 | A vulnerability in the Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper processing of transient SIP packets on which NAT is performed on an affected device. An attacker could exploit this vulnerability by using UDP port 5060 to send crafted SIP packets through an affected device that is performing NAT for SIP packets. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12646 |
CVE-2019-12654 | A vulnerability in the common Session Initiation Protocol (SIP) library of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient sanity checks on an internal data structure. An attacker could exploit this vulnerability by sending a sequence of malicious SIP messages to an affected device. An exploit could allow the attacker to cause a NULL pointer dereference, resulting in a crash of the iosd process. This triggers a reload of the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12654 |
CVE-2019-12664 | A vulnerability in the Dialer interface feature for ISDN connections in Cisco IOS XE Software for Cisco 4000 Series Integrated Services Routers (ISRs) could allow an unauthenticated, adjacent attacker to pass IPv4 traffic through an ISDN channel prior to successful PPP authentication. The vulnerability is due to insufficient validation of the state of the PPP IP Control Protocol (IPCP). An attacker could exploit this vulnerability by making an ISDN call to an affected device and sending traffic through the ISDN channel prior to successful PPP authentication. Alternatively, an unauthenticated, remote attacker could exploit this vulnerability by sending traffic through an affected device that is configured to exit via an ISDN connection for which both the Dialer interface and the Basic Rate Interface (BRI) have been configured, but the Challenge Handshake Authentication Protocol (CHAP) password for PPP does not match the remote end. A successful exploit could allow the attacker to pass IPv4 traffic through an unauthenticated ISDN connection for a few seconds, from initial ISDN call setup until PPP authentication fails. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12664 |
CVE-2017-18640 | The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-18640 |
CVE-2020-0597 | Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-0597 |
CVE-2020-3421 | Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-3421 |
CVE-2020-3422 | A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-3422 |
CVE-2020-3479 | A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-3479 |
CVE-2020-8753 | Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8753 |
CVE-2020-8754 | Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8754 |
CVE-2021-1223 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1223 |
CVE-2021-1437 | A vulnerability in the FlexConnect Upgrade feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, remote attacker to obtain confidential information from an affected device. This vulnerability is due to an unrestricted Trivial File Transfer Protocol (TFTP) configuration. An attacker could exploit this vulnerability by sending a specific TFTP request to an affected device. A successful exploit could allow the attacker to download any file from the filesystem of the affected access point (AP). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1437 |
CVE-2021-20309 | A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to system availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20309 |
CVE-2021-20312 | A flaw was found in ImageMagick in versions 7.0.11, where an integer overflow in WriteTHUMBNAILImage of coders/thumbnail.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20312 |
CVE-2021-20313 | A flaw was found in ImageMagick in versions before 7.0.11. A potential cipher leak when the calculate signatures in TransformSignature is possible. The highest threat from this vulnerability is to data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20313 |
CVE-2021-3803 | nth-check is vulnerable to Inefficient Regular Expression Complexity | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3803 |
CVE-2021-41799 | MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). ApiQueryBacklinks (action=query&list=backlinks) can cause a full table scan. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-41799 |
CVE-2021-44858 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44858 |
CVE-2022-20678 | A vulnerability in the AppNav-XE feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of certain TCP segments. An attacker could exploit this vulnerability by sending a stream of crafted TCP traffic at a high rate through an interface of an affected device. That interface would need to have AppNav interception enabled. A successful exploit could allow the attacker to cause the device to reload. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20678 |
CVE-2022-22025 | Windows Internet Information Services Cachuri Module Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22025 |
CVE-2022-22037 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22037 |
CVE-2022-22039 | Windows Network File System Remote Code Execution Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22039 |
CVE-2022-30211 | Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30211 |
CVE-2022-30215 | Active Directory Federation Services Elevation of Privilege Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30215 |
CVE-2022-40468 | Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40468 |
CVE-2022-39957 | The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. A client can issue an HTTP Accept header field containing an optional "charset" parameter in order to receive the response in an encoded form. Depending on the "charset", this response can not be decoded by the web application firewall. A restricted resource, access to which would ordinarily be detected, may therefore bypass detection. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-39957 |
CVE-2022-39958 | The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. A restricted resource, access to which would ordinarily be detected, may be exfiltrated from the backend, despite being protected by a web application firewall that uses CRS. Short subsections of a restricted resource may bypass pattern matching techniques and allow undetected access. The legacy CRS versions 3.0.x and 3.1.x are affected, as well as the currently supported versions 3.2.1 and 3.3.2. Integrators and users are advised to upgrade to 3.2.2 and 3.3.3 respectively and to configure a CRS paranoia level of 3 or higher. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-39958 |
CVE-2022-20848 | A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20848 |
CVE-2022-20919 | A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20919 |
CVE-2022-32287 | A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32287 |
CVE-2022-27497 | Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27497 |
CVE-2023-0662 | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0662 |
CVE-2023-24998 | Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.\n\n\n\n\nNote that, like all of the file upload limits, the\n new configuration option (FileUploadBase#setFileCountMax) is not\n enabled by default and must be explicitly configured.\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24998 |
CVE-2023-23108 | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23108 |
CVE-2023-23109 | In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23109 |
CVE-2021-46877 | jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46877 |
CVE-2023-0210 | A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0210 |
CVE-2023-26116 | Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26116 |
CVE-2023-26117 | Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26117 |
CVE-2023-26118 | Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26118 |
CVE-2023-28625 | mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`.\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28625 |
CVE-2023-28707 | Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28707 |
CVE-2023-28710 | Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28710 |
CVE-2023-26964 | An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26964 |
CVE-2023-29013 | Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29013 |
CVE-2023-30837 | Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30837 |
CVE-2023-27963 | The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27963 |
CVE-2021-31239 | An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-31239 |
CVE-2023-31472 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31472 |
CVE-2021-26406 | Insufficient validation in parsing Owner's\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26406 |
CVE-2021-46749 | Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46749 |
CVE-2021-46763 | Insufficient input validation in the SMU may\nenable a privileged attacker to write beyond the intended bounds of a shared\nmemory buffer potentially leading to a loss of integrity.\n\n\n\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46763 |
CVE-2021-46764 | Improper validation of DRAM addresses in SMU may\nallow an attacker to overwrite sensitive memory locations within the ASP\npotentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46764 |
CVE-2022-23818 | Insufficient input validation on the model\nspecific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest\nmemory integrity.\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23818 |
CVE-2023-20524 | An attacker with a compromised ASP could\npossibly send malformed commands to an ASP on another CPU, resulting in an out\nof bounds write, potentially leading to a loss a loss of integrity.\n\n\n\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20524 |
CVE-2021-46755 | Failure to unmap certain SysHub mappings in\nerror paths of the ASP (AMD Secure Processor) bootloader may allow an attacker\nwith a malicious bootloader to exhaust the SysHub resources resulting in a\npotential denial of service.\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46755 |
CVE-2021-46765 | Insufficient input validation in ASP may allow\nan attacker with a compromised SMM to induce out-of-bounds memory reads within\nthe ASP, potentially leading to a denial of service.\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46765 |
CVE-2021-46794 | Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46794 |
CVE-2023-2156 | A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2156 |
CVE-2023-31478 | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31478 |
CVE-2023-23578 | Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23578 |
CVE-2023-23906 | Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23906 |
CVE-2023-25072 | Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25072 |
CVE-2023-25184 | Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25184 |
CVE-2023-2617 | A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2617 |
CVE-2023-2618 | A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2618 |
CVE-2023-25568 | Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users accepting untrusted connections with the Bitswap server and also affects users using the old API stubs at `github.com/ipfs/go-libipfs/bitswap` because users then transitively import `github.com/ipfs/go-libipfs/bitswap/server`. Boxo versions 0.6.0 and 0.4.1 contain a patch for this issue. As a workaround, those who are using the stub object at `github.com/ipfs/go-libipfs/bitswap` not taking advantage of the features provided by the server can refactor their code to use the new split API that will allow them to run in a client only mode: `github.com/ipfs/go-libipfs/bitswap/client`. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25568 |
CVE-2023-27564 | The n8n package 0.218.0 for Node.js allows Information Disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27564 |
CVE-2022-41985 | An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41985 |
CVE-2022-46377 | An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46377 |
CVE-2022-46378 | An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46378 |
CVE-2023-30351 | Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30351 |
CVE-2023-30356 | Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device with crafted firmware | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30356 |
CVE-2021-45345 | Buffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45345 |
CVE-2022-36329 | An improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36329 |
CVE-2023-30172 | A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30172 |
CVE-2023-31442 | In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not validate (e.g., via TLS) the authenticity of the discovered service, this may result in exfiltration of application data (e.g., persistence events may be published to an unintended Kafka broker). If such validation is performed, then the poisoning constitutes a denial of access to the intended service. This affects Akka 2.5.14 through 2.8.0, and Akka Discovery through 2.8.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31442 |
CVE-2023-31477 | A path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31477 |
CVE-2023-2443 | \nRockwell Automation ThinManager product allows the use of medium strength ciphers. If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2443 |
CVE-2023-27870 | \nIBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27870 |
CVE-2023-32058 | Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32058 |
CVE-2023-28356 | A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28356 |
CVE-2023-32059 | Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32059 |
CVE-2023-29790 | kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29790 |
CVE-2023-2665 | Storage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2665 |
CVE-2023-2666 | Allocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2666 |
CVE-2023-2514 | Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. \n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2514 |
CVE-2023-0812 | The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0812 |
CVE-2023-2180 | The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server) | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2180 |
CVE-2023-31607 | An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31607 |
CVE-2023-31608 | An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31608 |
CVE-2023-31609 | An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31609 |
CVE-2023-31610 | An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31610 |
CVE-2023-31612 | An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31612 |
CVE-2023-31613 | An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31613 |
CVE-2023-31614 | An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31614 |
CVE-2023-31615 | An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31615 |
CVE-2023-31616 | An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31616 |
CVE-2023-31617 | An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31617 |
CVE-2023-31618 | An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31618 |
CVE-2023-31619 | An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31619 |
CVE-2023-31620 | An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31620 |
CVE-2023-31621 | An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31621 |
CVE-2023-31622 | An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31622 |
CVE-2023-31623 | An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31623 |
CVE-2023-31624 | An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31624 |
CVE-2023-31625 | An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31625 |
CVE-2023-31626 | An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31626 |
CVE-2023-31627 | An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31627 |
CVE-2023-31628 | An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31628 |
CVE-2023-31629 | An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31629 |
CVE-2023-31630 | An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31630 |
CVE-2023-31631 | An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31631 |
CVE-2017-5729 | Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-5729 |
CVE-2020-3508 | A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-3508 |
CVE-2020-3511 | A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-3511 |
CVE-2021-1439 | A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco Aironet Series Access Points Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of incoming mDNS traffic. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device through a wireless network that is configured in FlexConnect local switching mode or through a wired network on a configured mDNS VLAN. A successful exploit could allow the attacker to cause the access point (AP) to reboot, resulting in a DoS condition. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-1439 |
CVE-2021-29657 | arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka CID-a58d9166a756. This occurs because of a TOCTOU race condition associated with a VMCB12 double fetch in nested_svm_vmrun. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-29657 |
CVE-2021-1621 | A vulnerability in the Layer 2 punt code of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a queue wedge on an interface that receives specific Layer 2 frames, resulting in a denial of service (DoS) condition. This vulnerability is due to improper handling of certain Layer 2 frames. An attacker could exploit this vulnerability by sending specific Layer 2 frames on the segment the router is connected to. A successful exploit could allow the attacker to cause a queue wedge on the interface, resulting in a DoS condition. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-1621 |
CVE-2021-34740 | A vulnerability in the WLAN Control Protocol (WCP) implementation for Cisco Aironet Access Point (AP) software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect error handling when an affected device receives an unexpected 802.11 frame. An attacker could exploit this vulnerability by sending certain 802.11 frames over the wireless network to an interface on an affected AP. A successful exploit could allow the attacker to cause a packet buffer leak. This could eventually result in buffer allocation failures, which would trigger a reload of the affected device. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-34740 |
CVE-2022-30203 | Windows Boot Manager Security Feature Bypass Vulnerability | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30203 |
CVE-2022-30209 | Windows IIS Server Elevation of Privilege Vulnerability | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30209 |
CVE-2023-0361 | A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0361 |
CVE-2022-22040 | Internet Information Services Dynamic Compression Module Denial of Service Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-22040 |
CVE-2022-21162 | Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21162 |
CVE-2023-27386 | Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27386 |
CVE-2023-24539 | Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-24539 |
CVE-2023-29400 | Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29400 |
CVE-2017-5712 | Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-5712 |
CVE-2020-14663 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-14663 |
CVE-2020-3396 | A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-3396 |
CVE-2021-24142 | Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-24142 |
CVE-2022-33633 | Skype for Business and Lync Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33633 |
CVE-2022-33676 | Azure Site Recovery Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33676 |
CVE-2022-33677 | Azure Site Recovery Elevation of Privilege Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33677 |
CVE-2022-33678 | Azure Site Recovery Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33678 |
CVE-2022-20851 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-20851 |
CVE-2023-1731 | In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1731 |
CVE-2023-31502 | Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-31502 |
CVE-2023-29246 | An attacker who has gained access to an admin account can perform RCE via null-byte injection\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-29246 |
CVE-2023-1207 | This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1207 |
CVE-2023-1549 | The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1549 |
CVE-2023-31842 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-31842 |
CVE-2023-31843 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-31843 |
CVE-2023-31844 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-31844 |
CVE-2023-31845 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-31845 |
CVE-2023-2548 | The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-2548 |
CVE-2020-3264 | A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-3264 |
CVE-2022-22022 | Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-22022 |
CVE-2022-30225 | Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30225 |
CVE-2022-30226 | Windows Print Spooler Elevation of Privilege Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30226 |
CVE-2022-20850 | A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20850 |
CVE-2023-1838 | A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1838 |
CVE-2021-26397 | Insufficient address validation, may allow an\nattacker with a compromised ABL and UApp to corrupt sensitive memory locations\npotentially resulting in a loss of integrity or availability.\n\n\n\n\n\n\n\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-26397 |
CVE-2023-22442 | Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22442 |
CVE-2022-22036 | Performance Counters for Windows Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-22036 |
CVE-2022-30202 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30202 |
CVE-2022-30224 | Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30224 |
CVE-2019-0092 | Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-0092 |
CVE-2020-3524 | A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3524 |
CVE-2022-22041 | Windows Print Spooler Elevation of Privilege Vulnerability | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22041 |
CVE-2022-28697 | Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28697 |
CVE-2021-46775 | Improper input validation in ABL may enable an\nattacker with physical access, to perform arbitrary memory overwrites,\npotentially leading to a loss of integrity and code execution.\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46775 |
CVE-2020-3214 | A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to escalate their privileges to a user with root-level privileges. The vulnerability is due to insufficient validation of user-supplied content. This vulnerability could allow an attacker to load malicious software onto an affected device. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-3214 |
CVE-2020-3423 | A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-3423 |
CVE-2020-8757 | Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-8757 |
CVE-2021-1449 | A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated, local attacker to execute unsigned code at boot time. The vulnerability is due to an improper check that is performed by the area of code that manages system startup processes. An attacker could exploit this vulnerability by modifying a specific file that is stored on the system, which would allow the attacker to bypass existing protections. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. Note: To exploit this vulnerability, the attacker would need to have access to the development shell (devshell) on the device. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-1449 |
CVE-2021-34723 | A vulnerability in a specific CLI command that is run on Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the configuration database of an affected device. This vulnerability is due to insufficient validation of specific CLI command parameters. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of the configuration database and gain root-level access to an affected device. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-34723 |
CVE-2021-34725 | A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to an affected device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root-level privileges. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-34725 |
CVE-2022-20677 | Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications without being authenticated, or conduct a cross-site scripting (XSS) attack against a user of the affected software. For more information about these vulnerabilities, see the Details section of this advisory. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20677 |
CVE-2021-33159 | Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-33159 |
CVE-2023-2250 | A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-2250 |
CVE-2023-27933 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-27933 |
CVE-2022-42465 | Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-42465 |
CVE-2023-25545 | Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-25545 |
CVE-2023-20699 | In adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696073; Issue ID: ALPS07696073. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20699 |
CVE-2023-20700 | In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643304; Issue ID: ALPS07643304. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20700 |
CVE-2023-20701 | In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643270; Issue ID: ALPS07643270. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20701 |
CVE-2023-20707 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20707 |
CVE-2023-20708 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20708 |
CVE-2023-20718 | In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20718 |
CVE-2023-20720 | In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20720 |
CVE-2023-20721 | In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20721 |
CVE-2023-20722 | In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07771518; Issue ID: ALPS07680084. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20722 |
CVE-2021-1371 | A vulnerability in the role-based access control of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker with read-only privileges to obtain administrative privileges by using the console port when the device is in the default SD-WAN configuration. This vulnerability occurs because the default configuration is applied for console authentication and authorization. An attacker could exploit this vulnerability by connecting to the console port and authenticating as a read-only user. A successful exploit could allow a user with read-only permissions to access administrative privileges. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-1371 |
CVE-2022-22023 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-22023 |
CVE-2022-30205 | Windows Group Policy Elevation of Privilege Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-30205 |
CVE-2022-30214 | Windows DNS Server Remote Code Execution Vulnerability | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-30214 |
CVE-2019-9568 | The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delete permission. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-9568 |
CVE-2020-14619 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-14619 |
CVE-2020-3372 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability is due to inefficient memory management. An attacker could exploit this vulnerability by sending a large number of crafted HTTP requests to the affected web-based management interface. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and could result in a DoS condition. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-3372 |
CVE-2020-3401 | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to the affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-3401 |
CVE-2020-3428 | A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-3428 |
CVE-2020-3465 | A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-3465 |
CVE-2020-8746 | Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8746 |
CVE-2020-35933 | A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in the Newsletter plugin before 6.8.2 for WordPress allows remote attackers to trick a victim into submitting a tnpc_render AJAX request containing either JavaScript in an options parameter, or a base64-encoded JSON string containing JavaScript in the encoded_options parameter. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-35933 |
CVE-2021-34703 | A vulnerability in the Link Layer Discovery Protocol (LLDP) message parser of Cisco IOS Software and Cisco IOS XE Software could allow an attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. This vulnerability is due to improper initialization of a buffer. An attacker could exploit this vulnerability via any of the following methods: An authenticated, remote attacker could access the LLDP neighbor table via either the CLI or SNMP while the device is in a specific state. An unauthenticated, adjacent attacker could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then waiting for an administrator of the device or a network management system (NMS) managing the device to retrieve the LLDP neighbor table of the device via either the CLI or SNMP. An authenticated, adjacent attacker with SNMP read-only credentials or low privileges on the device CLI could corrupt the LLDP neighbor table by injecting specific LLDP frames into the network and then accessing the LLDP neighbor table via either the CLI or SNMP. A successful exploit could allow the attacker to cause the affected device to crash, resulting in a reload of the device. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-34703 |
CVE-2021-44857 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=mcrundo followed by action=mcrrestore to replace the content of any arbitrary page (that the user doesn't have edit rights for). This applies to any public wiki, or a private wiki that has at least one page set in $wgWhitelistRead. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44857 |
CVE-2022-22042 | Windows Hyper-V Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22042 |
CVE-2022-30181 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30181 |
CVE-2022-30208 | Windows Security Account Manager (SAM) Denial of Service Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30208 |
CVE-2022-33637 | Microsoft Defender for Endpoint Tampering Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33637 |
CVE-2022-33641 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33641 |
CVE-2022-33643 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33643 |
CVE-2022-33655 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33655 |
CVE-2022-33656 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33656 |
CVE-2022-33657 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33657 |
CVE-2022-33661 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33661 |
CVE-2022-33662 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33662 |
CVE-2022-33663 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33663 |
CVE-2022-33665 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33665 |
CVE-2022-33666 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33666 |
CVE-2022-33667 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33667 |
CVE-2022-33672 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33672 |
CVE-2022-33673 | Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33673 |
CVE-2022-38749 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38749 |
CVE-2022-38751 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38751 |
CVE-2022-38752 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38752 |
CVE-2022-2850 | A flaw was found In 389-ds-base. When the Content Synchronization plugin is enabled, an authenticated user can reach a NULL pointer dereference using a specially crafted query. This flaw allows an authenticated attacker to cause a denial of service. This CVE is assigned against an incomplete fix of CVE-2021-3514. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2850 |
CVE-2022-25147 | Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25147 |
CVE-2023-21807 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21807 |
CVE-2023-23396 | Microsoft Excel Denial of Service Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23396 |
CVE-2023-20066 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security configuration. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to files that are outside the filesystem mountpoint of the web UI. Note: These files are located on a restricted filesystem that is maintained for the web UI. There is no ability to write to any files on this filesystem. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20066 |
CVE-2023-28859 | redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28859 |
CVE-2022-40302 | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40302 |
CVE-2022-40318 | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40318 |
CVE-2022-43681 | An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43681 |
CVE-2023-27954 | The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27954 |
CVE-2023-28182 | The issue was addressed with improved authentication. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28182 |
CVE-2023-23901 | Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23901 |
CVE-2023-24586 | Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24586 |
CVE-2023-25070 | Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25070 |
CVE-2023-32573 | In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32573 |
CVE-2022-40685 | Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40685 |
CVE-2023-27562 | The n8n package 0.218.0 for Node.js allows Directory Traversal. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27562 |
CVE-2023-31555 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31555 |
CVE-2023-31556 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31556 |
CVE-2023-31150 | \nA Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31150 |
CVE-2023-2646 | A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2646 |
CVE-2023-28325 | An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28325 |
CVE-2023-28361 | A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28361 |
CVE-2023-23169 | Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23169 |
CVE-2022-47393 | An authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47393 |
CVE-2023-2179 | The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2179 |
CVE-2023-27945 | This issue was addressed with improved entitlements. This issue is fixed in macOS Monterey 12.6.6, Xcode 14.3, macOS Big Sur 11.7.7. A sandboxed app may be able to collect system logs | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27945 |
CVE-2016-2279 | Cross-site scripting (XSS) vulnerability in the web server in Rockwell Automation Allen-Bradley CompactLogix 1769-L* before 28.011+ allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-2279 |
CVE-2019-9567 | The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-9567 |
CVE-2018-8035 | This vulnerability relates to the user's browser processing of DUCC webpage input data.The javascript comprising Apache UIMA DUCC (<= 2.2.2) which runs in the user's browser does not sufficiently filter user supplied inputs, which may result in unintended execution of user supplied javascript code. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-8035 |
CVE-2015-9305 | The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-9305 |
CVE-2016-10878 | The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2016-10878 |
CVE-2020-11515 | The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-11515 |
CVE-2021-41798 | MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-41798 |
CVE-2022-28202 | An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28202 |
CVE-2022-34911 | An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34911 |
CVE-2022-34912 | An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34912 |
CVE-2022-22048 | BitLocker Security Feature Bypass Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-22048 |
CVE-2023-23313 | Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23313 |
CVE-2021-46759 | Improper syscall input validation in AMD TEE\n(Trusted Execution Environment) may allow an attacker with physical access and\ncontrol of a Uapp that runs under the bootloader to reveal the contents of the\nASP (AMD Secure Processor) bootloader accessible memory to a serial port,\nresulting in a potential loss of integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46759 |
CVE-2023-27918 | Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27918 |
CVE-2023-30777 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30777 |
CVE-2023-32070 | XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-32070 |
CVE-2023-30256 | Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30256 |
CVE-2023-2657 | A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2657 |
CVE-2023-25309 | Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25309 |
CVE-2023-30394 | MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30394 |
CVE-2023-29791 | kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29791 |
CVE-2023-28358 | A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28358 |
CVE-2021-39036 | IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-39036 |
CVE-2023-29808 | Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29808 |
CVE-2023-2667 | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-228883. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2667 |
CVE-2023-2671 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2671 |
CVE-2023-27237 | LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27237 |
CVE-2023-2692 | A vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2692 |
CVE-2023-22703 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP Contact Form plugin <= 3.1.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22703 |
CVE-2023-22706 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.48 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22706 |
CVE-2023-0644 | The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0644 |
CVE-2023-1596 | The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1596 |
CVE-2023-1835 | The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1835 |
CVE-2023-1890 | The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1890 |
CVE-2023-1915 | The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1915 |
CVE-2020-3503 | A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2020-3503 |
CVE-2021-34724 | A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to elevate privileges and execute arbitrary code on the underlying operating system as the root user. An attacker must be authenticated on an affected device as a PRIV15 user. This vulnerability is due to insufficient file system protection and the presence of a sensitive file in the bootflash directory on an affected device. An attacker could exploit this vulnerability by overwriting an installer file stored in the bootflash directory with arbitrary commands that can be executed with root-level privileges. A successful exploit could allow the attacker to read and write changes to the configuration database on the affected device. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2021-34724 |
CVE-2023-20098 | A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.\r\n\r This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-20098 |
CVE-2016-3094 | PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker is configured to allow plaintext passwords, allows remote attackers to cause a denial of service (broker termination) via a crafted authentication attempt, which triggers an uncaught exception. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2016-3094 |
CVE-2016-6153 | os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2016-6153 |
CVE-2022-22028 | Windows Network File System Information Disclosure Vulnerability | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-22028 |
CVE-2023-20081 | A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-20081 |
CVE-2021-46792 | Time-of-check Time-of-use (TOCTOU) in the\nBIOS2PSP command may allow an attacker with a malicious BIOS to create a race\ncondition causing the ASP bootloader to perform out-of-bounds SRAM reads upon\nan S3 resume event potentially leading to a denial of service.\n\n\n\n\n | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-46792 |
CVE-2020-3299 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload. | 5.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3299 |
CVE-2022-22711 | Windows BitLocker Information Disclosure Vulnerability | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-22711 |
CVE-2022-30223 | Windows Hyper-V Information Disclosure Vulnerability | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30223 |
CVE-2020-14643 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-14643 |
CVE-2020-14651 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-14651 |
CVE-2021-20176 | A divide-by-zero flaw was found in ImageMagick 6.9.11-57 and 7.0.10-57 in gem.c. This flaw allows an attacker who submits a crafted file that is processed by ImageMagick to trigger undefined behavior through a division by zero. The highest threat from this vulnerability is to system availability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20176 |
CVE-2021-20241 | A flaw was found in ImageMagick in coders/jp2.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20241 |
CVE-2021-20243 | A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20243 |
CVE-2021-20244 | A flaw was found in ImageMagick in MagickCore/visual-effects.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20244 |
CVE-2021-20245 | A flaw was found in ImageMagick in coders/webp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20245 |
CVE-2021-20246 | A flaw was found in ImageMagick in MagickCore/resample.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. The highest threat from this vulnerability is to system availability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20246 |
CVE-2021-45343 | In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45343 |
CVE-2022-20717 | A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient memory management when an affected device receives large amounts of traffic. An attacker could exploit this vulnerability by sending malicious traffic to an affected device. A successful exploit could allow the attacker to cause the device to crash, resulting in a DoS condition. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20717 |
CVE-2022-30213 | Windows GDI+ Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30213 |
CVE-2022-30944 | Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30944 |
CVE-2022-38750 | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38750 |
CVE-2022-41104 | Microsoft Excel Security Feature Bypass Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41104 |
CVE-2022-47927 | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47927 |
CVE-2023-2426 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2426 |
CVE-2023-23527 | The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Ventura 13.3, tvOS 16.4, macOS Monterey 12.6.4. A user may gain access to protected parts of the file system | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23527 |
CVE-2023-23533 | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to modify protected parts of the file system | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23533 |
CVE-2023-23534 | The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23534 |
CVE-2023-23535 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.6, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23535 |
CVE-2023-23537 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, watchOS 9.4, macOS Ventura 13.3. An app may be able to read sensitive location information | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23537 |
CVE-2023-23542 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to access user-sensitive data | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23542 |
CVE-2023-27929 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, macOS Ventura 13.3. Processing a maliciously crafted image may result in disclosure of process memory | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27929 |
CVE-2023-27931 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.3, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27931 |
CVE-2023-27932 | This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27932 |
CVE-2023-27941 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27941 |
CVE-2023-27942 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27942 |
CVE-2023-27943 | This issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Files downloaded from the internet may not have the quarantine flag applied | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27943 |
CVE-2023-27951 | The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An archive may be able to bypass Gatekeeper | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27951 |
CVE-2023-27955 | The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to read arbitrary files | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27955 |
CVE-2023-27956 | The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27956 |
CVE-2023-27961 | Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5, watchOS 9.4, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27961 |
CVE-2023-27962 | A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to modify protected parts of the file system | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27962 |
CVE-2023-28178 | A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. An app may be able to bypass Privacy preferences | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28178 |
CVE-2023-28189 | The issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3. An app may be able to view sensitive information | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28189 |
CVE-2023-28192 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. An app may be able to read sensitive location information | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28192 |
CVE-2023-28200 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3. An app may be able to disclose kernel memory | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28200 |
CVE-2023-30985 | A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426) | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30985 |
CVE-2022-4008 | In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4008 |
CVE-2022-21239 | Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21239 |
CVE-2022-25976 | Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25976 |
CVE-2022-37327 | Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-37327 |
CVE-2022-37409 | Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-37409 |
CVE-2022-38087 | Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38087 |
CVE-2022-40974 | Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40974 |
CVE-2022-41610 | Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41610 |
CVE-2022-41621 | Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41621 |
CVE-2022-41646 | Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41646 |
CVE-2022-41771 | Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41771 |
CVE-2022-41801 | Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41801 |
CVE-2022-41808 | Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41808 |
CVE-2022-42878 | Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42878 |
CVE-2022-43465 | Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43465 |
CVE-2022-45128 | Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45128 |
CVE-2022-46279 | Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46279 |
CVE-2022-46645 | Uncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46645 |
CVE-2023-22379 | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22379 |
CVE-2023-22443 | Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22443 |
CVE-2023-23909 | Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23909 |
CVE-2023-25175 | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25175 |
CVE-2023-25179 | Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25179 |
CVE-2023-25771 | Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25771 |
CVE-2023-25772 | Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25772 |
CVE-2023-28411 | Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28411 |
CVE-2023-31554 | xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readPageLabelTree2(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31554 |
CVE-2023-31557 | xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readEmbeddedFileTree(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31557 |
CVE-2023-32076 | in-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the files read is `.in_totorc` which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an `.in_totorc` file that includes the necessary exclude patterns and settings. RC files are widely used in other systems and security issues have been discovered in their implementations as well. Maintainers found in their conversations with in-toto adopters that `in_totorc` is not their preferred way to configure in-toto. As none of the options supported in `in_totorc` is unique, and can be set elsewhere using API parameters or CLI arguments, the maintainers decided to drop support for `in_totorc`. in-toto's `user_settings` module has been dropped altogether in commit 3a21d84f40811b7d191fa7bd17265c1f99599afd. Users may also sandbox functionary code as a security measure. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32076 |
CVE-2022-29840 | Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This issue affects My Cloud OS 5 devices before 5.26.202.\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29840 |
CVE-2023-32668 | LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. This occurs because full access to the socket library is permitted by default, as stated in the documentation. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32668 |
CVE-2023-2662 | In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2662 |
CVE-2023-2663 | In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2663 |
CVE-2023-2664 | In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2664 |
CVE-2023-29277 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29277 |
CVE-2023-29279 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29279 |
CVE-2023-29286 | Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29286 |
CVE-2023-29820 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29820 |
CVE-2023-31913 | Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31913 |
CVE-2023-31914 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31914 |
CVE-2023-31916 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31916 |
CVE-2023-31918 | Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31918 |
CVE-2023-31919 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31919 |
CVE-2023-31920 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31920 |
CVE-2023-31921 | Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31921 |
CVE-2023-20703 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767853; Issue ID: ALPS07767853. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20703 |
CVE-2023-20704 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20704 |
CVE-2023-20705 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20705 |
CVE-2023-20706 | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767860; Issue ID: ALPS07767860. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20706 |
CVE-2019-14792 | The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-14792 |
CVE-2020-9334 | A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress. Successful exploitation of this vulnerability would allow a authenticated low-privileged user to inject arbitrary JavaScript code that is viewed by other users. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-9334 |
CVE-2021-36871 | Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-36871 |
CVE-2021-44855 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. There is Blind Stored XSS via a URL to the Upload Image feature. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-44855 |
CVE-2023-23878 | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23878 |
CVE-2023-30860 | WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30860 |
CVE-2021-31711 | Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-31711 |
CVE-2023-25834 | Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25834 |
CVE-2023-32066 | Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-32066 |
CVE-2023-25833 | There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25833 |
CVE-2023-31153 | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31153 |
CVE-2023-31154 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31154 |
CVE-2023-31155 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31155 |
CVE-2023-31156 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31156 |
CVE-2023-31157 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31157 |
CVE-2023-31158 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31158 |
CVE-2023-31159 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31159 |
CVE-2023-31160 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\n\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31160 |
CVE-2023-31163 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31163 |
CVE-2023-31164 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31164 |
CVE-2023-31165 | \nAn Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.\n\n\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31165 |
CVE-2023-22720 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22720 |
CVE-2023-28520 | IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28520 |
CVE-2023-2678 | A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228892. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2678 |
CVE-2023-29983 | Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29983 |
CVE-2023-23867 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin <= 0.8.6 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23867 |
CVE-2023-2691 | A vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2691 |
CVE-2023-22717 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in nCrafts FormCraft plugin <= 1.2.6 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22717 |
CVE-2023-23688 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23688 |
CVE-2023-0233 | The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0233 |
CVE-2023-0490 | The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0490 |
CVE-2023-0520 | The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection means an attacker can trick a logged in admin to perform the attack by submitting a hidden form. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0520 |
CVE-2023-1019 | The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1019 |
CVE-2023-23676 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23676 |
CVE-2023-23641 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <= 1.4.3 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23641 |
CVE-2023-23657 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin <= 2.1.9 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23657 |
CVE-2023-23703 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <= 2.1.7 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23703 |
CVE-2023-23709 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Denis WPJAM Basic plugin <= 6.2.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23709 |
CVE-2023-2730 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2730 |
CVE-2016-0753 | Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2016-0753 |
CVE-2019-12413 | In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-12413 |
CVE-2019-12414 | In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-12414 |
CVE-2020-3315 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-3315 |
CVE-2021-1224 | Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-1224 |
CVE-2021-1236 | Multiple Cisco products are affected by a vulnerability in the Snort application detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. The vulnerability is due to a flaw in the detection algorithm. An attacker could exploit this vulnerability by sending crafted packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-1236 |
CVE-2021-1495 | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-1495 |
CVE-2021-41800 | MediaWiki before 1.36.2 allows a denial of service (resource consumption because of lengthy query processing time). Visiting Special:Contributions can sometimes result in a long running SQL query because PoolCounter protection is mishandled. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-41800 |
CVE-2021-45038 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-45038 |
CVE-2021-44854 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-44854 |
CVE-2021-44856 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. A title blocked by AbuseFilter can be created via Special:ChangeContentModel due to the mishandling of the EditFilterMergedContent hook return value. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-44856 |
CVE-2022-41765 | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41765 |
CVE-2022-41767 | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. When changes made by an IP address are reassigned to a user (using reassignEdits.php), the changes will still be attributed to the IP address on Special:Contributions when doing a range lookup. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41767 |
CVE-2023-27919 | Authentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27919 |
CVE-2023-2310 | A Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.\n\nSee the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2310 |
CVE-2023-29986 | spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29986 |
CVE-2023-31445 | Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-31445 |
CVE-2023-28359 | A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28359 |
CVE-2023-28936 | Attacker can access arbitrary recording/room\n\nVendor: The Apache Software Foundation\n\nVersions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28936 |
CVE-2020-14597 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-14597 |
CVE-2020-14614 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-14614 |
CVE-2020-14620 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-14620 |
CVE-2020-14623 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-14623 |
CVE-2020-14624 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-14624 |
CVE-2020-14631 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-14631 |
CVE-2020-14654 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-14654 |
CVE-2020-14656 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-14656 |
CVE-2022-33642 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33642 |
CVE-2022-33650 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33650 |
CVE-2022-33651 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33651 |
CVE-2022-33652 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33652 |
CVE-2022-33653 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33653 |
CVE-2022-33654 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33654 |
CVE-2022-33658 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33658 |
CVE-2022-33659 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33659 |
CVE-2022-33660 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33660 |
CVE-2022-33664 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33664 |
CVE-2022-33668 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33668 |
CVE-2022-33669 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33669 |
CVE-2022-33671 | Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-33671 |
CVE-2023-31473 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-31473 |
CVE-2023-27863 | IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-27863 |
CVE-2019-16010 | A vulnerability in the web UI of the Cisco SD-WAN vManage software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the vManage software. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16010 |
CVE-2021-24705 | The NEX-Forms WordPress plugin before 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow attackers to make a logged in admin edit arbitrary forms with Cross-Site Scripting payloads in them | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-24705 |
CVE-2023-2630 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2630 |
CVE-2023-0007 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.\n | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0007 |
CVE-2023-2490 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2490 |
CVE-2023-22685 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22685 |
CVE-2023-23810 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23810 |
CVE-2023-25460 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25460 |
CVE-2023-25958 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25958 |
CVE-2023-28414 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <= 1.3.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28414 |
CVE-2023-22684 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Subscribers.Com Subscribers plugin <= 1.5.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22684 |
CVE-2023-22690 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.775 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22690 |
CVE-2023-23654 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SparkPost plugin <= 3.2.5 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23654 |
CVE-2023-23674 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOLA WP Original Media Path plugin <= 2.4.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23674 |
CVE-2023-23683 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ozan Canakli White Label Branding for Elementor Page Builder plugin <= 1.0.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23683 |
CVE-2023-0892 | The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0892 |
CVE-2023-1839 | The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1839 |
CVE-2023-23682 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Maintenance Mode plugin <= 1.0.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23682 |
CVE-2023-2009 | Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2009 |
CVE-2023-23673 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Harish Chouhan, Themeist I Recommend This plugin <= 3.8.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23673 |
CVE-2023-23727 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23727 |
CVE-2023-23720 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) plugin <= 2.3.13 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23720 |
CVE-2022-21845 | Windows Kernel Information Disclosure Vulnerability | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-21845 |
CVE-2022-30187 | Azure Storage Library Information Disclosure Vulnerability | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30187 |
CVE-2022-30212 | Windows Connected Devices Platform Service Information Disclosure Vulnerability | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30212 |
CVE-2020-12356 | Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-12356 |
CVE-2021-1423 | A vulnerability in the implementation of a CLI command in Cisco Aironet Access Points (AP) could allow an authenticated, local attacker to overwrite files in the flash memory of the device. This vulnerability is due to insufficient input validation for a specific command. An attacker could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to overwrite or create files with data that is already present in other files that are hosted on the affected device. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-1423 |
CVE-2022-32582 | Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-32582 |
CVE-2023-22447 | Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22447 |
CVE-2023-23573 | Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23573 |
CVE-2023-24475 | Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24475 |
CVE-2023-25776 | Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25776 |
CVE-2023-0008 | A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.\n\n | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0008 |
CVE-2023-20697 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-20697 |
CVE-2023-20698 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589144; Issue ID: ALPS07589144. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-20698 |
CVE-2023-20709 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576951; Issue ID: ALPS07576951. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-20709 |
CVE-2023-20710 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576935; Issue ID: ALPS07576935. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-20710 |
CVE-2023-20711 | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581668; Issue ID: ALPS07581668. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-20711 |
CVE-2023-20719 | In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-20719 |
CVE-2019-0094 | Insufficient input validation vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable denial of service via adjacent network access. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-0094 |
CVE-2020-3378 | A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted input that includes SQL statements to an affected system. A successful exploit could allow the attacker to modify entries in some database tables, affecting the integrity of the data. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-3378 |
CVE-2023-31162 | An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-31162 |
CVE-2023-31166 | An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.\n\nSee SEL Service Bulletin dated 2022-11-15 for more details. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-31166 |
CVE-2023-32075 | The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-32075 |
CVE-2023-29195 | Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29195 |
CVE-2023-32082 | etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-32082 |
CVE-2023-28357 | A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28357 |
CVE-2023-28360 | An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28360 |
CVE-2023-2674 | Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2674 |
CVE-2023-0761 | The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0761 |
CVE-2023-0762 | The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0762 |
CVE-2023-0763 | The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0763 |
CVE-2023-31151 | An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-31151 |
CVE-2023-20717 | In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185. | 4.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-20717 |
CVE-2023-28858 | redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28858 |
CVE-2023-21968 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-21968 |
CVE-2021-39212 | ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />. | 3.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-39212 |
CVE-2023-23543 | The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A sandboxed app may be able to determine which app is currently using the camera | 3.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-23543 |
CVE-2023-28473 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28473 |
CVE-2023-27928 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, macOS Big Sur 11.7.5, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27928 |
CVE-2022-35798 | Azure Arc Jumpstart Information Disclosure Vulnerability | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-35798 |
CVE-2008-4128 | Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-4128 |
CVE-2012-6497 | The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-6497 |
CVE-2013-4389 | Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-4389 |
CVE-2013-4348 | The skb_flow_dissect function in net/core/flow_dissector.c in the Linux kernel through 3.12 allows remote attackers to cause a denial of service (infinite loop) via a small value in the IHL field of a packet with IPIP encapsulation. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-4348 |
CVE-2013-4563 | The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-4563 |
CVE-2014-2672 | Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-2672 |
CVE-2014-2706 | Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-2706 |
CVE-2014-5077 | The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-5077 |
CVE-2014-6418 | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via crafted data from the IP address of a Ceph Monitor. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-6418 |
CVE-2014-9087 | Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-9087 |
CVE-2023-32784 | In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32784 |
CVE-2023-1729 | A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1729 |
CVE-2023-2721 | Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2721 |
CVE-2023-2722 | Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2722 |
CVE-2023-2723 | Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2723 |
CVE-2023-2724 | Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2724 |
CVE-2023-2725 | Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2725 |
CVE-2023-2726 | Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2726 |
CVE-2021-27131 | Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-27131 |
CVE-2023-27742 | IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27742 |
CVE-2023-29927 | Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29927 |
CVE-2023-30189 | Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook(). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30189 |
CVE-2023-30281 | Insecure permissions in the ps_customer table of Prestashop scquickaccounting before v3.7.3 allows attackers to access sensitive information stored in the component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30281 |
CVE-2023-31544 | A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31544 |
CVE-2023-31677 | Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31677 |
CVE-2023-31678 | Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31678 |
CVE-2023-31679 | Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31679 |
CVE-2023-25394 | Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25394 |
CVE-2023-2528 | The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2528 |
CVE-2023-30452 | The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30452 |
CVE-2023-31848 | davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31848 |
CVE-2022-42336 | Mishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of how many threads require SSBD active in order to coordinate it, such logic relies on using a per-core counter of threads that have SSBD active. When running on the mentioned hardware, it's possible for a guest to under or overflow the thread counter, because each write to VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that does the per-core active accounting. Underflowing the counter causes the value to get saturated, and thus attempts for guests running on the same core to set SSBD won't have effect because the hypervisor assumes it's already active. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-42336 |
CVE-2022-45144 | Algoo Tracim before 4.4.2 allows XSS via HTML file upload. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45144 |
CVE-2023-1763 | Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1763 |
CVE-2023-1764 | Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1764 |
CVE-2023-31847 | In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31847 |
CVE-2023-2608 | The Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries leading to resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. Version 3.3.18 addresses the SQL Injection, which drastically reduced the severity. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2608 |
CVE-2023-2706 | The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social engineering or reconnaissance. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2706 |
CVE-2023-2509 | A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2509 |
CVE-2023-0863 | Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0863 |
CVE-2023-0864 | Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0864 |
CVE-2023-2752 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2752 |
CVE-2023-2753 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2753 |
CVE-2023-2745 | WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2745 |
CVE-2023-31208 | Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31208 |
CVE-2023-2756 | SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2756 |
CVE-2023-2679 | Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2679 |
CVE-2023-30438 | An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30438 |
CVE-2023-31698 | Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31698 |
CVE-2023-31699 | ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31699 |
CVE-2023-31702 | SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31702 |
CVE-2023-31703 | Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31703 |
CVE-2023-31902 | RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31902 |
CVE-2023-31903 | GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31903 |
CVE-2023-31904 | savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31904 |
CVE-2023-31700 | TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31700 |
CVE-2023-31701 | TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31701 |
CVE-2023-31722 | There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31722 |
CVE-2023-31723 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31723 |
CVE-2023-31724 | yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31724 |
CVE-2023-31725 | yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31725 |
CVE-2023-22348 | Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22348 |
CVE-2023-2765 | A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2765 |
CVE-2023-2766 | A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2766 |
CVE-2023-2768 | A vulnerability was found in Sucms 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_ads.php?action=add. The manipulation of the argument intro leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229274 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2768 |
CVE-2023-24805 | cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24805 |
CVE-2023-26044 | react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the RequestBodyBufferMiddleware with very large settings. This might lead to consuming large amounts of CPU time for processing requests and significantly delay or slow down the processing of legitimate user requests. This issue has been addressed in release 1.9.0. Users are advised to upgrade. Users unable to upgrade may keep the request body limited using RequestBodyBufferMiddleware with a sensible value which should mitigate the issue. An infrastructure or DevOps workaround could be to place a reverse proxy in front of the ReactPHP HTTP server to filter out any excessive HTTP request bodies.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26044 |
CVE-2023-2769 | A vulnerability classified as critical has been found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229275. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2769 |
CVE-2023-2770 | A vulnerability classified as critical was found in SourceCodester Online Exam System 1.0. This vulnerability affects unknown code of the file /kelasdosen/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229276. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2770 |
CVE-2023-31135 | Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph <v23.0.0 are affected. Attackers must have access to the system the logs are stored on. Dgraph users should upgrade to v23.0.0. Users unable to upgrade should store existing audit logs in a secure location and for extra security, encrypt using an external tool like `gpg`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31135 |
CVE-2023-2771 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Exam System 1.0. This issue affects some unknown processing of the file /jurusanmatkul/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229277 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2771 |
CVE-2023-2772 | A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-229278 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2772 |
CVE-2023-2773 | A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2773 |
CVE-2023-27233 | Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27233 |
CVE-2023-29837 | Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29837 |
CVE-2023-2774 | A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2774 |
CVE-2023-2775 | A vulnerability was found in code-projects Bus Dispatch and Information System 1.0. It has been classified as critical. This affects an unknown part of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229281 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2775 |
CVE-2023-2776 | A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2776 |
CVE-2023-30191 | PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent(). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30191 |
CVE-2023-32767 | The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32767 |
CVE-2023-2780 | Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2780 |
CVE-2023-1972 | A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1972 |
CVE-2023-2203 | A flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2203 |
CVE-2023-2491 | A flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2491 |
CVE-2023-2731 | A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2731 |
CVE-2023-1859 | A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1859 |
CVE-2023-2295 | A vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2295 |
CVE-2023-2319 | It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2319 |
CVE-2022-4870 | In affected versions of Octopus Deploy it is possible to discover network details via error message | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4870 |
CVE-2023-29985 | Sourcecodester Student Study Center Desk Management System v1.0 admin\\reports\\index.php#date_from has a SQL Injection vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29985 |
CVE-2023-30124 | LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30124 |
CVE-2023-29857 | An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29857 |
CVE-2023-31729 | TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31729 |
CVE-2023-20003 | A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20003 |
CVE-2023-20024 | Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20024 |
CVE-2023-20077 | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20077 |
CVE-2023-20087 | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20087 |
CVE-2023-20106 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20106 |
CVE-2023-20110 | A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20110 |
CVE-2023-20156 | Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20156 |
CVE-2023-20157 | Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20157 |
CVE-2023-20158 | Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20158 |
CVE-2023-20159 | Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20159 |
CVE-2023-20160 | Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20160 |
CVE-2023-20161 | Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20161 |
CVE-2023-20162 | Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20162 |
CVE-2023-20163 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20163 |
CVE-2023-20164 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20164 |
CVE-2023-20166 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20166 |
CVE-2023-20167 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20167 |
CVE-2023-20171 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20171 |
CVE-2023-20172 | Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20172 |
CVE-2023-20173 | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20173 |
CVE-2023-20174 | Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20174 |
CVE-2023-20182 | Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20182 |
CVE-2023-20183 | Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20183 |
CVE-2023-20184 | Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20184 |
CVE-2023-20189 | Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20189 |
CVE-2023-27217 | A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27217 |
CVE-2023-2757 | The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to access functions to save plugin data that can potentially lead to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2757 |
CVE-2019-25137 | Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx. | – | https://nvd.nist.gov/vuln/detail/CVE-2019-25137 |
CVE-2023-33203 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33203 |
CVE-2023-33204 | sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33204 |
CVE-2023-28369 | Brother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28369 |
CVE-2023-30487 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30487 |
CVE-2023-30868 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30868 |
CVE-2022-45450 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45450 |
CVE-2022-45452 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45452 |
CVE-2022-45453 | TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45453 |
CVE-2022-45457 | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45457 |
CVE-2022-45458 | Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45458 |
CVE-2022-45459 | Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45459 |
CVE-2022-4418 | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4418 |
CVE-2023-31233 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31233 |
CVE-2023-32515 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32515 |
CVE-2022-47157 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don Benjamin WP Custom Fields Search plugin <= 1.2.34 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47157 |
CVE-2023-23667 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in BeRocket Brands for WooCommerce plugin <= 3.7.0.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23667 |
CVE-2023-23999 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23999 |
CVE-2023-25698 | Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25698 |
CVE-2023-27423 | Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27423 |
CVE-2023-27430 | Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27430 |
CVE-2023-2782 | Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2782 |
CVE-2023-30780 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TheGuideX User IP and Location plugin <= 2.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30780 |
CVE-2023-2789 | A vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2789 |
CVE-2023-2790 | A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2790 |
CVE-2023-2799 | A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2799 |
CVE-2023-2800 | Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2800 |
CVE-2023-31871 | OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31871 |
CVE-2023-32322 | Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host operating system. Ombi administrators may not always be local system administrators and so this may violate the security expectations of the system. The arbitrary file read vulnerability was present in `ReadLogFile` and `Download` endpoints in `SystemControllers.cs` as the parameter `logFileName` is not sanitized before being combined with the `Logs` directory. When using `Path.Combine(arg1, arg2, arg3)`, an attacker may be able to escape to folders/files outside of `Path.Combine(arg1, arg2)` by using ".." in `arg3`. In addition, by specifying an absolute path for `arg3`, `Path.Combine` will completely ignore the first two arguments and just return just `arg3`. This vulnerability can lead to information disclosure. The Ombi `documentation` suggests running Ombi as a Service with Administrator privileges. An attacker targeting such an application may be able to read the files of any Windows user on the host machine and certain system files. This issue has been addressed in commit `b8a8f029` and in release version 4.38.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-088.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32322 |
CVE-2022-36326 | An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-36326 |
CVE-2022-36327 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-36327 |
CVE-2022-36328 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-36328 |
CVE-2023-31597 | An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31597 |
CVE-2023-0965 | \nCompiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0965 |
CVE-2023-1132 | \nCompiler removal of buffer clearing in \n\nsli_se_driver_key_agreement\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1132 |
CVE-2023-2481 | \nCompiler removal of buffer clearing in \n\n\n\nsli_se_opaque_import_key\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2481 |
CVE-2023-30333 | An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30333 |
CVE-2023-32096 | \nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_encrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32096 |
CVE-2023-32097 | \nCompiler removal of buffer clearing in \n\n\n\n\n\nsli_crypto_transparent_aead_decrypt_tag\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32097 |
CVE-2023-32098 | \nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_message\n\n\n\n\n in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32098 |
CVE-2023-32099 | \nCompiler removal of buffer clearing in \n\n\n\n\n\n\n\nsli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32099 |
CVE-2023-32100 | \nCompiler removal of buffer clearing in \n\nsli_se_driver_mac_compute\n\nin Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32100 |
CVE-2023-29720 | SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29720 |
CVE-2023-31655 | redis-7.0.10 was discovered to contain a segmentation violation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31655 |
CVE-2023-2024 | Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2024 |
CVE-2023-2025 | OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2025 |
CVE-2023-1195 | A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1195 |
CVE-2023-23556 | An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23556 |
CVE-2023-23557 | An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23557 |
CVE-2023-23759 | There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23759 |
CVE-2023-24832 | A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24832 |
CVE-2023-24833 | A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24833 |
CVE-2023-25933 | A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25933 |
CVE-2023-28081 | A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28081 |
CVE-2023-28753 | netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28753 |
CVE-2023-30470 | A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30470 |
CVE-2023-32680 | Metabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that: Anyone–including people in sandboxed groups–could edit SQL snippets. They could edit snippets via the API or, in the application UI, when editing the metadata for a model based on a SQL question, and people in sandboxed groups could edit a SQL snippet used in a query that creates their sandbox. If the snippet contained logic that restricted which data that person could see, they could potentially edit that snippet and change their level of data access. The permissions model for SQL snippets has been fixed in Metabase versions 0.46.3, 0.45.4, 0.44.7, 1.46.3, 1.45.4, and 1.44.7. Users are advised to upgrade. Users unable to upgrade should ensure that SQL queries used to create sandboxes exclude SQL snippets. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32680 |
CVE-2023-2704 | The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2704 |
CVE-2023-1618 | Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1618 |
CVE-2023-33240 | Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33240 |
CVE-2023-28045 | \nDell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28045 |
CVE-2023-2806 | A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2806 |
CVE-2022-30114 | A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30114 |
CVE-2023-26818 | Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26818 |
CVE-2023-31756 | A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31756 |
CVE-2023-31862 | jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31862 |
CVE-2023-30199 | Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30199 |
CVE-2023-31707 | SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31707 |
CVE-2023-31757 | DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian' | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31757 |
CVE-2023-20881 | Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20881 |
CVE-2023-28514 | IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28514 |
CVE-2023-30774 | A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30774 |
CVE-2023-30775 | A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30775 |
CVE-2022-47984 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47984 |
CVE-2023-22878 | IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22878 |
CVE-2023-28529 | IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28529 |
CVE-2023-28950 | IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28950 |
CVE-2023-1996 | A reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R2018x through R2023x allows an attacker to execute arbitrary script code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1996 |
CVE-2023-2814 | A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229428. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2814 |
CVE-2023-2815 | A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2815 |
CVE-2023-32675 | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32675 |
CVE-2023-32679 | Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32679 |
CVE-2023-32677 | Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32677 |
CVE-2023-28623 | Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don't require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that's not in the organization's LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28623 |
CVE-2023-2714 | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2714 |
CVE-2023-2715 | The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2715 |
CVE-2023-2716 | The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2716 |
CVE-2023-2717 | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2717 |
CVE-2023-2735 | The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2735 |
CVE-2023-2736 | The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2736 |
CVE-2023-2276 | The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2276 |
CVE-2023-2822 | A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2822 |
CVE-2023-2823 | A vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_subject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229597 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2823 |
CVE-2023-2824 | A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2824 |
CVE-2023-1692 | The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1692 |
CVE-2023-1693 | The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1693 |
CVE-2023-1694 | The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1694 |
CVE-2023-1696 | The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1696 |
CVE-2023-33244 | Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33244 |
CVE-2022-47134 | Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47134 |
CVE-2023-22689 | Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22689 |
CVE-2023-23890 | Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23890 |
CVE-2023-24414 | Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24414 |
CVE-2023-32589 | Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32589 |
CVE-2023-2826 | A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2826 |
CVE-2021-46888 | An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46888 |
CVE-2023-33250 | The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33250 |
CVE-2023-33251 | When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33251 |
CVE-2023-33252 | iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33252 |
CVE-2023-33254 | There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33254 |
CVE-2020-36694 | An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36694 |
CVE-2023-32336 | IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32336 |
CVE-2023-33264 | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33264 |
CVE-2023-33281 | The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33281 |
CVE-2023-33285 | An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33285 |
CVE-2023-33288 | An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33288 |
CVE-2023-33297 | Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33297 |
CVE-2023-33235 | MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33235 |
CVE-2023-33236 | MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33236 |
CVE-2022-0010 | Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.\n\n\nAn attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes. \n\nThis issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-0010 |
CVE-2022-47142 | Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47142 |
CVE-2022-47609 | Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47609 |
CVE-2023-22688 | Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22688 |
CVE-2023-22692 | Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22692 |
CVE-2023-22709 | Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22709 |
CVE-2023-22714 | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22714 |
CVE-2023-23680 | Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23680 |
CVE-2023-23712 | Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23712 |
CVE-2023-23813 | Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23813 |
CVE-2022-41608 | Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41608 |
CVE-2022-44739 | Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44739 |
CVE-2022-45076 | Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45076 |
CVE-2022-45079 | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45079 |
CVE-2022-45376 | Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45376 |
CVE-2022-47167 | Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47167 |
CVE-2022-47183 | Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47183 |
CVE-2022-47611 | Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47611 |
CVE-2023-23797 | Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23797 |
CVE-2023-25537 | \nDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25537 |
CVE-2023-28709 | The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28709 |
CVE-2023-2832 | SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2832 |
CVE-2023-2597 | In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2597 |
CVE-2023-31058 | Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the\n'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick \n\n https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31058 |
CVE-2023-31779 | Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31779 |
CVE-2022-46680 | \nA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could\ncause disclosure of sensitive information, denial of service, or modification of data if an attacker\nis able to intercept network traffic. \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46680 |
CVE-2023-31206 | Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.\n\n [1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31206 |
CVE-2023-31453 | Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner\nof the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.\n\n[1] \n\n https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949 \n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31453 |
CVE-2023-31454 | Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. \n\nThe attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1]\n\n https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947 \n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31454 |
CVE-2023-25447 | Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25447 |
CVE-2023-25448 | Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25448 |
CVE-2023-31923 | Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31923 |
CVE-2023-32346 | \nTeltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32346 |
CVE-2023-32347 | \nTeltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32347 |
CVE-2023-2586 | \nTeltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2586 |
CVE-2023-2587 | \nTeltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2587 |
CVE-2023-2588 | \nTeltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL could be shared with others without Remote Management System authentication . An attacker could exploit this vulnerability to create a malicious webpage that uses a trusted and certified domain. An attacker could initiate a reverse shell when a victim connects to the malicious webpage, achieving remote code execution on the victim device.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2588 |
CVE-2023-31062 | Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login\nrequest and following it with a subsequent HTTP request\nusing the returned cookie.\n\nUsers are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31062 |
CVE-2023-31064 | Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31064 |
CVE-2023-31065 | Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. \n\n\nAn old session can be used by an attacker even after the user has been deleted or the password has been changed.\n\n\nUsers are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31065 |
CVE-2023-31066 | Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31066 |
CVE-2023-31098 | Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. \n\nWhen users change their password to a simple password (with any character or\nsymbol), attackers can easily guess the user's password and access the account.\n\nUsers are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31098 |
CVE-2023-31101 | Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31101 |
CVE-2023-31103 | Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. \nAttackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31103 |
CVE-2023-32348 | \nTeltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32348 |
CVE-2023-32349 | \nVersions 00.07.00 through 00.07.03.4 of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32349 |
CVE-2023-32350 | \nVersions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32350 |
CVE-2023-33293 | An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33293 |
CVE-2023-33294 | An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns proper CORS headers, it's accessible to all websites via the browser. At a bare minimum, this allows an attacker to retrieve a list of the user's installed apps, notifications, and downloads. It also allows an attacker to delete local files and modify system properties including the boolean persist.moz.killswitch property (which would render the device inoperable). This vulnerability is partially mitigated by SELinux which prevents reads, writes, or modifications to files or permissions within protected partitions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33294 |
CVE-2023-27066 | Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27066 |
CVE-2023-31742 | There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31742 |
CVE-2023-2837 | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2837 |
CVE-2023-2838 | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2838 |
CVE-2023-2839 | Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2839 |
CVE-2023-2840 | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2840 |
CVE-2023-27067 | Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27067 |
CVE-2023-28467 | In MyBB before 1.8.34, there is XSS in the User CP module via the user email field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28467 |
CVE-2023-31584 | GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31584 |
CVE-2023-28386 | \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nSnap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28386 |
CVE-2023-28412 | \n\n\n\n\n\n\n\n\nWhen supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information.\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28412 |
CVE-2023-28649 | \nThe Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28649 |
CVE-2023-29838 | Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29838 |
CVE-2023-31193 | \n\n\n\n\n\n\n\n\n\n\n\n\nSnap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31193 |
CVE-2023-31240 | \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nSnap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31240 |
CVE-2023-31241 | \n\n\n\n\nSnap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31241 |
CVE-2023-31245 | \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nDevices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.\n\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31245 |
CVE-2023-31689 | In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31689 |
CVE-2023-25183 | \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nIn Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25183 |
CVE-2023-31816 | IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31816 |
CVE-2022-4945 | The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4945 |
CVE-2023-2504 | \n\n\n\n\nFiles present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2504 |
CVE-2023-2505 | \nThe affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2505 |
CVE-2022-46658 | The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46658 |
CVE-2022-46738 | The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46738 |
CVE-2022-47311 | A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47311 |
CVE-2022-47320 | The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47320 |
CVE-2020-20012 | WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-20012 |
CVE-2023-25440 | Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25440 |
CVE-2023-27068 | Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27068 |
CVE-2023-29919 | SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29919 |
CVE-2023-31664 | A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31664 |
CVE-2023-31670 | An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31670 |
CVE-2023-31708 | A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31708 |
CVE-2023-31740 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31740 |
CVE-2023-31741 | There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31741 |
CVE-2023-31814 | D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31814 |
CVE-2023-31826 | Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31826 |
CVE-2023-31994 | Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31994 |
CVE-2023-31995 | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31995 |
CVE-2023-31996 | Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31996 |
CVE-2023-22654 | Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22654 |
CVE-2023-23545 | Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23545 |
CVE-2023-25946 | Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25946 |
CVE-2023-25953 | Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25953 |
CVE-2023-26595 | Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26595 |
CVE-2023-27304 | Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27304 |
CVE-2023-27384 | Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27384 |
CVE-2023-27387 | Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27387 |
CVE-2023-27388 | Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27388 |
CVE-2023-27397 | Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27397 |
CVE-2023-27507 | MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27507 |
CVE-2023-27512 | Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27512 |
CVE-2023-27514 | OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27514 |
CVE-2023-27518 | Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27518 |
CVE-2023-27521 | OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27521 |
CVE-2023-27920 | Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27920 |
CVE-2023-27921 | JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27921 |
CVE-2023-27922 | Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27922 |
CVE-2023-27923 | Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27923 |
CVE-2023-27925 | Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27925 |
CVE-2023-27926 | Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27926 |
CVE-2023-28367 | Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28367 |
CVE-2023-28390 | Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28390 |
CVE-2023-28392 | Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28392 |
CVE-2023-28394 | Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28394 |
CVE-2023-28408 | Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28408 |
CVE-2023-28409 | Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28409 |
CVE-2023-28413 | Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28413 |
CVE-2023-30469 | Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30469 |
CVE-2023-2844 | Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2844 |
CVE-2023-2845 | Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2845 |
CVE-2023-23693 | \nDell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23693 |
CVE-2023-23694 | \nDell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23694 |
CVE-2023-31669 | WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote ("). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31669 |
CVE-2023-23706 | Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23706 |
CVE-2023-23724 | Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23724 |
CVE-2023-25472 | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25472 |
CVE-2023-25481 | Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25481 |
CVE-2023-25707 | Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25707 |
CVE-2023-33338 | Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33338 |
CVE-2022-46851 | Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46851 |
CVE-2022-46853 | Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46853 |
CVE-2023-23705 | Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23705 |
CVE-2023-23713 | Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23713 |
CVE-2023-25056 | Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25056 |
CVE-2023-30440 | IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30440 |
CVE-2023-33359 | Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33359 |
CVE-2023-33361 | Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33361 |
CVE-2023-33362 | Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33362 |
CVE-2022-46813 | Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46813 |
CVE-2023-26011 | Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26011 |
CVE-2023-26014 | Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin <= 2.1.7 vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26014 |
CVE-2023-33599 | EasyImages2.0 ? 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33599 |
CVE-2023-33617 | An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33617 |
CVE-2023-25474 | Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25474 |
CVE-2023-1209 | Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1209 |
CVE-2023-1837 | Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1837 |
CVE-2023-23298 | The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23298 |
CVE-2023-23299 | The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23299 |
CVE-2023-23300 | The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23300 |
CVE-2023-23301 | The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23301 |
CVE-2023-23302 | The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23302 |
CVE-2023-23303 | The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23303 |
CVE-2023-23304 | The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23304 |
CVE-2023-23305 | The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23305 |
CVE-2023-23306 | The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23306 |
CVE-2023-31517 | Teeworlds v0.7.5 was discovered to contain memory leaks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31517 |
CVE-2023-31518 | A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31518 |
CVE-2023-31752 | SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31752 |
CVE-2023-31860 | Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31860 |
CVE-2023-30382 | A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30382 |
CVE-2023-28015 | The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28015 |
CVE-2023-31726 | AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31726 |
CVE-2023-31747 | Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31747 |
CVE-2023-32697 | SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32697 |