Vulnerability Summary for the Week of August 21, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
qemu -- qemu | The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. | 2023-08-22 | 10 | CVE-2022-36648 MISC |
c-ares -- c-ares | Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. | 2023-08-22 | 9.8 | CVE-2020-22217 MISC |
flac_project -- flac | Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. | 2023-08-22 | 9.8 | CVE-2020-22219 MISC |
leeco -- letv_x43_firmware | An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). | 2023-08-21 | 9.8 | CVE-2020-28715 MISC MISC |
gnu -- gnu_scientific_library | A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. | 2023-08-22 | 9.8 | CVE-2020-35357 MISC MISC |
libjpeg-turbo -- libjpeg-turbo | libjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c. | 2023-08-22 | 9.8 | CVE-2021-29390 MISC |
json-c_project -- json-c | An issue was discovered in json-c through 0.15-20200726. A stack-buffer-overflow exists in the function parseit located in json_parse.c. It allows an attacker to cause code Execution. | 2023-08-22 | 9.8 | CVE-2021-32292 MISC |
dpic_project -- dpic | dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y | 2023-08-22 | 9.8 | CVE-2021-33388 MISC |
dpic_project -- dpic | dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421. | 2023-08-22 | 9.8 | CVE-2021-33390 MISC |
terra-master -- terramaster_operating_system | TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used. | 2023-08-20 | 9.8 | CVE-2022-24989 MISC MISC MISC MISC MISC |
pandorafms -- pandora_fms | Unrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms. | 2023-08-22 | 9.8 | CVE-2023-24517 MISC |
danfoss -- ak-sm_800a_firmware | Due to improper input validation, a remote attacker could execute arbitrary commands on the target system. | 2023-08-21 | 9.8 | CVE-2023-25915 MISC MISC |
nodejs -- node.js | The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | 2023-08-21 | 9.8 | CVE-2023-32002 MISC |
elecom -- lan-w300n\/rs_firmware | Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allow an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. | 2023-08-18 | 9.8 | CVE-2023-32626 MISC MISC |
e-excellence -- u-office_force | e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service. | 2023-08-25 | 9.8 | CVE-2023-32757 MISC |
elecom -- lan-wh300andgpe_firmware | Hidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions. | 2023-08-18 | 9.8 | CVE-2023-35991 MISC MISC |
langchain -- langchain | An issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter. | 2023-08-22 | 9.8 | CVE-2023-36281 MISC MISC |
ivanti -- mobileiron_sentry | A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | 2023-08-21 | 9.8 | CVE-2023-38035 MISC |
ibm -- robotic_process_automation | IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481. | 2023-08-22 | 9.8 | CVE-2023-38734 MISC MISC |
jerryscript -- jerryscript | Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. | 2023-08-21 | 9.8 | CVE-2023-38961 MISC |
elecom -- wrc-x1800gs-b_firmware | Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code. | 2023-08-18 | 9.8 | CVE-2023-39454 MISC MISC |
totolink -- x5000r_firmware | TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. | 2023-08-21 | 9.8 | CVE-2023-39617 MISC |
totolink -- x5000r_firmware | TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. | 2023-08-21 | 9.8 | CVE-2023-39618 MISC |
gabrieleventuri -- pandasai | An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. | 2023-08-21 | 9.8 | CVE-2023-39660 MISC MISC |
dlink -- dir-842_firmware | D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters. | 2023-08-18 | 9.8 | CVE-2023-39666 MISC MISC MISC |
tenda -- ac6_firmware | Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets. | 2023-08-18 | 9.8 | CVE-2023-39670 MISC MISC |
dlink -- dir-880l_a1_firmware | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be68. | 2023-08-18 | 9.8 | CVE-2023-39671 MISC MISC MISC |
tenda -- wh450a_firmware | Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets. | 2023-08-18 | 9.8 | CVE-2023-39672 MISC MISC |
tenda -- ac15_firmware | Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34(). | 2023-08-18 | 9.8 | CVE-2023-39673 MISC MISC |
dlink -- dir-880l_a1_firmware | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets. | 2023-08-18 | 9.8 | CVE-2023-39674 MISC MISC MISC |
tp-link -- tl-wr940n_v2_firmware | TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. | 2023-08-21 | 9.8 | CVE-2023-39747 MISC |
dlink -- dap-2660_firmware | D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. This vulnerability is exploited via a crafted GET request. | 2023-08-21 | 9.8 | CVE-2023-39749 MISC MISC |
dlink -- dap-2660_firmware | D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request. | 2023-08-21 | 9.8 | CVE-2023-39750 MISC MISC |
tp-link -- tl-wr941nd_v6_firmware | TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. | 2023-08-21 | 9.8 | CVE-2023-39751 MISC |
nvki -- intelligent_broadband_subscriber_gateway | N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php. | 2023-08-21 | 9.8 | CVE-2023-39807 MISC MISC |
nvki -- intelligent_broadband_subscriber_gateway | N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service. | 2023-08-21 | 9.8 | CVE-2023-39808 MISC MISC |
nvki -- intelligent_broadband_subscriber_gateway | N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php. | 2023-08-21 | 9.8 | CVE-2023-39809 MISC MISC |
elecom -- wrc-f1167acf_firmware | OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions. | 2023-08-18 | 9.8 | CVE-2023-40069 MISC MISC |
fobybus -- social-media-skeleton | Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-18 | 9.8 | CVE-2023-40174 MISC MISC |
puma -- puma | Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-18 | 9.8 | CVE-2023-40175 MISC MISC |
devolutions -- remote_desktop_manager | Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature. | 2023-08-21 | 9.8 | CVE-2023-4373 MISC |
wordpress -- wordpress | The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration. | 2023-08-23 | 9.8 | CVE-2023-4404 MISC MISC |
credit_lite_project -- credit_lite | A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511. | 2023-08-18 | 9.8 | CVE-2023-4407 MISC MISC MISC |
totolink -- ex1200l_firmware | A vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-18 | 9.8 | CVE-2023-4410 MISC MISC MISC |
totolink -- ex1200l_firmware | A vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-18 | 9.8 | CVE-2023-4411 MISC MISC MISC |
totolink -- ex1200l_firmware | A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-18 | 9.8 | CVE-2023-4412 MISC MISC MISC |
beijing_baichuo -- smart_s85f_management_platform | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237517 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-18 | 9.8 | CVE-2023-4414 MISC MISC MISC |
sourcecodester -- inventory_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237557 was assigned to this vulnerability. | 2023-08-20 | 9.8 | CVE-2023-4436 MISC MISC MISC |
sourcecodester -- inventory_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237558 is the identifier assigned to this vulnerability. | 2023-08-20 | 9.8 | CVE-2023-4437 MISC MISC MISC |
sourcecodester -- inventory_management_system | A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237559. | 2023-08-20 | 9.8 | CVE-2023-4438 MISC MISC MISC |
sourcecodester -- free_hospital_management_system_for_small_practices | A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been classified as critical. This affects an unknown part of the file appointment.php. The manipulation of the argument sheduledate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237561 was assigned to this vulnerability. | 2023-08-20 | 9.8 | CVE-2023-4440 MISC MISC MISC |
sourcecodester -- free_hospital_management_system_for_small_practices | A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /patient/appointment.php. The manipulation of the argument sheduledate leads to sql injection. The attack can be initiated remotely. VDB-237562 is the identifier assigned to this vulnerability. | 2023-08-21 | 9.8 | CVE-2023-4441 MISC MISC |
sourcecodester -- free_hospital_management_system_for_small_practices | A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been rated as critical. This issue affects some unknown processing of the file \vm\patient\booking-complete.php. The manipulation of the argument userid/apponum/scheduleid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237563. | 2023-08-21 | 9.8 | CVE-2023-4442 MISC MISC MISC |
sourcecodester -- free_hospital_management_system_for_small_practices | A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Affected is an unknown function of the file vm\doctor\edit-doc.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237564. | 2023-08-21 | 9.8 | CVE-2023-4443 MISC MISC MISC |
sourcecodester -- free_hospital_management_system_for_small_practices | A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file vm\patient\edit-user.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237565 was assigned to this vulnerability. | 2023-08-21 | 9.8 | CVE-2023-4444 MISC MISC MISC |
mini -- mini-tmall | A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237566 is the identifier assigned to this vulnerability. | 2023-08-21 | 9.8 | CVE-2023-4445 MISC MISC MISC |
openrapid -- rapidcms | A vulnerability, which was classified as critical, was found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file template/default/category.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237567. | 2023-08-21 | 9.8 | CVE-2023-4446 MISC MISC MISC |
openrapid -- rapidcms | A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568. | 2023-08-21 | 9.8 | CVE-2023-4447 MISC MISC MISC |
openrapid -- rapidcms | A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability. | 2023-08-21 | 9.8 | CVE-2023-4448 MISC MISC MISC MISC |
jeecg -- jimureport | A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571. | 2023-08-21 | 9.8 | CVE-2023-4450 MISC MISC MISC |
typora -- typora | DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | 2023-08-19 | 9.6 | CVE-2023-2317 MISC MISC |
marktext -- marktext | DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText. | 2023-08-19 | 9.6 | CVE-2023-2318 MISC MISC |
luxsoft -- luxcal_web_calendar | SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it. | 2023-08-21 | 9.1 | CVE-2023-39939 MISC MISC MISC |
hdfgroup -- hdf5 | Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | 2023-08-22 | 8.8 | CVE-2020-18232 MISC |
hdfgroup -- hdf5 | Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | 2023-08-22 | 8.8 | CVE-2020-18494 MISC |
gnu -- binutils | An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. | 2023-08-22 | 8.8 | CVE-2020-19726 MISC MISC |
freeimage_project -- freeimage | Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file. | 2023-08-22 | 8.8 | CVE-2020-24292 MISC |
freeimage_project -- freeimage | Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file. | 2023-08-22 | 8.8 | CVE-2020-24293 MISC |
freeimage_project -- freeimage | Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file. | 2023-08-22 | 8.8 | CVE-2020-24295 MISC |
cesanta -- mongoose | Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | 2023-08-22 | 8.8 | CVE-2020-25887 MISC |
freeimage_project -- freeimage | A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp. | 2023-08-22 | 8.8 | CVE-2021-40265 MISC |
sass-lang -- libsass | Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function. | 2023-08-22 | 8.8 | CVE-2022-26592 MISC |
geomatika -- isigeo_web | An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands. | 2023-08-22 | 8.8 | CVE-2023-23564 MISC MISC MISC |
opensuse -- libeconf | A stack overflow vulnerability exists in function econf_writeFile in file atlibeconf/lib/libeconf.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code. | 2023-08-22 | 8.8 | CVE-2023-30078 MISC MISC MISC |
opensuse -- libeconf | A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code. | 2023-08-22 | 8.8 | CVE-2023-30079 MISC MISC MISC |
microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-08-21 | 8.8 | CVE-2023-36787 MISC |
elecom -- lan-w451ngr_firmware | LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. | 2023-08-18 | 8.8 | CVE-2023-38132 MISC MISC |
boidcms -- boidcms | File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component. | 2023-08-21 | 8.8 | CVE-2023-38836 MISC MISC |
online_shopping_portal_project -- online_shopping_portal | Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. | 2023-08-18 | 8.8 | CVE-2023-38890 MISC |
elecom -- wrc-1467ghbk-a_firmware | Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console. | 2023-08-18 | 8.8 | CVE-2023-39445 MISC MISC |
elecom -- wrc-600ghbk-a_firmware | OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions. | 2023-08-18 | 8.8 | CVE-2023-39455 MISC MISC |
elecom -- wrc-f1167acf_firmware | OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allow an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. | 2023-08-18 | 8.8 | CVE-2023-39944 MISC MISC |
elecom -- wab-s600-ps_firmware | OS command injection vulnerability in WAB-S600-PS all versions, and WAB-S300 all versions allow an authenticated user to execute an arbitrary OS command by sending a specially crafted request. | 2023-08-18 | 8.8 | CVE-2023-40072 MISC MISC |
fobybus -- social-media-skeleton | Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-08-18 | 8.8 | CVE-2023-40172 MISC MISC |
happysoft -- nbs\&happysoftwechat | A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237512. | 2023-08-18 | 8.8 | CVE-2023-4409 MISC MISC MISC |
ruijienetworks -- rg-ew1200g_firmware | A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-18 | 8.8 | CVE-2023-4415 MISC MISC MISC |
google -- chrome | Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-23 | 8.8 | CVE-2023-4429 MISC MISC MISC |
google -- chrome | Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-23 | 8.8 | CVE-2023-4430 MISC MISC MISC |
sourcecodester -- free_and_open_source_inventory_management_system | A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability. | 2023-08-21 | 8.8 | CVE-2023-4449 MISC MISC MISC |
spice-space -- spice-server | An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects. | 2023-08-22 | 8.6 | CVE-2020-23793 MISC |
microsoft -- microsoft_edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-08-26 | 8.3 | CVE-2023-36741 MISC |
google -- chrome | Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 2023-08-23 | 8.1 | CVE-2023-4428 MISC MISC MISC |
google -- chrome | Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | 2023-08-23 | 8.1 | CVE-2023-4431 MISC MISC MISC |
elecom -- lan-wh300n/re_firmware | Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. | 2023-08-18 | 8 | CVE-2023-38576 MISC MISC |
exiv2 -- exiv2 | Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file. | 2023-08-22 | 7.8 | CVE-2020-18831 MISC MISC |
microsoft -- z3 | There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempts to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution. | 2023-08-22 | 7.8 | CVE-2020-19725 MISC |
freeimage_project -- freeimage | Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | 2023-08-22 | 7.8 | CVE-2020-21426 MISC |
freeimage_project -- freeimage | Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | 2023-08-22 | 7.8 | CVE-2020-21427 MISC |
freeimage_project -- freeimage | Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file. | 2023-08-22 | 7.8 | CVE-2020-21428 MISC |
ogg_video_tools_project -- ogg_video_tools | Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file. | 2023-08-22 | 7.8 | CVE-2020-21722 MISC MISC |
ogg_video_tools_project -- ogg_video_tools | Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file. | 2023-08-22 | 7.8 | CVE-2020-21724 MISC MISC |
artifex -- ghostscript | Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. | 2023-08-22 | 7.8 | CVE-2020-21890 MISC |
gnu -- binutils | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. | 2023-08-22 | 7.8 | CVE-2022-44840 MISC |
gnu -- binutils | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. | 2023-08-22 | 7.8 | CVE-2022-45703 MISC |
7-zip -- p7zip | p7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp. | 2023-08-22 | 7.8 | CVE-2022-47069 MISC |
gnu -- binutils | An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts. | 2023-08-22 | 7.8 | CVE-2022-47673 MISC |
gnu -- binutils | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c. | 2023-08-22 | 7.8 | CVE-2022-47695 MISC |
gnu -- binutils | An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols. | 2023-08-22 | 7.8 | CVE-2022-47696 MISC |
berkaygediz -- o_blog | SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. | 2023-08-21 | 7.8 | CVE-2023-38899 MISC MISC MISC MISC |
openvpn -- openvpn | Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet. | 2023-08-22 | 7.5 | CVE-2020-20813 MISC |
postgresql -- postgresql | An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. | 2023-08-22 | 7.5 | CVE-2020-21469 MISC |
libssh2 -- libssh2 | An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. | 2023-08-22 | 7.5 | CVE-2020-22218 MISC |
memcached -- memcached | Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | 2023-08-22 | 7.5 | CVE-2020-22570 MISC |
freedesktop -- poppler | Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | 2023-08-22 | 7.5 | CVE-2020-23804 MISC |
realtek -- rtl8812au_firmware | An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | 2023-08-22 | 7.5 | CVE-2020-26652 MISC |
linux -- kernel | A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. | 2023-08-22 | 7.5 | CVE-2020-27418 MISC MISC |
gnu -- binutils | GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. | 2023-08-22 | 7.5 | CVE-2020-35342 MISC |
vsftpd_project -- vsftpd | VSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed. | 2023-08-22 | 7.5 | CVE-2021-30047 MISC |
dpic_project -- dpic | dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y. | 2023-08-22 | 7.5 | CVE-2021-32420 MISC MISC |
dpic_project -- dpic | dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y. | 2023-08-22 | 7.5 | CVE-2021-32421 MISC MISC |
dpic_project -- dpic | dpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array. | 2023-08-22 | 7.5 | CVE-2021-32422 MISC MISC |
imagemagick -- imagemagick | An issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c. | 2023-08-22 | 7.5 | CVE-2021-40211 MISC |
gnu -- binutils | Heap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37. | 2023-08-22 | 7.5 | CVE-2021-46174 MISC |
python -- python | The json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service. | 2023-08-22 | 7.5 | CVE-2022-25024 MISC MISC MISC MISC |
radare -- radare2 | A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0. | 2023-08-22 | 7.5 | CVE-2022-28068 MISC |
radare -- radare2 | A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0. | 2023-08-22 | 7.5 | CVE-2022-28069 MISC |
radare -- radare2 | A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0. | 2023-08-22 | 7.5 | CVE-2022-28070 MISC |
radare -- radare2 | A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0. | 2023-08-22 | 7.5 | CVE-2022-28071 MISC |
radare -- radare2 | A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0. | 2023-08-22 | 7.5 | CVE-2022-28072 MISC |
radare -- radare2 | A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0. | 2023-08-22 | 7.5 | CVE-2022-28073 MISC |
imagemagick -- imagemagick | A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. | 2023-08-22 | 7.5 | CVE-2022-48541 MISC |
python -- python | A use-after-free exists in Python through 3.9 via heappushpop in heapq. | 2023-08-22 | 7.5 | CVE-2022-48560 MISC |
cryptopp -- crypto\+\+ | Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons. | 2023-08-22 | 7.5 | CVE-2022-48570 MISC MISC |
memcached -- memcached | memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. | 2023-08-22 | 7.5 | CVE-2022-48571 MISC |
cisco -- secure_endpoint_private_cloud | A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition. | 2023-08-18 | 7.5 | CVE-2023-20212 MISC |
danfoss -- ak-sm_800a_firmware | Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information. | 2023-08-21 | 7.5 | CVE-2023-25913 MISC MISC |
danfoss -- ak-sm_800a_firmware | Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface. | 2023-08-21 | 7.5 | CVE-2023-25914 MISC MISC |
e-excellence -- u-office_force | e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files but can’t control system or disrupt service. | 2023-08-25 | 7.5 | CVE-2023-32756 MISC |
wordpress -- wordpress | The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. | 2023-08-21 | 7.5 | CVE-2023-3604 MISC |
qt -- qt | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. | 2023-08-20 | 7.5 | CVE-2023-37369 MISC MISC MLIST |
kidus -- minimati | SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component. | 2023-08-18 | 7.5 | CVE-2023-38839 MISC |
weaviate -- weaviate | An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. | 2023-08-21 | 7.5 | CVE-2023-38976 MISC |
ntsc-crt_project -- ntsc-crt | NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. NOTE: the vendor's perspective is "this main application was not intended to be a well-tested program, it's just something to demonstrate it works and for the user to see how to integrate it into their own programs." | 2023-08-18 | 7.5 | CVE-2023-39125 MISC |
northgrid -- proself | Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an unintended operation. | 2023-08-18 | 7.5 | CVE-2023-39415 MISC MISC MISC |
dlink -- dir-880l_a1_firmware | D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824. | 2023-08-18 | 7.5 | CVE-2023-39669 MISC MISC MISC |
tp-link -- tl-wr940n_v2_firmware | TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2023-08-21 | 7.5 | CVE-2023-39745 MISC |
tp-link -- tl-wr1041n_v2_firmware | An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 2023-08-21 | 7.5 | CVE-2023-39748 MISC |
tenda -- ac8v4_firmware | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function. | 2023-08-21 | 7.5 | CVE-2023-39784 MISC MISC |
tenda -- ac8v4_firmware | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function. | 2023-08-21 | 7.5 | CVE-2023-39785 MISC MISC |
tenda -- ac8v4_firmware | Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function. | 2023-08-21 | 7.5 | CVE-2023-39786 MISC MISC |
fobybus -- social-media-skeleton | Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue. | 2023-08-18 | 7.5 | CVE-2023-40173 MISC MISC MISC |
veilid -- veilid | Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023. | 2023-08-20 | 7.5 | CVE-2023-40711 MISC |
typora -- typora | Improper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | 2023-08-19 | 7.4 | CVE-2023-2316 MISC MISC |
northgrid -- proself | Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands. | 2023-08-18 | 7.2 | CVE-2023-39416 MISC MISC MISC |
mcafee -- safe_connect | McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. | 2023-08-21 | 7.2 | CVE-2023-40352 CONFIRM MISC |
oracle -- apache_xml_graphics_batik | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later. | 2023-08-22 | 7.1 | CVE-2022-44729 MISC MISC MISC MISC |
obsidian -- obsidian | Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via "app://local/<absolute-path>". This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian. | 2023-08-19 | 7.1 | CVE-2023-2110 MISC MISC |
unity -- parsec | Unity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version. | 2023-08-20 | 7 | CVE-2023-37250 MISC MISC CONFIRM |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
phplist -- phplist | An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. | 2023-08-18 | 6.7 | CVE-2023-27576 MISC |
webassembly -- binaryen | A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as. | 2023-08-22 | 6.5 | CVE-2020-18378 MISC |
webassembly -- binaryen | Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt. | 2023-08-22 | 6.5 | CVE-2020-18382 MISC |
exempi_project -- exempi | Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. | 2023-08-22 | 6.5 | CVE-2020-18651 MISC MISC |
exempi_project -- exempi | Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. | 2023-08-22 | 6.5 | CVE-2020-18652 MISC MISC |
freedesktop -- poppler | Buffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service. | 2023-08-22 | 6.5 | CVE-2020-18839 MISC |
gnu -- ncurses | Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 2023-08-22 | 6.5 | CVE-2020-19185 MISC |
gnu -- ncurses | Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 2023-08-22 | 6.5 | CVE-2020-19186 MISC |
gnu -- ncurses | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 2023-08-22 | 6.5 | CVE-2020-19187 MISC |
gnu -- ncurses | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 2023-08-22 | 6.5 | CVE-2020-19188 MISC |
gnu -- ncurses | Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 2023-08-22 | 6.5 | CVE-2020-19189 MISC |
gnu -- ncurses | Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 2023-08-22 | 6.5 | CVE-2020-19190 MISC |
freeimage_project -- freeimage | Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file. | 2023-08-22 | 6.5 | CVE-2020-22524 MISC |
libraw -- libraw | Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. | 2023-08-22 | 6.5 | CVE-2020-22628 MISC |
freeimage_project -- freeimage | Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file. | 2023-08-22 | 6.5 | CVE-2020-24294 MISC |
freeimage_project -- freeimage | A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp. | 2023-08-22 | 6.5 | CVE-2021-40262 MISC |
freeimage_project -- freeimage | NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp. | 2023-08-22 | 6.5 | CVE-2021-40264 MISC |
freeimage_project -- freeimage | FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference. | 2023-08-22 | 6.5 | CVE-2021-40266 MISC |
upx_project -- upx | Reachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function. | 2023-08-22 | 6.5 | CVE-2021-46179 MISC |
freedesktop -- poppler | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | 2023-08-22 | 6.5 | CVE-2022-37051 MISC MISC |
freedesktop -- poppler | A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | 2023-08-22 | 6.5 | CVE-2022-37052 MISC MISC |
libtiff -- libtiff | An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. | 2023-08-22 | 6.5 | CVE-2022-40090 MISC MISC |
python -- python | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | 2023-08-22 | 6.5 | CVE-2022-48564 MISC |
geomatika -- isigeo_web | An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection. | 2023-08-22 | 6.5 | CVE-2023-23563 MISC MISC MISC |
pandorafms -- pandora_fms | Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms. | 2023-08-22 | 6.5 | CVE-2023-24515 MISC |
typora -- typora | Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora. | 2023-08-19 | 6.5 | CVE-2023-2971 MISC |
tp-link -- tapo | An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message. | 2023-08-22 | 6.5 | CVE-2023-38906 MISC MISC |
tp-link -- tapo | An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function. | 2023-08-22 | 6.5 | CVE-2023-38908 MISC MISC MISC |
tp-link -- tapo | An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function. | 2023-08-22 | 6.5 | CVE-2023-38909 MISC MISC MISC |
oracle -- apache_nifi | Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation. | 2023-08-18 | 6.5 | CVE-2023-40037 MISC MISC MISC |
devolutions -- remote_desktop_manager | Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process. | 2023-08-21 | 6.5 | CVE-2023-4417 MISC |
wallabag -- wallabag | Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. | 2023-08-21 | 6.5 | CVE-2023-4455 MISC MISC |
redhat -- openshift_logging | A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached. | 2023-08-21 | 6.5 | CVE-2023-4456 MISC MISC |
samsung -- sww-3400rw_firmware | A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi | 2023-08-22 | 6.1 | CVE-2020-22181 MISC MISC |
nagios -- nagios_xi | Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | 2023-08-22 | 6.1 | CVE-2020-23992 MISC |
cacti -- cacti | Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php. | 2023-08-22 | 6.1 | CVE-2022-41444 MISC |
cacti -- cacti | A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php. | 2023-08-22 | 6.1 | CVE-2022-48547 MISC |
pandorafms -- pandora_fms | Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms. | 2023-08-22 | 6.1 | CVE-2023-24514 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-themes Flatsome plugin <= 3.16.8 versions. | 2023-08-23 | 6.1 | CVE-2023-28994 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.32.7212 versions. | 2023-08-18 | 6.1 | CVE-2023-30499 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions. | 2023-08-18 | 6.1 | CVE-2023-31094 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions. | 2023-08-18 | 6.1 | CVE-2023-31218 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.17.1 versions. | 2023-08-18 | 6.1 | CVE-2023-32105 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Mahmood WP Docs plugin <= 1.9.9 versions. | 2023-08-18 | 6.1 | CVE-2023-32106 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions. | 2023-08-18 | 6.1 | CVE-2023-32107 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions. | 2023-08-18 | 6.1 | CVE-2023-32108 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions. | 2023-08-18 | 6.1 | CVE-2023-32109 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions. | 2023-08-18 | 6.1 | CVE-2023-32122 MISC |
google -- critters | Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension. | 2023-08-21 | 6.1 | CVE-2023-3481 MISC |
cszcms -- csz_cms | CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin. | 2023-08-18 | 6.1 | CVE-2023-38910 MISC |
wordpress -- wordpress | The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-08-21 | 6.1 | CVE-2023-3936 MISC |
wordpress -- wordpress | The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-08-21 | 6.1 | CVE-2023-3954 MISC |
luxsoft -- luxcal_web_calendar | Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product. | 2023-08-21 | 6.1 | CVE-2023-39543 MISC MISC MISC |
jenkins -- jenkins | Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability. | 2023-08-21 | 6.1 | CVE-2023-4303 MISC |
cockpit -- cockpit | Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. | 2023-08-19 | 6.1 | CVE-2023-4432 MISC MISC |
hamza417 -- inure | Missing Authorization in GitHub repository hamza417/inure prior to build88. | 2023-08-20 | 6.1 | CVE-2023-4434 MISC MISC |
cockpit -- cockpit | Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4. | 2023-08-20 | 6.1 | CVE-2023-4451 MISC MISC |
wallabag -- wallabag | Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. | 2023-08-21 | 5.7 | CVE-2023-4454 MISC MISC |
libtiff -- libtiff | There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file. | 2023-08-22 | 5.5 | CVE-2020-18768 MISC |
zziplib_project -- zziplib | An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service. | 2023-08-22 | 5.5 | CVE-2020-18770 MISC |
nasm -- netwide_assembler | A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command. | 2023-08-22 | 5.5 | CVE-2020-18780 MISC |
audiofile -- audiofile | Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert. | 2023-08-22 | 5.5 | CVE-2020-18781 MISC |
gnu -- binutils | A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. | 2023-08-22 | 5.5 | CVE-2020-19724 MISC MISC |
elfutils_project -- elfutils | The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. | 2023-08-22 | 5.5 | CVE-2020-21047 MISC MISC |
gnu -- binutils | An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. | 2023-08-22 | 5.5 | CVE-2020-21490 MISC MISC |
nasm -- netwide_assembler | A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file. | 2023-08-22 | 5.5 | CVE-2020-21528 MISC |
graphicsmagick -- graphicsmagick | Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format. | 2023-08-22 | 5.5 | CVE-2020-21679 MISC |
nasm -- netwide_assembler | Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | 2023-08-22 | 5.5 | CVE-2020-21685 MISC |
nasm -- netwide_assembler | A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. | 2023-08-22 | 5.5 | CVE-2020-21686 MISC |
nasm -- netwide_assembler | Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | 2023-08-22 | 5.5 | CVE-2020-21687 MISC |
artifex -- ghostscript | A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. | 2023-08-22 | 5.5 | CVE-2020-21710 MISC MISC |
ogg_video_tools_project -- ogg_video_tools | A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file. | 2023-08-22 | 5.5 | CVE-2020-21723 MISC MISC |
artifex -- mupdf | A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file. | 2023-08-22 | 5.5 | CVE-2020-21896 MISC |
tukaani -- xz | An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of crafted file. | 2023-08-22 | 5.5 | CVE-2020-22916 MISC MISC |
nasm -- netwide_assembler | Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file. | 2023-08-22 | 5.5 | CVE-2022-29654 MISC MISC MISC |
gnu -- binutils | An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | 2023-08-22 | 5.5 | CVE-2022-47007 MISC |
gnu -- binutils | An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | 2023-08-22 | 5.5 | CVE-2022-47008 MISC |
gnu -- binutils | An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | 2023-08-22 | 5.5 | CVE-2022-47010 MISC |
gnu -- binutils | An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. | 2023-08-22 | 5.5 | CVE-2022-47011 MISC |
gnu -- binutils | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | 2023-08-22 | 5.5 | CVE-2022-48063 MISC MISC |
gnu -- binutils | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | 2023-08-22 | 5.5 | CVE-2022-48064 MISC MISC |
gnu -- binutils | GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | 2023-08-22 | 5.5 | CVE-2022-48065 MISC MISC |
file_project -- file | File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. | 2023-08-22 | 5.5 | CVE-2022-48554 MISC |
insyde -- insydeh2o | An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform. | 2023-08-18 | 5.5 | CVE-2023-27471 MISC |
nasm -- netwide_assembler | Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). | 2023-08-22 | 5.5 | CVE-2023-38665 MISC |
hamza417 -- inure | Improper Input Validation in GitHub repository hamza417/inure prior to build88. | 2023-08-20 | 5.5 | CVE-2023-4435 MISC MISC |
linux -- kernel | A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup. | 2023-08-21 | 5.5 | CVE-2023-4459 MISC MISC MISC |
pandorafms -- pandora_fms | Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms. | 2023-08-22 | 5.4 | CVE-2023-24516 MISC |
juliencrego -- manager_for_icomoon | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Julien Crego Manager for Icomoon plugin <= 2.0 versions. | 2023-08-18 | 5.4 | CVE-2023-29387 MISC |
themepalace -- tp_education | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <= 4.4 versions. | 2023-08-18 | 5.4 | CVE-2023-32103 MISC |
cszcms -- csz_cms | A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields. | 2023-08-18 | 5.4 | CVE-2023-38911 MISC |
zerowdd -- studentmanager | Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function. | 2023-08-21 | 5.4 | CVE-2023-39094 MISC |
advancedcustomfields -- advanced_custom_fields | Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege. | 2023-08-21 | 5.4 | CVE-2023-40068 MISC MISC MISC MISC |
dedecms -- dedecms | DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. | 2023-08-24 | 5.4 | CVE-2023-40874 MISC |
dedecms -- dedecms | DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. | 2023-08-24 | 5.4 | CVE-2023-40875 MISC |
dedecms -- dedecms | DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. | 2023-08-24 | 5.4 | CVE-2023-40876 MISC |
dedecms -- dedecms | DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. | 2023-08-24 | 5.4 | CVE-2023-40877 MISC |
jenkins -- jenkins | A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2023-08-21 | 5.4 | CVE-2023-4301 MISC |
cockpit -- cockpit | Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. | 2023-08-19 | 5.4 | CVE-2023-4433 MISC MISC |
pimcore -- pimcore | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8. | 2023-08-21 | 5.4 | CVE-2023-4453 MISC MISC |
wordpress -- wordpress | The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string. | 2023-08-25 | 5.4 | CVE-2023-4520 MISC MISC MISC |
esri -- server | ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed. | 2023-08-25 | 5.3 | CVE-2023-25848 MISC |
e-excellence -- u-office_force | e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command. | 2023-08-25 | 5.3 | CVE-2023-32755 MISC |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax. | 2023-08-20 | 5.3 | CVE-2023-36674 MISC |
ibm -- robotic_process_automation | IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470. | 2023-08-22 | 5.3 | CVE-2023-40370 MISC MISC |
wordpress -- wordpress | The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders. | 2023-08-18 | 5.3 | CVE-2023-4040 MISC MISC |
sourcecodester -- card_holder_management_system | A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The identifier of this vulnerability is VDB-237560. | 2023-08-20 | 5.3 | CVE-2023-4439 MISC MISC |
geomatika -- isigeo_web | An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. | 2023-08-22 | 4.9 | CVE-2023-23565 MISC MISC MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All My Web Needs Logo Scheduler plugin <= 1.2.0 versions. | 2023-08-18 | 4.8 | CVE-2023-30875 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions. | 2023-08-18 | 4.8 | CVE-2023-31228 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Artiss Plugins List plugin <= 2.5 versions. | 2023-08-18 | 4.8 | CVE-2023-31232 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions. | 2023-08-18 | 4.8 | CVE-2023-32130 MISC |
sourcecodester -- student_study_center_desk_management_system | Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL. | 2023-08-23 | 4.8 | CVE-2023-36317 MISC MISC MISC |
wordpress -- wordpress | The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-08-21 | 4.8 | CVE-2023-3667 MISC |
cockpit -- cockpit | Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3. | 2023-08-18 | 4.8 | CVE-2023-4422 MISC MISC |
wordpress -- wordpress | The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack | 2023-08-21 | 4.3 | CVE-2023-3366 MISC |
ibm -- robotic_process_automation | IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289. | 2023-08-22 | 4.3 | CVE-2023-38732 MISC MISC |
ibm -- robotic_process_automation | IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293. | 2023-08-22 | 4.3 | CVE-2023-38733 MISC MISC |
jenkins -- jenkins | A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2023-08-21 | 4.3 | CVE-2023-4302 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
chamilo -- chamilo | Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. | 2023-08-21 | 3.5 | CVE-2023-39061 MISC MISC |
microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 2023-08-21 | 3.1 | CVE-2023-38158 MISC |
rootkit_hunter_project -- rootkit_hunter | A vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It has been classified as problematic. Affected is an unknown function of the file /var/log/rkhunter.log. The manipulation leads to sensitive information in log files. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237516. | 2023-08-18 | 2.5 | CVE-2023-4413 MISC MISC MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google -- chrome | Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) | 2023-08-25 | not yet calculated | CVE-2019-13689 MISC MISC |
google -- chrome | Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | 2023-08-25 | not yet calculated | CVE-2019-13690 MISC MISC |
stormshield -- stormshield_network_security | An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form. | 2023-08-25 | not yet calculated | CVE-2020-11711 MISC MISC MISC |
hwclock.13-v2.27 -- hwclock.13-v2.27 | An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privileges or execute arbitrary commands via the path parameter when setting the date. | 2023-08-22 | not yet calculated | CVE-2020-21583 MISC MISC |
tengine -- tengine | The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests. | 2023-08-22 | not yet calculated | CVE-2020-21699 MISC |
yealink -- w60b | Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | 2023-08-22 | not yet calculated | CVE-2020-24113 MISC |
artifex_software -- mupdf | A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information. | 2023-08-22 | not yet calculated | CVE-2020-26683 MISC |
stormshield -- stormshield_network_security | Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. | 2023-08-25 | not yet calculated | CVE-2021-27932 MISC MISC |
opensc -- opensc | Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs. | 2023-08-22 | not yet calculated | CVE-2021-34193 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
samsung -- syncthru_web_service | An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. | 2023-08-22 | not yet calculated | CVE-2021-35309 MISC MISC |
freeimage -- freeimage | A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp. | 2023-08-22 | not yet calculated | CVE-2021-40263 MISC |
nervuri -- e_os | Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response. | 2023-08-22 | not yet calculated | CVE-2021-43171 MISC MISC |
djvulibre -- djvulibre | An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. | 2023-08-22 | not yet calculated | CVE-2021-46310 MISC |
djvulibre-- djvulibre | An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. | 2023-08-22 | not yet calculated | CVE-2021-46312 MISC |
etcd -- etcd | Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go | 2023-08-22 | not yet calculated | CVE-2022-34038 MISC MISC |
gnu -- binutils | An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. | 2023-08-22 | not yet calculated | CVE-2022-35205 MISC |
gnu -- binutils | Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. | 2023-08-22 | not yet calculated | CVE-2022-35206 MISC |
freedesktop -- poppler | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. | 2023-08-22 | not yet calculated | CVE-2022-37050 MISC MISC |
lenovo -- notebook | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation. | 2023-08-23 | not yet calculated | CVE-2022-3742 MISC |
lenovo -- notebook | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands. | 2023-08-23 | not yet calculated | CVE-2022-3743 MISC |
lenovo -- notebook | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. | 2023-08-23 | not yet calculated | CVE-2022-3744 MISC |
lenovo -- notebook | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. | 2023-08-23 | not yet calculated | CVE-2022-3745 MISC |
lenovo -- notebook | A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. | 2023-08-23 | not yet calculated | CVE-2022-3746 MISC |
freedesktop -- poppler | An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | 2023-08-22 | not yet calculated | CVE-2022-38349 MISC MISC |
oracle -- jdk | An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. | 2023-08-22 | not yet calculated | CVE-2022-40433 MISC MISC MISC MISC |
libsass -- libsass | Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2. | 2023-08-22 | not yet calculated | CVE-2022-43357 MISC MISC MISC |
sass-lang -- libsass | Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS). | 2023-08-22 | not yet calculated | CVE-2022-43358 MISC MISC MISC |
south_river_technologie -- titan_ftp | There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. | 2023-08-22 | not yet calculated | CVE-2022-44215 MISC MISC |
google -- chrome | Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 2023-08-25 | not yet calculated | CVE-2022-4452 MISC MISC |
oracle -- apache_xml_graphics_batik | Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. | 2023-08-22 | not yet calculated | CVE-2022-44730 MISC MISC MISC MISC |
openmns -- horizon | Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. | 2023-08-22 | not yet calculated | CVE-2022-45582 MISC MISC |
fresenius_kabi -- pharmahelp | An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. | 2023-08-22 | not yet calculated | CVE-2022-45611 MISC |
oracle -- apache_ivy/apache_maven | Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide". | 2023-08-21 | not yet calculated | CVE-2022-46751 MISC MISC MISC MISC |
mozilla -- firefox | A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106. | 2023-08-24 | not yet calculated | CVE-2022-46884 MISC MISC |
open-mpi -- open-mpi | An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. | 2023-08-22 | not yet calculated | CVE-2022-47022 MISC |
busybox -- busybox | There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. | 2023-08-22 | not yet calculated | CVE-2022-48174 MISC |
perl -- perl | In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. | 2023-08-22 | not yet calculated | CVE-2022-48522 MISC |
cacti -- cacti | In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. | 2023-08-22 | not yet calculated | CVE-2022-48538 MISC MISC |
xpdf -- xpdf | An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. | 2023-08-22 | not yet calculated | CVE-2022-48545 MISC |
python -- python | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | 2023-08-22 | not yet calculated | CVE-2022-48565 MISC |
python -- python | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | 2023-08-22 | not yet calculated | CVE-2022-48566 MISC |
mongodb_inc -- mongodb_server | If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions. | 2023-08-23 | not yet calculated | CVE-2023-1409 MISC MISC |
cisco -- cisco_nx-os_software | A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability. | 2023-08-23 | not yet calculated | CVE-2023-20115 MISC |
cisco -- cisco_nx-os_software | A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. | 2023-08-23 | not yet calculated | CVE-2023-20168 MISC |
cisco -- cisco_nx-os_software | A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device. | 2023-08-23 | not yet calculated | CVE-2023-20169 MISC |
cisco -- cisco_unified_computing_system | A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device. | 2023-08-23 | not yet calculated | CVE-2023-20200 MISC |
cisco -- cisco_application_policy_infrastructure_controller | A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access. | 2023-08-23 | not yet calculated | CVE-2023-20230 MISC |
cisco -- multiple_products | A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability. | 2023-08-23 | not yet calculated | CVE-2023-20234 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions. | 2023-08-25 | not yet calculated | CVE-2023-24394 MISC |
esoteric_software -- yamlbeans | An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception. | 2023-08-25 | not yet calculated | CVE-2023-24620 MISC MISC MISC |
esoteric_software -- yamlbeans | An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed. | 2023-08-25 | not yet calculated | CVE-2023-24621 MISC MISC MISC |
zte -- mf286r | There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. | 2023-08-25 | not yet calculated | CVE-2023-25649 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions. | 2023-08-25 | not yet calculated | CVE-2023-25981 MISC |
wireshark -- wireshark | Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. | 2023-08-25 | not yet calculated | CVE-2023-2906 MISC MISC |
sick_ag -- lms5xx | The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password. | 2023-08-24 | not yet calculated | CVE-2023-31412 MISC MISC MISC |
draytek -- vigor2620 | user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. | 2023-08-21 | not yet calculated | CVE-2023-31447 MISC MISC |
gravitl -- netmaker | Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server. | 2023-08-24 | not yet calculated | CVE-2023-32077 MISC MISC MISC MISC |
gravitl -- netmaker | Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user's username, it was possible to update the other user's password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. | 2023-08-24 | not yet calculated | CVE-2023-32078 MISC MISC MISC |
gravitl -- netmaker | Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. | 2023-08-24 | not yet calculated | CVE-2023-32079 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions. | 2023-08-23 | not yet calculated | CVE-2023-32119 MISC |
walchem -- intuition_9 | Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device. | 2023-08-23 | not yet calculated | CVE-2023-32202 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions. | 2023-08-23 | not yet calculated | CVE-2023-32236 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. | 2023-08-23 | not yet calculated | CVE-2023-32300 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions. | 2023-08-23 | not yet calculated | CVE-2023-32496 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <= 1.1.9.4 versions. | 2023-08-23 | not yet calculated | CVE-2023-32497 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions. | 2023-08-23 | not yet calculated | CVE-2023-32498 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions. | 2023-08-23 | not yet calculated | CVE-2023-32499 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions. | 2023-08-23 | not yet calculated | CVE-2023-32505 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions. | 2023-08-23 | not yet calculated | CVE-2023-32509 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions. | 2023-08-24 | not yet calculated | CVE-2023-32510 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 versions. | 2023-08-24 | not yet calculated | CVE-2023-32511 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions. | 2023-08-24 | not yet calculated | CVE-2023-32516 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions. | 2023-08-25 | not yet calculated | CVE-2023-32518 MISC |
node.js -- node.js | A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | 2023-08-24 | not yet calculated | CVE-2023-32559 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. | 2023-08-25 | not yet calculated | CVE-2023-32575 MISC |
wordpress -- wordpress | Auth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions. | 2023-08-25 | not yet calculated | CVE-2023-32576 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions. | 2023-08-25 | not yet calculated | CVE-2023-32577 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions. | 2023-08-25 | not yet calculated | CVE-2023-32584 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions. | 2023-08-25 | not yet calculated | CVE-2023-32591 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions. | 2023-08-25 | not yet calculated | CVE-2023-32595 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions. | 2023-08-25 | not yet calculated | CVE-2023-32596 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions. | 2023-08-25 | not yet calculated | CVE-2023-32598 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. | 2023-08-25 | not yet calculated | CVE-2023-32603 MISC |
zulip -- zulip | Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3. | 2023-08-25 | not yet calculated | CVE-2023-32678 MISC MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. | 2023-08-25 | not yet calculated | CVE-2023-32797 MISC |
ibm -- txseries_for_multiplatforms | IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. | 2023-08-22 | not yet calculated | CVE-2023-33850 MISC MISC MISC MISC |
spring -- spring_for_apache_kafka | In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record. | 2023-08-24 | not yet calculated | CVE-2023-34040 MISC |
m-files -- m-files_web | Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server | 2023-08-25 | not yet calculated | CVE-2023-3406 MISC |
m-files -- m-files_server | Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory. | 2023-08-25 | not yet calculated | CVE-2023-3425 MISC |
etic_telecom -- remote_access_server | ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition. | 2023-08-23 | not yet calculated | CVE-2023-3453 MISC |
techview -- la-5570 | An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. | 2023-08-25 | not yet calculated | CVE-2023-34723 MISC MISC |
supermicro -- x12dpg-qr | Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. | 2023-08-22 | not yet calculated | CVE-2023-34853 MISC MISC |
qnap_systems_inc. -- qts | An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later | 2023-08-24 | not yet calculated | CVE-2023-34971 MISC |
qnap_systems_inc. -- qts | A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later | 2023-08-24 | not yet calculated | CVE-2023-34972 MISC |
qnap_systems_inc. -- qts | An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later | 2023-08-24 | not yet calculated | CVE-2023-34973 MISC |
skale_network_sgxwallet -- skale_network_sgxwallet | Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function. | 2023-08-25 | not yet calculated | CVE-2023-36198 MISC |
skale_network_sgxwallet -- skale_network_sgxwallet | An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component. | 2023-08-25 | not yet calculated | CVE-2023-36199 MISC |
asustor -- adm | An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | 2023-08-22 | not yet calculated | CVE-2023-3699 MISC |
aditya_infotech_limited -- cp-plus_dvr | The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. | 2023-08-24 | not yet calculated | CVE-2023-3704 MISC |
aditya_infotech_limited -- cp-plus_nvr | The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. | 2023-08-24 | not yet calculated | CVE-2023-3705 MISC |
infoblox -- nios | Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. | 2023-08-25 | not yet calculated | CVE-2023-37249 CONFIRM MISC |
oracle -- apache_airflow | Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. | 2023-08-23 | not yet calculated | CVE-2023-37379 MISC MISC MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 2023-08-22 | not yet calculated | CVE-2023-37421 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 2023-08-22 | not yet calculated | CVE-2023-37422 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 2023-08-22 | not yet calculated | CVE-2023-37423 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker's control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | 2023-08-22 | not yet calculated | CVE-2023-37424 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 2023-08-22 | not yet calculated | CVE-2023-37425 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37426 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 2023-08-22 | not yet calculated | CVE-2023-37427 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. | 2023-08-22 | not yet calculated | CVE-2023-37428 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37429 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37430 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37431 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37432 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37433 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37434 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37435 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37436 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37437 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37438 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. | 2023-08-22 | not yet calculated | CVE-2023-37439 MISC |
hewlett_packard_enterprise -- edgeconnect_sd-wan_orchestrator | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information. | 2023-08-22 | not yet calculated | CVE-2023-37440 MISC |
icewhaletech -- casaos | CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue. | 2023-08-24 | not yet calculated | CVE-2023-37469 MISC MISC MISC MISC MISC |
keylime -- keylime | A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database. | 2023-08-25 | not yet calculated | CVE-2023-38201 MISC MISC MISC MISC |
walchem -- intuition_9 | Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data. | 2023-08-23 | not yet calculated | CVE-2023-38422 MISC |
tuleap -- tuleap | Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal). Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue. | 2023-08-24 | not yet calculated | CVE-2023-38508 MISC MISC MISC MISC |
cbc_co._ltd. -- multiple_products | Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. | 2023-08-23 | not yet calculated | CVE-2023-38585 MISC MISC MISC |
bento4 -- bento4 | Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. | 2023-08-22 | not yet calculated | CVE-2023-38666 MISC |
nasm -- nasm | Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. | 2023-08-22 | not yet calculated | CVE-2023-38667 MISC |
nasm -- nasm | Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). | 2023-08-22 | not yet calculated | CVE-2023-38668 MISC |
libreswan -- libreswan | An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. | 2023-08-25 | not yet calculated | CVE-2023-38710 MISC MISC |
libreswan -- libreswan | An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. | 2023-08-25 | not yet calculated | CVE-2023-38711 MISC MISC |
libreswan -- libreswan | An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. | 2023-08-25 | not yet calculated | CVE-2023-38712 MISC MISC |
rarlabs -- winrar | RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023. | 2023-08-23 | not yet calculated | CVE-2023-38831 MISC MISC MISC |
uasoft -- badaso | A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | 2023-08-25 | not yet calculated | CVE-2023-38973 MISC |
uasoft -- badaso | A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. | 2023-08-25 | not yet calculated | CVE-2023-38974 MISC |
subscription-manager -- subscription-manager | A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. | 2023-08-23 | not yet calculated | CVE-2023-3899 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
douran -- dsgate | An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. | 2023-08-22 | not yet calculated | CVE-2023-38996 MISC MISC MISC |
filemage -- filemage_gateway | Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. | 2023-08-22 | not yet calculated | CVE-2023-39026 MISC MISC |
nacos_group -- nacos_spring_project | An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. | 2023-08-21 | not yet calculated | CVE-2023-39106 MISC |
webui-aria2 -- webui-aria2 | webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. | 2023-08-22 | not yet calculated | CVE-2023-39141 MISC MISC |
mitel_networks_corp. -- mivoice_connect | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. | 2023-08-25 | not yet calculated | CVE-2023-39287 MISC MISC |
mitel_networks_corp. -- mivoice_connect | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. | 2023-08-25 | not yet calculated | CVE-2023-39288 MISC MISC |
mitel_networks_corp. -- mivoice_connect | A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. | 2023-08-25 | not yet calculated | CVE-2023-39289 MISC MISC |
mitel_networks_corp. -- mivoice_connect | A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. | 2023-08-25 | not yet calculated | CVE-2023-39290 MISC MISC |
mitel_networks_corp. -- mivoice_connect | A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. | 2023-08-25 | not yet calculated | CVE-2023-39291 MISC MISC |
oracle -- apache_airflow | Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position. Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability | 2023-08-23 | not yet calculated | CVE-2023-39441 MISC MISC MISC MISC MISC |
fit2cloud -- cloudexplorer_lite | Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The vulnerability has been fixed in version 1.4.0. | 2023-08-24 | not yet calculated | CVE-2023-39519 MISC MISC |
tuleap -- tuleap | Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administrator deleting a kanban with a malicious label can be forced to execute uncontrolled code. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue. | 2023-08-24 | not yet calculated | CVE-2023-39521 MISC MISC MISC MISC |
csz_cms -- csz_cms | Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. | 2023-08-22 | not yet calculated | CVE-2023-39599 MISC MISC |
icewarp_inc. -- icewarp | IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. | 2023-08-25 | not yet calculated | CVE-2023-39600 MISC MISC |
icewarp_inc. -- icewarp_mail_server | IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. | 2023-08-25 | not yet calculated | CVE-2023-39699 MISC MISC MISC |
icewarp_inc. -- icewarp_mail_server | IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. | 2023-08-25 | not yet calculated | CVE-2023-39700 MISC MISC MISC |
sourcecodester -- free_and_open_source_inventory_management_system | A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section. | 2023-08-25 | not yet calculated | CVE-2023-39707 MISC MISC MISC |
giflib-- giflib | giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. | 2023-08-25 | not yet calculated | CVE-2023-39742 MISC MISC |
renault -- easy_link_multimedia_system | A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting a device to the vehicle's USB plug and play feature. | 2023-08-24 | not yet calculated | CVE-2023-39801 MISC |
pbootcms -- pbootcms | PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. | 2023-08-24 | not yet calculated | CVE-2023-39834 MISC |
geonode -- geonode | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9. | 2023-08-24 | not yet calculated | CVE-2023-40017 MISC MISC |
rizin -- rizin | Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`. | 2023-08-24 | not yet calculated | CVE-2023-40022 MISC MISC MISC MISC MISC |
argo_cd -- argo_cd | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1. | 2023-08-23 | not yet calculated | CVE-2023-40025 MISC MISC |
rust-lang -- cargo | Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build --timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripting if the report is subsequently uploaded somewhere. The vulnerability affects users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected. Rust 1.60.0 introduced `cargo build --timings`, which produces a report of how long the different steps of the build process took. It includes lists of Cargo features for each crate. Prior to Rust 1.72, Cargo feature names were allowed to contain almost any characters (with some exceptions as used by the feature syntax), but it would produce a future incompatibility warning about them since Rust 1.49. crates.io is far more stringent about what it considers a valid feature name and has not allowed such feature names. As the feature names were included unescaped in the timings report, they could be used to inject Javascript into the page, for example with a feature name like `features = ["<img src='' onerror=alert(0)"]`. If this report were subsequently uploaded to a domain that uses credentials, the injected Javascript could access resources from the website visitor. This issue was fixed in Rust 1.72 by turning the future incompatibility warning into an error. Users should still exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well. | 2023-08-24 | not yet calculated | CVE-2023-40030 MISC MISC MISC MISC |
notepad-plus-plus -- notepad-plus-plus | Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++. | 2023-08-25 | not yet calculated | CVE-2023-40031 MISC |
craft_cms -- craft_cms | Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15. | 2023-08-23 | not yet calculated | CVE-2023-40035 MISC MISC MISC MISC |
notepad-plus-plus -- notepad-plus-plus | Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. | 2023-08-25 | not yet calculated | CVE-2023-40036 MISC |
cbc_co._ltd. -- multiple_products | OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. | 2023-08-23 | not yet calculated | CVE-2023-40144 MISC MISC MISC |
cbc_co._ltd. -- multiple_products | Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. | 2023-08-23 | not yet calculated | CVE-2023-40158 MISC MISC MISC |
notepad-plus-plus -- notepad-plus-plus | Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. | 2023-08-25 | not yet calculated | CVE-2023-40164 MISC |
notepad-plus-plus -- notepad-plus-plus | Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. | 2023-08-25 | not yet calculated | CVE-2023-40166 MISC |
xwiki -- xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). This issue is present since version 4.1M2 when the time zone user preference was introduced. The issue has been fixed in XWiki 14.10.5 and 15.1RC1. | 2023-08-23 | not yet calculated | CVE-2023-40176 MISC MISC MISC |
xwiki -- xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the ``AppWithinMinutes.Content`` author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. By using the ``display`` script service to render the content we make sure that the proper author is used for access rights checks. | 2023-08-23 | not yet calculated | CVE-2023-40177 MISC MISC MISC |
node-saml -- node-saml | Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5. | 2023-08-23 | not yet calculated | CVE-2023-40178 MISC MISC MISC |
silverware_games_inc. -- silverware_games | Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email. | 2023-08-25 | not yet calculated | CVE-2023-40179 MISC |
silverware_games_inc. -- silverware_games | Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7. | 2023-08-25 | not yet calculated | CVE-2023-40182 MISC |
shescape -- shescape | shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4. | 2023-08-23 | not yet calculated | CVE-2023-40185 MISC MISC MISC MISC |
python -- python | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | 2023-08-25 | not yet calculated | CVE-2023-40217 CONFIRM MISC |
oracle -- apache_airflow | The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour. Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. | 2023-08-23 | not yet calculated | CVE-2023-40273 MISC MISC MISC |
ibm -- aix | IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476. | 2023-08-24 | not yet calculated | CVE-2023-40371 MISC MISC |
silicon_labs -- arm | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. | 2023-08-23 | not yet calculated | CVE-2023-4041 MISC |
ghostscript -- ghostscript | A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. | 2023-08-23 | not yet calculated | CVE-2023-4042 MISC MISC MISC |
skylark_app_for_android -- skylark_app_for_android | Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device. | 2023-08-25 | not yet calculated | CVE-2023-40530 MISC MISC MISC |
datasette -- datasette | Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4. | 2023-08-25 | not yet calculated | CVE-2023-40570 MISC MISC |
weblogic-framework -- weblogic-framework | weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue. | 2023-08-25 | not yet calculated | CVE-2023-40571 MISC MISC |
xwiki -- xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation. | 2023-08-24 | not yet calculated | CVE-2023-40572 MISC MISC MISC |
xwiki -- xwiki-platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with "Job content executed" will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1. | 2023-08-24 | not yet calculated | CVE-2023-40573 MISC MISC MISC |
alertmanager -- alertmanager | Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51. | 2023-08-25 | not yet calculated | CVE-2023-40577 MISC |
openfga -- openfga | OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1. | 2023-08-25 | not yet calculated | CVE-2023-40579 MISC MISC |
freighter -- freighter | Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1. | 2023-08-25 | not yet calculated | CVE-2023-40580 MISC MISC MISC |
libp2p -- libp2p | libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4. | 2023-08-25 | not yet calculated | CVE-2023-40583 MISC MISC MISC MISC |
ironic-image -- ironic-image | ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t ...`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place. | 2023-08-25 | not yet calculated | CVE-2023-40585 MISC MISC |
golang -- owasp_coraza_waf | OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1. | 2023-08-25 | not yet calculated | CVE-2023-40586 MISC MISC |
pylons -- pyramid | Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series. | 2023-08-25 | not yet calculated | CVE-2023-40587 MISC MISC MISC MISC |
mailform_pro_cgi -- mailform_pro_cgi | Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js. | 2023-08-25 | not yet calculated | CVE-2023-40599 MISC MISC |
openmns -- horizon | In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. | 2023-08-23 | not yet calculated | CVE-2023-40612 MISC MISC |
opto_22 -- snap_pac_s1 | There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login. | 2023-08-24 | not yet calculated | CVE-2023-40706 MISC |
opto_22 -- snap_pac_s1 | There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials. | 2023-08-24 | not yet calculated | CVE-2023-40707 MISC |
opto_22 -- snap_pac_s1 | The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files. | 2023-08-24 | not yet calculated | CVE-2023-40708 MISC |
opto_22 -- snap_pac_s1 | An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b | 2023-08-24 | not yet calculated | CVE-2023-40709 MISC |
opto_22 -- snap_pac_s1 | An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b | 2023-08-24 | not yet calculated | CVE-2023-40710 MISC |
butterfly_button -- butterfly_button | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality. This issue affects BUTTERFLY BUTTON: As of 2023-08-21. | 2023-08-21 | not yet calculated | CVE-2023-40735 MISC MISC MISC MISC MISC MISC |
phicomm -- k2 | Phicomm k2 v22.6.529.216 is vulnerable to command injection. | 2023-08-25 | not yet calculated | CVE-2023-40796 MISC |
tenda -- ac23_firmware | In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. | 2023-08-25 | not yet calculated | CVE-2023-40797 MISC |
tenda -- ac23_firmware | In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. | 2023-08-25 | not yet calculated | CVE-2023-40798 MISC |
tenda -- ac23_firmware | Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. | 2023-08-25 | not yet calculated | CVE-2023-40799 MISC |
tenda -- ac23_firmware | The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. | 2023-08-25 | not yet calculated | CVE-2023-40800 MISC |
tenda -- ac23_firmware | The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn | 2023-08-25 | not yet calculated | CVE-2023-40801 MISC |
tenda -- ac23_firmware | The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn | 2023-08-25 | not yet calculated | CVE-2023-40802 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg. | 2023-08-24 | not yet calculated | CVE-2023-40891 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi. | 2023-08-24 | not yet calculated | CVE-2023-40892 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. | 2023-08-24 | not yet calculated | CVE-2023-40893 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg. | 2023-08-24 | not yet calculated | CVE-2023-40894 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. | 2023-08-24 | not yet calculated | CVE-2023-40895 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. | 2023-08-24 | not yet calculated | CVE-2023-40896 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo. | 2023-08-24 | not yet calculated | CVE-2023-40897 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg. | 2023-08-24 | not yet calculated | CVE-2023-40898 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. | 2023-08-24 | not yet calculated | CVE-2023-40899 MISC |
tenda -- ac8v4_firmware | Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. | 2023-08-24 | not yet calculated | CVE-2023-40900 MISC |
tenda -- ac10v4_firmware | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg. | 2023-08-24 | not yet calculated | CVE-2023-40901 MISC |
tenda -- ac10v4_firmware | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. | 2023-08-24 | not yet calculated | CVE-2023-40902 MISC |
tenda -- ac10v4_firmware | Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. | 2023-08-24 | not yet calculated | CVE-2023-40904 MISC |
tenda -- ax3_firmware | Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. | 2023-08-25 | not yet calculated | CVE-2023-40915 MISC |
jupilink -- rx4-1500 | A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root. | 2023-08-23 | not yet calculated | CVE-2023-41028 MISC |
oracle -- apache_tomcat | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. | 2023-08-25 | not yet calculated | CVE-2023-41080 MISC |
misp -- misp | An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. | 2023-08-23 | not yet calculated | CVE-2023-41098 MISC |
typo3 -- typo3 | An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check. | 2023-08-23 | not yet calculated | CVE-2023-41100 MISC |
varnish_software -- varnish_enterprise | libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. | 2023-08-23 | not yet calculated | CVE-2023-41104 MISC MISC MISC |
python -- python | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. | 2023-08-23 | not yet calculated | CVE-2023-41105 MISC MISC MISC MISC CONFIRM |
array_networks -- array_ag_os | Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. | 2023-08-25 | not yet calculated | CVE-2023-41121 MISC MISC |
webiny -- headless_cms | @webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads. | 2023-08-25 | not yet calculated | CVE-2023-41167 MISC MISC |
adguard_dns -- adguard_dns | AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. | 2023-08-25 | not yet calculated | CVE-2023-41173 MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration | 2023-08-25 | not yet calculated | CVE-2023-41248 MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step | 2023-08-25 | not yet calculated | CVE-2023-41249 MISC |
jetbrains -- teamcity | In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration | 2023-08-25 | not yet calculated | CVE-2023-41250 MISC |
trane_technologies -- multiple_products | A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick. | 2023-08-22 | not yet calculated | CVE-2023-4212 MISC MISC MISC |
moxa -- iologik_4000_series | A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device. | 2023-08-24 | not yet calculated | CVE-2023-4227 MISC |
moxa -- iologik_4000_series | A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | 2023-08-24 | not yet calculated | CVE-2023-4228 MISC |
moxa -- iologik_4000_series | A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures. | 2023-08-24 | not yet calculated | CVE-2023-4229 MISC |
moxa -- iologik_4000_series | A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. | 2023-08-24 | not yet calculated | CVE-2023-4230 MISC |
sick_ag -- lms5xx | A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users. | 2023-08-24 | not yet calculated | CVE-2023-4418 MISC MISC MISC |
sick_ag -- lms5xx | The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. | 2023-08-24 | not yet calculated | CVE-2023-4419 MISC MISC MISC |
sick_ag -- lms5xx | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted. | 2023-08-24 | not yet calculated | CVE-2023-4420 MISC MISC MISC |
google -- chrome | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 2023-08-23 | not yet calculated | CVE-2023-4427 MISC MISC MISC |
asustor -- adm | An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. | 2023-08-22 | not yet calculated | CVE-2023-4475 MISC |
mattermost -- mattermost | Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. | 2023-08-25 | not yet calculated | CVE-2023-4478 MISC |
gerbv -- gerbv | A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file. | 2023-08-24 | not yet calculated | CVE-2023-4508 MISC MISC MISC |
wireshark -- wireshark | BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file | 2023-08-24 | not yet calculated | CVE-2023-4511 MISC MISC |
wireshark -- wireshark | CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file | 2023-08-24 | not yet calculated | CVE-2023-4512 MISC MISC |
wireshark -- wireshark | BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file | 2023-08-24 | not yet calculated | CVE-2023-4513 MISC MISC |
neomind -- fusion_platform | A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-25 | not yet calculated | CVE-2023-4534 MISC MISC MISC |
d-link -- dar-8000-10 | A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-25 | not yet calculated | CVE-2023-4542 MISC MISC MISC |
ibos -- oa | A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. This vulnerability affects unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-25 | not yet calculated | CVE-2023-4543 MISC MISC MISC |
beijing_baichuo -- smart_s85f_management_platform | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-26 | not yet calculated | CVE-2023-4544 MISC MISC MISC |
ibos -- oa | A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-08-26 | not yet calculated | CVE-2023-4545 MISC MISC MISC |
beijing_baichuo -- smart_s85f_management_platform | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability. | 2023-08-26 | not yet calculated | CVE-2023-4546 MISC MISC MISC |
spa-cart_ecommerce_cms -- spa-cart_ecommerce_cms | A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability. | 2023-08-26 | not yet calculated | CVE-2023-4547 MISC MISC |
spa-cart_ecommerce_cms -- spa-cart_ecommerce_cms | A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059. | 2023-08-26 | not yet calculated | CVE-2023-4548 MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.