Vulnerability Summary for the Week of September 11, 2023

Released
Sep 18, 2023
Document ID
SB23-261

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wibu -- codemeter_runtime
 
A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.2023-09-1310CVE-2023-3935
MISC
MISC
sap -- businessobjects_business_intelligenceSAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.2023-09-129.9CVE-2023-40622
MISC
MISC
dlink -- dir-619l_firmwareBuffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login.2023-09-119.8CVE-2020-19319
MISC
dlink -- dir-619l_firmwareBuffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login.2023-09-119.8CVE-2020-19320
MISC
MISC
mofinetwork -- mofi4500-4gxelte-v2_firmwareAn issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request.2023-09-089.8CVE-2021-27715
MISC
MISC
rockwell_automation -- factorytalk_viewRockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets.  The device has the functionality, through a CIP class, to execute exported functions from libraries.  There is a routine that restricts it to execute specific functions from two dynamic link library files.  By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.2023-09-129.8CVE-2023-2071
MISC
xxyopen -- novel-plusnovel-plus 3.6.2 is vulnerable to SQL Injection.2023-09-119.8CVE-2023-30058
MISC
MISC
tsplus -- tsplus_remote_accessAn issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.2023-09-119.8CVE-2023-31067
MISC
MISC
tsplus -- tsplus_remote_accessAn issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.2023-09-119.8CVE-2023-31068
MISC
MISC
google -- androidIn eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-119.8CVE-2023-35681
MISC
MISC
phpjabbers -- cleaning_business_softwareIn PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.2023-09-119.8CVE-2023-36140
MISC
MISC
trendylogics -- crypto_currency_trackerIncorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.2023-09-089.8CVE-2023-37759
MISC
MISC
MISC
adobe -- coldfusion
 
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.2023-09-149.8CVE-2023-38204
MISC
conemu_project -- conemuConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.2023-09-129.8CVE-2023-39150
MISC
MISC
golang -- goThe go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.2023-09-089.8CVE-2023-39320
MISC
MISC
MISC
MISC
dlink -- dir-816_firmwareD-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.2023-09-129.8CVE-2023-39637
MISC
MISC
MISC
MISC
arris -- tg852g_firmwareAn issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.2023-09-119.8CVE-2023-40039
MISC
MISC
MISC
dedecms -- dedecmsDedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.2023-09-129.8CVE-2023-40784
MISC
MISC
opencart -- opencartOpenCart v4.0.2.2 is vulnerable to Brute Force Attack.2023-09-129.8CVE-2023-40834
MISC
MISC
schoolmate -- schoolmateSchoolmate 1.3 is vulnerable to SQL Injection in the variable schoolname from Database at ~\header.php.2023-09-119.8CVE-2023-40944
MISC
sourcecodester -- doctor_appointment_systemSourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.2023-09-119.8CVE-2023-40945
MISC
schoolmate -- schoolmateSchoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.2023-09-119.8CVE-2023-40946
MISC
zoo_management_system_project -- zoo_management_systemZoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields.2023-09-089.8CVE-2023-41615
MISC
MISC
MISC
jeecg -- jeecg_bootJeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.2023-09-089.8CVE-2023-42268
MISC
hutool -- hutoolhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.2023-09-089.8CVE-2023-42276
MISC
hutool -- hutoolhutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.2023-09-089.8CVE-2023-42277
MISC
imoulife -- lifeThe Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.2023-09-119.8CVE-2023-42470
MISC
MISC
MISC
wave-ai -- waveThe wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third-party application (with no permissions).2023-09-119.8CVE-2023-42471
MISC
MISC
MISC
sourcecodester -- simple_membership_systemA vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.2023-09-099.8CVE-2023-4845
MISC
MISC
MISC
sourcecodester -- simple_book_catalog_appA vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.2023-09-099.8CVE-2023-4848
MISC
MISC
MISC
sourcecodester -- online_tours_\&_travels_management_systemA vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239351.2023-09-109.8CVE-2023-4866
MISC
MISC
MISC
sourcecodester -- contact_manager_appA vulnerability classified as critical was found in SourceCodester Contact Manager App 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument contact/contactName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239356.2023-09-109.8CVE-2023-4871
MISC
MISC
MISC
sourcecodester -- contact_manager_appA vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239357 was assigned to this vulnerability.2023-09-109.8CVE-2023-4872
MISC
MISC
MISC
byzoro -- smart_s45f_firmwareA vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-239358 is the identifier assigned to this vulnerability.2023-09-109.8CVE-2023-4873
MISC
MISC
MISC
mintplexlabs -- anythingllmRelative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.2023-09-119.8CVE-2023-4897
MISC
MISC
adobe -- commerce
 
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.2023-09-129.1CVE-2022-24093
MISC
ibm -- security_directory_serverIBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.2023-09-089.1CVE-2022-33164
MISC
MISC
dlink -- dir-605l_firmwareBuffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program.2023-09-118.8CVE-2020-19318
MISC
redhat -- decision_managerA flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.2023-09-118.8CVE-2022-1415
MISC
MISC
MISC
microsoft -- azure_devops
 
Azure DevOps Server Remote Code Execution Vulnerability2023-09-128.8CVE-2023-33136
MISC
google -- androidIn gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-118.8CVE-2023-35658
MISC
MISC
google -- androidIn build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-118.8CVE-2023-35673
MISC
MISC
google -- androidIn avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-118.8CVE-2023-35684
MISC
MISC
govee -- homeGovee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.2023-09-118.8CVE-2023-3612
MISC
microsoft -- sharepoint_server
 
Microsoft SharePoint Server Elevation of Privilege Vulnerability2023-09-128.8CVE-2023-36764
MISC
microsoft -- windows_11
 
Windows Themes Remote Code Execution Vulnerability2023-09-128.8CVE-2023-38146
MISC
microsoft -- multiple_products
 
Windows Miracast Wireless Display Remote Code Execution Vulnerability2023-09-128.8CVE-2023-38147
MISC
microsoft -- multiple_products
 
Internet Connection Sharing (ICS) Remote Code Execution Vulnerability2023-09-128.8CVE-2023-38148
MISC
netis-systems -- wf2409e_firmwareAn issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.2023-09-118.8CVE-2023-38829
MISC
siemens -- qms_automotive
 
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database.2023-09-128.8CVE-2023-40726
MISC
idreamsoft -- icmsicms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).2023-09-088.8CVE-2023-40953
MISC
MISC
wordpress -- wordpress
 
The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user.2023-09-138.8CVE-2023-4153
MISC
MISC
MISC
wordpress -- wordpress
 
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.2023-09-138.8CVE-2023-4213
MISC
MISC
mozilla -- firefoxDue to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. This bug only affects Firefox on macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.2023-09-118.8CVE-2023-4582
MISC
MISC
MISC
MISC
mozilla -- thunderbirdMemory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.2023-09-118.8CVE-2023-4584
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- thunderbirdMemory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.2023-09-118.8CVE-2023-4585
MISC
MISC
MISC
MISC
wibu -- codemeter_runtime
 
A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system.2023-09-138.8CVE-2023-4701
MISC
MISC
hitachi_energy -- asset_suiteA vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.2023-09-118.8CVE-2023-4816
MISC
sourcecodester -- take-note_appA vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.2023-09-098.8CVE-2023-4865
MISC
MISC
MISC
sourcecodester -- contact_manager_appA vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability.2023-09-108.8CVE-2023-4868
MISC
MISC
MISC
sourcecodester -- contact_manager_appA vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability.2023-09-108.8CVE-2023-4869
MISC
MISC
MISC
mintplexlabs -- anything-llmSQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.2023-09-128.8CVE-2023-4899
MISC
MISC
wordpress -- wordpress
 
The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-09-138.8CVE-2023-4916
MISC
MISC
mozilla -- firefoxOn Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. *This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.2023-09-118.6CVE-2023-4576
MISC
MISC
MISC
MISC
MISC
MISC
siemens -- spectrum_power_7
 
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.2023-09-148.2CVE-2023-38557
MISC
hichip -- shenzhen_hichip_vision_technology_firmwareShenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service vulnerability through sending a crafted multicast message in a local network.2023-09-118.1CVE-2022-23382
MISC
openpmix -- openpmixOpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.2023-09-098.1CVE-2023-41915
MISC
CONFIRM
CONFIRM
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability2023-09-128CVE-2023-36744
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability2023-09-128CVE-2023-36745
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Remote Code Execution Vulnerability2023-09-128CVE-2023-36756
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Spoofing Vulnerability2023-09-128CVE-2023-36757
MISC
foxconn -- live_update_utilityAn issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.2023-09-117.8CVE-2020-24088
MISC
MISC
MISC
adobe -- indesignAdobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.8CVE-2022-28831
MISC
adobe -- indesignAdobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.8CVE-2022-28832
MISC
adobe -- indesignAdobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.8CVE-2022-28833
MISC
adobe -- incopyAdobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.8CVE-2022-28834
MISC
adobe -- incopyAdobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.8CVE-2022-28835
MISC
adobe -- incopyAdobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.8CVE-2022-28836
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.8CVE-2022-34224
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.8CVE-2022-34227
MISC
adobe -- acrobat_reader
 
Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-137.8CVE-2023-26369
MISC
microsoft -- multiple_products
 
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-35355
MISC
google -- androidIn multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-117.8CVE-2023-35665
MISC
MISC
google -- androidIn bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-117.8CVE-2023-35666
MISC
MISC
google -- androidIn updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-117.8CVE-2023-35667
MISC
MISC
google -- androidIn checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-117.8CVE-2023-35669
MISC
MISC
google -- androidIn computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-117.8CVE-2023-35670
MISC
MISC
google -- androidIn onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-117.8CVE-2023-35674
MISC
MISC
google -- androidIn createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-117.8CVE-2023-35676
MISC
MISC
google -- androidIn hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2023-09-117.8CVE-2023-35682
MISC
MISC
google -- androidIn MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-117.8CVE-2023-35687
MISC
MISC
microsoft -- 3d_viewer
 
3D Viewer Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36739
MISC
microsoft -- 3d_viewer
 
3D Viewer Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36740
MISC
microsoft -- visual_studio
 
Visual Studio Code Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36742
MISC
microsoft -- visual_studio
 
Visual Studio Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-36758
MISC
microsoft -- 3d_viewer
 
3D Viewer Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36760
MISC
microsoft -- office
 
Microsoft Office Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-36765
MISC
microsoft -- excel
 
Microsoft Excel Information Disclosure Vulnerability2023-09-127.8CVE-2023-36766
MISC
microsoft -- 3d_builder
 
3D Builder Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36770
MISC
microsoft -- 3d_builder
 
3D Builder Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36771
MISC
microsoft -- 3d_builder
 
3D Builder Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36772
MISC
microsoft -- 3d_builder3D Builder Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36773
MISC
microsoft -- .net
 
.NET Framework Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36788
MISC
microsoft -- visual_studio
 
Visual Studio Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36792
MISC
microsoft -- visual_studio
 
Visual Studio Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36793
MISC
microsoft -- visual_studio
 
Visual Studio Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36794
MISC
microsoft -- visual_studio
 
Visual Studio Remote Code Execution Vulnerability2023-09-127.8CVE-2023-36796
MISC
microsoft -- multiple_products
 
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-36802
MISC
microsoft -- multiple_products
 
Windows GDI Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-36804
MISC
siemens -- teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)2023-09-127.8CVE-2023-38070
MISC
siemens -- teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)2023-09-127.8CVE-2023-38071
MISC
siemens -- teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)2023-09-127.8CVE-2023-38072
MISC
siemens -- teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)2023-09-127.8CVE-2023-38073
MISC
siemens -- teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)2023-09-127.8CVE-2023-38074
MISC
siemens -- teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)2023-09-127.8CVE-2023-38075
MISC
siemens -- teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)2023-09-127.8CVE-2023-38076
MISC
microsoft -- multiple_products
 
Windows Kernel Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-38139
MISC
microsoft -- multiple_products
 
Windows Kernel Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-38141
MISC
microsoft -- multiple_products
 
Windows Kernel Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-38142
MISC
microsoft -- multiple_products
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-38143
MISC
microsoft -- multiple_products
 
Windows Common Log File System Driver Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-38144
MISC
microsoft -- windows_11
 
Windows Kernel Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-38150
MISC
microsoft -- multiple_products
 
Windows GDI Elevation of Privilege Vulnerability2023-09-127.8CVE-2023-38161
MISC
microsoft -- windows_defender_security_intelligence_updatesWindows Defender Attack Surface Reduction Security Feature Bypass2023-09-127.8CVE-2023-38163
MISC
ibm -- qradar_wincollectIBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542.2023-09-087.8CVE-2023-38736
MISC
MISC
raidenftpd -- raidenftpdBuffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.2023-09-117.8CVE-2023-39063
MISC
siemens -- qms_automotive
 
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code.2023-09-127.8CVE-2023-40727
MISC
siemens -- parasolid
 
A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)2023-09-127.8CVE-2023-41032
MISC
siemens -- parasolid
 
A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)2023-09-127.8CVE-2023-41033
MISC
siemens -- parasolid
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.2023-09-127.8CVE-2023-41846
MISC
apple -- macosThe issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, iOS 15.7.8 and iPadOS 15.7.8, watchOS 9.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.2023-09-127.8CVE-2023-41990
MISC
MISC
MISC
MISC
MISC
MISC
MISC
hashicorp -- terraformTerraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. This vulnerability is fixed in Terraform 1.5.7.2023-09-087.8CVE-2023-4782
MISC
microsoft -- dynamics_265_for_finance_and_operations
 
Dynamics Finance and Operations Cross-site Scripting Vulnerability2023-09-127.6CVE-2023-36800
MISC
dlink -- dir-619l_firmwareAn issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required2023-09-117.5CVE-2020-19323
MISC
MISC
ibm -- aspera_faspexIBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information. IBM X-Force ID: 222567.2023-09-087.5CVE-2022-22401
MISC
MISC
siemens -- multiple_products
 
The ANSI C OPC UA SDK contains an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.2023-09-127.5CVE-2023-28831
MISC
microsoft -- azure_kubernetes_service
 
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability2023-09-127.5CVE-2023-29332
MISC
ibm -- aspera_faspexIBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.2023-09-087.5CVE-2023-30995
MISC
MISC
tsplus -- tsplus_remote_accessAn issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.2023-09-117.5CVE-2023-31069
MISC
MISC
quboworld -- smart_plug_10a_firmwareAn issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.2023-09-117.5CVE-2023-36161
MISC
aptosfoundation -- aptosCMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.2023-09-087.5CVE-2023-36184
MISC
MISC
MISC
MISC
microsoft -- outlook
 
Microsoft Outlook Information Disclosure Vulnerability2023-09-127.5CVE-2023-36763
MISC
samsung -- exynos_9810_firmwareAn issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.2023-09-087.5CVE-2023-37368
MISC
samsung -- exynos_980_firmwareAn issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.2023-09-087.5CVE-2023-37377
MISC
microsoft -- multiple_products
 
Windows TCP/IP Denial of Service Vulnerability2023-09-127.5CVE-2023-38149
MISC
microsoft -- multiple_products
 
DHCP Server Service Denial of Service Vulnerability2023-09-127.5CVE-2023-38162
MISC
adobe -- coldfusion
 
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.2023-09-147.5CVE-2023-38205
MISC
golang -- goProcessing an incomplete post-handshake message for a QUIC connection can cause a panic.2023-09-087.5CVE-2023-39321
MISC
MISC
MISC
MISC
golang -- goQUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size.2023-09-087.5CVE-2023-39322
MISC
MISC
MISC
MISC
hexo -- hexoHexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability.2023-09-087.5CVE-2023-39584
MISC
MISC
MISC
buffalo -- terastation_nas_5410r_firmwareAn Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.2023-09-087.5CVE-2023-39620
MISC
MISC
arm -- trusted_firmware-mIn Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.2023-09-087.5CVE-2023-40271
MISC
MISC
apple -- macosThis issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.2023-09-127.5CVE-2023-40440
MISC
jeecg -- jeecg_bootJeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection.2023-09-087.5CVE-2023-41578
MISC
dairy_farm_shop_management_system -- dairy_farm_shop_management_systemDairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.2023-09-087.5CVE-2023-41594
MISC
MISC
MISC
hutool -- hutoolhutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().2023-09-087.5CVE-2023-42278
MISC
mozilla -- multiple_productsWhen checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.2023-09-117.5CVE-2023-4583
MISC
MISC
MISC
MISC
sourcecodester -- simple_membership_systemA vulnerability was found in SourceCodester Simple Membership System 1.0. It has been classified as critical. This affects an unknown part of the file club_edit_query.php. The manipulation of the argument club_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239253 was assigned to this vulnerability.2023-09-087.5CVE-2023-4844
MISC
MISC
MISC
sourcecodester -- simple_membership_systemA vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255.2023-09-097.5CVE-2023-4846
MISC
MISC
MISC
inure -- inureExposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.2023-09-107.5CVE-2023-4876
MISC
MISC
inure -- inureExposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.2023-09-107.5CVE-2023-4877
MISC
MISC
mintplexlabs -- anything-llmAuthentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.2023-09-127.5CVE-2023-4898
MISC
MISC
cecil -- cecilRelative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.2023-09-127.5CVE-2023-4914
MISC
MISC
adobe -- acrobat_dcAdobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.3CVE-2019-16470
MISC
adobe -- acrobat_dcAdobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-117.3CVE-2019-16471
MISC
microsoft -- multiple_products
 
Microsoft Word Remote Code Execution Vulnerability2023-09-127.3CVE-2023-36762
MISC
siemens -- qms_automotive
 
A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation.2023-09-127.3CVE-2023-40724
MISC
siemens -- qms_automotive
 
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition.2023-09-127.3CVE-2023-40728
MISC
siemens -- qms_automotive
 
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate or steal confidential information.2023-09-127.3CVE-2023-40729
MISC
sap -- businessobjects_business_intelligence_platformDue to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data causing a high impact on confidentiality and integrity of the application.2023-09-127.3CVE-2023-42472
MISC
MISC

microsoft -- azure_hdinsights

Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability2023-09-127.2CVE-2023-38156
MISC
zohocorp -- manageengine_admanager_plusZoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.2023-09-117.2CVE-2023-38743
MISC
insyde -- iscflashx64.sysAn issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash.2023-09-087.1CVE-2021-33834
MISC
MISC
sap -- businessobjectsSAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.2023-09-127.1CVE-2023-40623
MISC
MISC
siemens -- qms_automotive
 
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service condition.2023-09-127.1CVE-2023-40730
MISC
linux -- kernelA stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service.2023-09-117.1CVE-2023-4881
MISC
MISC
n-able -- take_controlBASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading to arbitrary file deletion.2023-09-117CVE-2023-27470
MISC
microsoft -- windows_server_2012Windows MSHTML Platform Security Feature Bypass Vulnerability2023-09-127CVE-2023-36805
MISC
microsoft -- azure_devops
 
Azure DevOps Server Remote Code Execution Vulnerability2023-09-127CVE-2023-38155
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
solarwinds -- solarwinds_platform
 
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.2023-09-136.8CVE-2023-23840
MISC
MISC
solarwinds -- solarwinds_platform
 
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.2023-09-136.8CVE-2023-23845
MISC
MISC
microsoft -- visual_studio
 
Visual Studio Elevation of Privilege Vulnerability2023-09-126.7CVE-2023-36759
MISC
xpand-it -- write-back_managerXpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.2023-09-126.5CVE-2023-27169
MISC
MISC
MISC
MISC
microsoft -- .net/visual_studio
 
.NET Core and Visual Studio Denial of Service Vulnerability2023-09-126.5CVE-2023-36799
MISC
apache -- airflowApache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.2023-09-126.5CVE-2023-40712
MISC
MISC
MISC
mozilla -- thunderbirdWhen receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.2023-09-116.5CVE-2023-4573
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- thunderbirdWhen creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.2023-09-116.5CVE-2023-4574
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- thunderbirdWhen creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.2023-09-116.5CVE-2023-4575
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- thunderbirdWhen `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.2023-09-116.5CVE-2023-4577
MISC
MISC
MISC
MISC
mozilla -- thunderbirdWhen calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.2023-09-116.5CVE-2023-4578
MISC
MISC
MISC
MISC
mozilla -- thunderbirdPush notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.2023-09-116.5CVE-2023-4580
MISC
MISC
MISC
MISC
mutt -- muttNull pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.122023-09-096.5CVE-2023-4874
MISC
MISC
MISC
wordpress -- wordpress
 
The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-09-146.4CVE-2023-4841
MISC
MISC
MISC
wordpress -- wordpress
 
The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.2023-09-126.4CVE-2023-4893
MISC
MISC
wordpress -- wordpress
 
The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-09-146.4CVE-2023-4944
MISC
MISC
MISC
wordpress -- wordpress
 
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-09-146.4CVE-2023-4945
MISC
MISC
MISC
sap -- powerdesignerSAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.2023-09-126.3CVE-2023-40621
MISC
MISC
microsoft -- word
 
Microsoft Word Information Disclosure Vulnerability2023-09-126.2CVE-2023-36761
MISC
adobe -- connect
 
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-09-136.1CVE-2023-29305
MISC
adobe -- connect
 
Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-09-136.1CVE-2023-29306
MISC
wordpress -- wordpressThe tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.2023-09-116.1CVE-2023-3169
MISC
wordpress -- wordpressA reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'.2023-09-116.1CVE-2023-38878
MISC
MISC
MISC
golang -- goThe html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.2023-09-086.1CVE-2023-39318
MISC
MISC
MISC
MISC
golang -- goThe html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.2023-09-086.1CVE-2023-39319
MISC
MISC
MISC
MISC
fieldthemes -- fieldpopupnewsletterFieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.2023-09-086.1CVE-2023-39676
MISC
MISC
MISC
free_and_open_source_inventory_management_system -- free_and_open_source_inventory_management_systemMultiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Put section.2023-09-086.1CVE-2023-39712
MISC
MISC
MISC
sap -- s/4hanaSAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.2023-09-086.1CVE-2023-40306
MISC
MISC
icewarp -- icewarpCross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.2023-09-126.1CVE-2023-41013
MISC
MISC
cockpit_cms -- cockpit_cmsAn arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.2023-09-086.1CVE-2023-41564
MISC
sourcecodester -- simple_book_catalog_appA vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.2023-09-096.1CVE-2023-4847
MISC
MISC
MISC
sourcecodester -- take-note_appA vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input <script>alert('xss')</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability.2023-09-096.1CVE-2023-4864
MISC
MISC
MISC
sourcecodester -- contact_manager_appA vulnerability classified as problematic has been found in SourceCodester Contact Manager App 1.0. This affects an unknown part of the file index.php of the component Contact Information Handler. The manipulation of the argument contactID with the input "><sCrIpT>alert(1)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239355.2023-09-106.1CVE-2023-4870
MISC
MISC
MISC
cecil -- cecilCross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1.2023-09-126.1CVE-2023-4913
MISC
MISC
ibm -- aspera_faspexIBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.2023-09-085.9CVE-2022-22405
MISC
MISC
microsoft -- exchange_server
 
Microsoft Exchange Server Information Disclosure Vulnerability2023-09-125.7CVE-2023-36777
MISC
siemens -- qms_automotive
 
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering.2023-09-125.7CVE-2023-40731
MISC
mutt -- muttNull pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.122023-09-095.7CVE-2023-4875
MISC
MISC
MISC
adobe -- acrobat_dcAdobe Acrobat Reader versions 2019.010.20098 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-115.5CVE-2019-7819
MISC
adobe -- acrobat_dcAcrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-09-115.5CVE-2022-34238
MISC
dell -- digital_deliveryDell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).2023-09-085.5CVE-2023-32470
MISC
google -- androidIn convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-115.5CVE-2023-35664
MISC
MISC
google -- androidIn onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-115.5CVE-2023-35671
MISC
MISC
google -- androidIn loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-115.5CVE-2023-35675
MISC
MISC
google -- androidIn onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-115.5CVE-2023-35677
MISC
MISC
google -- androidIn MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.2023-09-115.5CVE-2023-35679
MISC
MISC
google -- androidIn multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-115.5CVE-2023-35680
MISC
MISC
google -- androidIn bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-09-115.5CVE-2023-35683
MISC
MISC
microsoft -- multiple_products
 
Windows Kernel Information Disclosure Vulnerability2023-09-125.5CVE-2023-36803
MISC
microsoft -- multiple_products
 
Windows Kernel Information Disclosure Vulnerability2023-09-125.5CVE-2023-38140
MISC
microsoft -- multiple_products
 
Windows TCP/IP Information Disclosure Vulnerability2023-09-125.5CVE-2023-38160
MISC
siemens -- simatic_pcs_neo
 
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.2023-09-145.5CVE-2023-38558
MISC
gpac -- gpacGPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.2023-09-115.5CVE-2023-41000
MISC
mozilla -- vpnAn invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.2023-09-115.5CVE-2023-4104
MISC
MISC
MISC
MISC
MISC
MISC
microsoft -- office
 
Microsoft Office Spoofing Vulnerability2023-09-125.5CVE-2023-41764
MISC
qemu -- qemuQEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.2023-09-115.5CVE-2023-42467
MISC
MISC
ibm -- aspera_faspexIBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.2023-09-085.4CVE-2022-22402
MISC
MISC
ibm -- maximo_asset_managementIBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.2023-09-085.4CVE-2023-32332
MISC
MISC
MISC
wordpress -- wordpressThe FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user.2023-09-115.4CVE-2023-3510
MISC
microsoft -- dynamics_365Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability2023-09-125.4CVE-2023-36886
MISC
microsoft -- dynamics_365Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability2023-09-125.4CVE-2023-38164
MISC
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-09-135.4CVE-2023-38214
MISC
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2023-09-135.4CVE-2023-38215
MISC
sap -- s4coreS4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.2023-09-125.4CVE-2023-40625
MISC
MISC
hkcms -- hkcmsHKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.2023-09-115.4CVE-2023-40786
MISC
MISC
turt2live -- matrix-media-repomatrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.2023-09-085.4CVE-2023-41318
MISC
MISC
MISC
MISC
blood_bank_&_donor_management_system_project -- blood_bank_&_donor_management_systemMultiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters.2023-09-085.4CVE-2023-41575
MISC
wordpress -- wordpressThe Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-09-095.4CVE-2023-4838
MISC
MISC
wordpress -- wordpressThe MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-09-125.4CVE-2023-4840
MISC
MISC
MISC
wordpress -- wordpressThe Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-09-125.4CVE-2023-4887
MISC
MISC
wordpress -- wordpressThe JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-09-125.4CVE-2023-4890
MISC
MISC
MISC
ibm -- aspera_faspexIBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.2023-09-085.3CVE-2022-22409
MISC
MISC
ibm -- aspera_faspexIBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.2023-09-085.3CVE-2023-24965
MISC
MISC
hcltech -- dominoIn some configuration scenarios, the Domino server host name can be exposed. This information could be used to target future attacks.2023-09-085.3CVE-2023-28010
MISC
microsoft -- windows_server
 
DHCP Server Service Information Disclosure Vulnerability2023-09-125.3CVE-2023-36801
MISC
samsung -- exynos_9820_firmwareAn issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages.2023-09-085.3CVE-2023-37367
MISC
sap -- businessobjects_business_intelligenceDue to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.2023-09-125.3CVE-2023-37489
MISC
MISC
microsoft -- windows_server
 
DHCP Server Service Information Disclosure Vulnerability2023-09-125.3CVE-2023-38152
MISC
adobe -- coldfusion
 
Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction.2023-09-145.3CVE-2023-38206
MISC
mycrops -- higradeAn issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.2023-09-115.3CVE-2023-40040
MISC
gofiber -- fiberFiber is an Express inspired web framework built in the go language. Versions of gofiber prior to 2.49.2 did not properly restrict access to localhost. This issue impacts users of our project who rely on the `ctx.IsFromLocal` method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost. Setting `X-Forwarded-For: 127.0.0.1` in a request from a foreign host, will result in true for `ctx.IsFromLocal`. Access is limited to the scope of the affected process. This issue has been patched in version `2.49.2` with commit `b8c9ede6`. Users are advised to upgrade. There are no known workarounds to remediate this vulnerability without upgrading to the patched version.2023-09-085.3CVE-2023-41338
MISC
MISC
MISC
MISC
sap -- netweaverDue to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.2023-09-125.3CVE-2023-41367
MISC
MISC
sap -- s/4_hanaThe OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.2023-09-125.3CVE-2023-41368
MISC
MISC
wordpress -- wordpress
 
The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control Widget). The function changes the user's password after providing the email. The new password is only sent to the user's email, so the attacker does not have access to the new password.2023-09-135.3CVE-2023-4915
MISC
MISC
wordpress -- wordpress
 
The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.2023-09-135.3CVE-2023-4917
MISC
MISC
wordpress -- wordpressThe tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-09-114.8CVE-2023-3170
MISC
pega -- pega_platformPega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.2023-09-084.8CVE-2023-4843
MISC
anaconda -- anaconda3Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.2023-09-114.7CVE-2023-35845
MISC
gm -- mylink_infotainment_systemInjecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system.2023-09-084.6CVE-2023-39076
MISC
qnap -- qvr_pro_clientAn insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later2023-09-084.4CVE-2022-27599
MISC
microsoft -- identity_linux_broker
 
Microsoft Identity Linux Broker Remote Code Execution Vulnerability2023-09-124.4CVE-2023-36736
MISC
microsoft -- office
 
Microsoft Office Security Feature Bypass Vulnerability2023-09-124.3CVE-2023-36767
MISC
oracle -- apache_airflowApache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.1 or later which has removed the vulnerability.2023-09-124.3CVE-2023-40611
MISC
MISC
sap -- s/4_hanaThe Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.2023-09-124.3CVE-2023-41369
MISC
MISC
mozilla -- thunderbirdExcel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.2023-09-114.3CVE-2023-4581
MISC
MISC
MISC
MISC
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.2023-09-114.3CVE-2023-4630
MISC
MISC
qualys -- container_scanning_connectorAn incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. 2023-09-084.3CVE-2023-4777
MISC
wordpress -- wordpress
 
The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update CVR numbers for orders.2023-09-144.3CVE-2023-4948
MISC
MISC
siemens -- qms_automotive
 
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.2023-09-124CVE-2023-40725
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
siemens -- qms_automotive
 
A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.2023-09-123.9CVE-2023-40732
MISC
samsung -- exynos_9820_firmwareAn issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application.2023-09-123.3CVE-2023-40218
MISC
samsung -- exynos_980_firmwareAn issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.2023-09-083.3CVE-2023-40353
MISC
apple -- ipadosA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. An app may be able to read sensitive location information.2023-09-123.3CVE-2023-40442
MISC
MISC
MISC
mozilla -- firefoxSearch queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.2023-09-113.1CVE-2023-4579
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
tripodworks_co._ltd. -- gigapod
 
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.2023-09-08not yet calculatedCVE-2014-5329
MISC
diebold_nixdorf -- opteva
 
An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.2023-09-11not yet calculatedCVE-2020-19559
MISC
fortinet -- forticlientems
 
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.2023-09-13not yet calculatedCVE-2021-44172
MISC
fortinet -- fortiadc
 
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.2023-09-13not yet calculatedCVE-2022-35849
MISC
apache_friends -- xampp
 
The installer in XAMPP through 8.1.12 allows local users to write to the C:\xampp directory. Common use cases execute files under C:\xampp with administrative privileges.2023-09-12not yet calculatedCVE-2022-47637
MISC
control_de_ciber -- control_de_ciber
 
Control de Ciber, in its 1.650 version, is affected by a Denial of Service condition through the version function. Sending a malicious request could cause the server to check if an unrecognized component is up to date, causing a memory failure error that shuts down the process.2023-09-12not yet calculatedCVE-2022-48474
MISC
control_de_ciber -- control_de_ciber
 
Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request.2023-09-12not yet calculatedCVE-2022-48475
MISC
control_de_ciber -- control_de_ciber
 
Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.2023-09-12not yet calculatedCVE-2022-4896
MISC
foreman -- foreman
 
A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.2023-09-12not yet calculatedCVE-2023-0119
MISC
MISC
MISC
cisco -- ios_xr
 
A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device.2023-09-13not yet calculatedCVE-2023-20135
MISC
cisco -- ios_xr
 
A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .2023-09-13not yet calculatedCVE-2023-20190
MISC
cisco -- ios_xr
 
A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .2023-09-13not yet calculatedCVE-2023-20191
MISC
cisco -- ios_xr
 
A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.2023-09-13not yet calculatedCVE-2023-20233
MISC
cisco -- ios_xr
 
A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device. This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.2023-09-13not yet calculatedCVE-2023-20236
MISC
blackberry -- athoc
 
A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.2023-09-12not yet calculatedCVE-2023-21520
MISC
blackberry -- athoc
 
An SQL Injection vulnerability in the Management Console? (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.2023-09-12not yet calculatedCVE-2023-21521
MISC
blackberry -- athoc
 
A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account. 2023-09-12not yet calculatedCVE-2023-21522
MISC
blackberry -- athoc
 
A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.2023-09-12not yet calculatedCVE-2023-21523
MISC
nvidia -- connectx_host
 
NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges. 2023-09-12not yet calculatedCVE-2023-25519
MISC
fortinet -- fortiap
 
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.2023-09-13not yet calculatedCVE-2023-25608
MISC
sidekiq -- sidekiq
 
Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.2023-09-14not yet calculatedCVE-2023-26141
MISC
MISC
MISC
MISC
crow -- crow
 
All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.2023-09-12not yet calculatedCVE-2023-26142
MISC
MISC
qemu -- qemu
 
This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.2023-09-13not yet calculatedCVE-2023-2680
MISC
MISC
wordpress -- wordpress
 
The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin2023-09-11not yet calculatedCVE-2023-2705
MISC
fortinet -- fortipresence
 
A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.2023-09-13not yet calculatedCVE-2023-27998
MISC
movim -- movim
 
Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.2023-09-14not yet calculatedCVE-2023-2848
MISC
MISC
MISC
fortinet -- fortiproxy/fortios
 
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution vicrafted guest management setting.2023-09-13not yet calculatedCVE-2023-29183
MISC
rockwell_automation -- pavilion8
 
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.2023-09-12not yet calculatedCVE-2023-29463
MISC
dell -- sd_rom_utility
 
SD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.2023-09-12not yet calculatedCVE-2023-3039
MISC
palantir -- cerberus
 
The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58.2023-09-12not yet calculatedCVE-2023-30962
MISC
inosoft_gmbh -- visiwin_7
 
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM.2023-09-11not yet calculatedCVE-2023-31468
MISC
MISC
node.js -- node.js
 
A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.2023-09-12not yet calculatedCVE-2023-32005
MISC
qemu -- qemu
 
A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.2023-09-13not yet calculatedCVE-2023-3255
MISC
MISC
node.js -- node.js
 
The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. This vulnerability affects all users using the experimental permission model in Node.js 20.x. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.2023-09-12not yet calculatedCVE-2023-32558
MISC
palo_alto_networks -- cortex_xdr
 
A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.2023-09-13not yet calculatedCVE-2023-3280
MISC
qemu -- qemu
 
A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.2023-09-13not yet calculatedCVE-2023-3301
MISC
MISC
cloud_foundry -- routing/cf_development
 
Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.2023-09-08not yet calculatedCVE-2023-34041
MISC
ami -- aptiov
 
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. 2023-09-12not yet calculatedCVE-2023-34469
MISC
ami -- aptiov
 
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.2023-09-12not yet calculatedCVE-2023-34470
MISC
fortinet -- fortiweb
 
A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.2023-09-13not yet calculatedCVE-2023-34984
MISC
dassault_systèmes -- teamwork_cloud
 
A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.2023-09-13not yet calculatedCVE-2023-3588
MISC
dover_fueling_solutions -- maglink_lx_web_console_configuration
 
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges.2023-09-11not yet calculatedCVE-2023-36497
MISC
fortinet -- fortisiem
 
An exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.2023-09-13not yet calculatedCVE-2023-36551
MISC
fortinet -- fortiap-u
 
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.2023-09-13not yet calculatedCVE-2023-36634
MISC
fortinet -- fortimanager/fortianalyzer
 
An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.2023-09-13not yet calculatedCVE-2023-36638
MISC
fortinet -- fortitester
 
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.2023-09-13not yet calculatedCVE-2023-36642
MISC
etherscan -- ethereum_blockchain
 
An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold.2023-09-11not yet calculatedCVE-2023-36980
MISC
MISC
honeywell -- pm43
 
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g., P10.19.050006).2023-09-12not yet calculatedCVE-2023-3710
MISC
MISC
MISC
honeywell -- pm43
 
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction. This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g., P10.19.050006).2023-09-12not yet calculatedCVE-2023-3711
MISC
MISC
MISC
honeywell -- pm43
 
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation. This issue affects PM43 versions prior to P10.19.050004.  Update to the latest available firmware version of the respective printers to version MR19.5 (e.g., P10.19.050006).2023-09-12not yet calculatedCVE-2023-3712
MISC
MISC
MISC
wing_ftp_server -- wing_ftp_server
 
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.2023-09-12not yet calculatedCVE-2023-37875
MISC
wing_ftp_server -- wing_ftp_server
 
Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation. This issue affects Wing FTP Server: <= 7.2.0.2023-09-12not yet calculatedCVE-2023-37878
MISC
wing_ftp_server -- wing_ftp_server
 
Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation. This issue affects Wing FTP Server: <= 7.2.0.2023-09-12not yet calculatedCVE-2023-37879
MISC
wing_ftp_server -- wing_ftp_server
 
Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation. This issue affects Wing FTP Server: <= 7.2.0.2023-09-12not yet calculatedCVE-2023-37881
MISC
dover_fueling_solutions -- maglink_lx_web_console_configuration
 
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.2023-09-11not yet calculatedCVE-2023-38256
MISC
zlmediakiet -- zlmediakiet
 
Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL.2023-09-11not yet calculatedCVE-2023-39067
MISC
MISC
hangzhou_xiongmai_technology_co._ltd. -- multiple_products
 
Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to cause a denial of service via a crafted request to the service.XM component.2023-09-11not yet calculatedCVE-2023-39068
MISC
strangebee_thehive -- strangebee_thehive
 
An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.2023-09-11not yet calculatedCVE-2023-39069
MISC
cppcheck -- cppcheck
 
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934.2023-09-11not yet calculatedCVE-2023-39070
MISC
snmp_web_pro -- snmp_web_pro
 
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request.2023-09-12not yet calculatedCVE-2023-39073
MISC
zoom -- cleanzoom
 
Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access.2023-09-12not yet calculatedCVE-2023-39201
MISC
zoom -- zoom_desktop_client_for_linux
 
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.2023-09-12not yet calculatedCVE-2023-39208
MISC
zoom -- zoom
 
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.2023-09-12not yet calculatedCVE-2023-39215
MISC
softneta -- meddream_pacs
 
Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials.2023-09-11not yet calculatedCVE-2023-39227
MISC
asus -- rt-ax55
 
ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability.2023-09-11not yet calculatedCVE-2023-39780
MISC
MISC
MISC
MISC
MISC
MISC
nlnet_labs -- bcder
 
NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.2023-09-13not yet calculatedCVE-2023-39914
MISC
nlnet_labs -- routinator
 
NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.2023-09-13not yet calculatedCVE-2023-39915
MISC
nlnet_labs -- routinator
 
NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.2023-09-13not yet calculatedCVE-2023-39916
MISC
libvips -- libvips
 
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.2023-09-11not yet calculatedCVE-2023-40032
MISC
MISC
MISC
softneta -- meddream_pacs
 
The affected product does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.02023-09-11not yet calculatedCVE-2023-40150
MISC
wordpress -- wordpress
 
The Herd Effects WordPress plugin before 5.2.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-09-11not yet calculatedCVE-2023-4022
MISC
sap -- commoncryptolib
 
SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.2023-09-12not yet calculatedCVE-2023-40308
MISC
MISC
sap -- commoncryptolib
 
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.2023-09-12not yet calculatedCVE-2023-40309
MISC
MISC
arm_ltd. -- gnu/gnu_toolchain
 
A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically sized local variables or those created using alloca(). The stack-protector operates as intended for statically sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity.2023-09-13not yet calculatedCVE-2023-4039
MISC
MISC
wordpress -- wordpress
 
The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-09-11not yet calculatedCVE-2023-4060
MISC
openknowledgemaps -- head_start_7
 
A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'.2023-09-13not yet calculatedCVE-2023-40617
MISC
sap -- netweaver
 
SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application.2023-09-12not yet calculatedCVE-2023-40624
MISC
MISC
fortinet -- fortitester
 
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.2023-09-13not yet calculatedCVE-2023-40715
MISC
fortinet -- fortitester
 
A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.2023-09-13not yet calculatedCVE-2023-40717
MISC
netentsec -- ns-asg
 
netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway.2023-09-13not yet calculatedCVE-2023-40850
MISC
oracle -- apache_tomcat_connectors
 
The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected. This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48. Users are recommended to upgrade to version 1.2.49, which fixes the issue.2023-09-13not yet calculatedCVE-2023-41081
MISC
MISC
interact -- interact
 
Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.2023-09-11not yet calculatedCVE-2023-41103
MISC
MISC
usermin -- usermin
 
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program.2023-09-13not yet calculatedCVE-2023-41152
MISC
MISC
usermin -- usermin
 
A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.2023-09-13not yet calculatedCVE-2023-41154
MISC
MISC
usermin/webmin -- usermin/webmin
 
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.2023-09-13not yet calculatedCVE-2023-41155
MISC
MISC
usermin -- usermin
 
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program.2023-09-13not yet calculatedCVE-2023-41158
MISC
MISC
usermin -- usermin
 
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down.2023-09-13not yet calculatedCVE-2023-41162
MISC
MISC
dover_fueling_solutions -- maglink_lx_web_console_configuration
 
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.2023-09-11not yet calculatedCVE-2023-41256
MISC
oracle -- apache_airflow
 
In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.12023-09-14not yet calculatedCVE-2023-41267
MISC
MISC
sofastack -- sofarpc
 
SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist.2023-09-12not yet calculatedCVE-2023-41331
MISC
MISC
symfony -- ux-autocomplete
 
ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2.2023-09-11not yet calculatedCVE-2023-41336
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function.2023-09-12not yet calculatedCVE-2023-41423
MISC
linux -- kernel
 
A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).2023-09-13not yet calculatedCVE-2023-4155
MISC
MISC
dairy_farm_shop_management_system -- dairy_farm_shop_management_system
 
Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.2023-09-11not yet calculatedCVE-2023-41593
MISC
MISC
MISC
MISC
couchcms -- couchcms
 
An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.2023-09-11not yet calculatedCVE-2023-41609
MISC
l_is_b_corp. -- 'direct'_desktop_app_for_macos
 
Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent.2023-09-08not yet calculatedCVE-2023-41775
MISC
MISC
openmage -- magento_lts
 
Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.2023-09-11not yet calculatedCVE-2023-41879
MISC
MISC
MISC
MISC
MISC
piccolo -- piccolo
 
Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of `BaseUser.login` leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not also enforce strong passwords, these lists of valid accounts are likely to be used in a password spray attack with the outcome being attempted takeover of user accounts on the platform. The impact of this vulnerability is minor as it requires chaining with other attack vectors in order to gain more then simply a list of valid users on the underlying platform. The likelihood of this vulnerability is possible as it requires minimal skills to pull off, especially given the underlying login functionality for Piccolo based sites is open source. This issue has been patched in version 0.121.0.2023-09-12not yet calculatedCVE-2023-41885
MISC
MISC
craft_cms -- craft_cms
 
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.2023-09-13not yet calculatedCVE-2023-41892
MISC
MISC
MISC
MISC
MISC
MISC
google -- android
 
The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.2023-09-13not yet calculatedCVE-2023-42468
MISC
MISC
MISC
MISC
google -- android
 
The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.2023-09-13not yet calculatedCVE-2023-42469
MISC
MISC
MISC
MISC
oracle -- apache_commons_compress
 
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption. In version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values. Parsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5]. [1]: https://issues.apache.org/jira/browse/COMPRESS-612 [2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 [3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html [4]: https://bugs.openjdk.org/browse/JDK-6560193 [5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 Only applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.2023-09-14not yet calculatedCVE-2023-42503
MISC
wordpress -- wordpress
 
The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2023-09-11not yet calculatedCVE-2023-4270
MISC
wordpress -- wordpress
 
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.2023-09-11not yet calculatedCVE-2023-4278
MISC
wordpress -- wordpress
 
The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.2023-09-11not yet calculatedCVE-2023-4294
MISC
wordpress -- wordpress
 
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack2023-09-11not yet calculatedCVE-2023-4307
MISC
wordpress -- wordpress
 
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.2023-09-11not yet calculatedCVE-2023-4314
MISC
wordpress -- wordpress
 
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack2023-09-11not yet calculatedCVE-2023-4318
MISC
skyhigh_security -- secure_web_gateway
 
A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.2023-09-13not yet calculatedCVE-2023-4400
MISC
opentext -- multiple_products
 
User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user. Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon. Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.2023-09-12not yet calculatedCVE-2023-4501
MISC
schneider_electric -- igss_update_service
 
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content.2023-09-14not yet calculatedCVE-2023-4516
MISC
papercut -- papercut_ng
 
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.2023-09-13not yet calculatedCVE-2023-4568
MISC
eclipse_foundation -- eclipse_jgit
 
Arbitrary File Overwrite in Eclipse JGit <= 6.6.0 In Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem. This can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command. The issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration. Setting git configuration option core.symlinks = false before checking out avoids the problem. The issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . The JGit maintainers would like to thank RyotaK for finding and reporting this issue.2023-09-12not yet calculatedCVE-2023-4759
MISC
MISC
MISC
google -- grpc
 
Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 2023-09-13not yet calculatedCVE-2023-4785
MISC
MISC
MISC
MISC
MISC
proofpoint -- insider_threat_management_for_macos
 
An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected.2023-09-13not yet calculatedCVE-2023-4801
MISC
proofpoint -- insider_threat_management
 
A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.2023-09-13not yet calculatedCVE-2023-4802
MISC
proofpoint -- insider_threat_management
 
A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.2023-09-13not yet calculatedCVE-2023-4803
MISC
openssl -- openssl
 
Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However, given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However, we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue.2023-09-08not yet calculatedCVE-2023-4807
MISC
MISC
MISC
MISC
glibc -- glibc
 
A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.2023-09-12not yet calculatedCVE-2023-4813
MISC
MISC
trellix -- data_loss_prevention_endpoint_for_windows
 
A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.2023-09-14not yet calculatedCVE-2023-4814
MISC
proofpoint -- itm_server
 
An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the configuration of any already-registered agent so that all future agent communications are sent to an attacker-chosen URL. An attacker must first successfully obtain valid agent credentials and target agent hostname. All versions prior to 7.14.3.69 are affected.2023-09-13not yet calculatedCVE-2023-4828
MISC
ibos -- ibos
 
A vulnerability, which was classified as critical, has been found in IBOS OA 4.5.5. Affected by this issue is some unknown functionality of the file ?r=file/dashboard/trash&op=del. The manipulation of the argument fids leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239258 is the identifier assigned to this vulnerability.2023-09-09not yet calculatedCVE-2023-4849
MISC
MISC
MISC
ibos -- ibos
 
A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.2023-09-09not yet calculatedCVE-2023-4850
MISC
MISC
MISC
ibos -- ibos
 
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.2023-09-09not yet calculatedCVE-2023-4851
MISC
MISC
MISC
ibos -- ibos
 
A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.2023-09-09not yet calculatedCVE-2023-4852
MISC
MISC
MISC
google -- chrome
 
Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)2023-09-12not yet calculatedCVE-2023-4863
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
suntront -- smart_table_integrated_management_system
 
A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239352.2023-09-10not yet calculatedCVE-2023-4867
MISC
MISC
MISC
instantsoft -- icms2
 
Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-09-10not yet calculatedCVE-2023-4878
MISC
MISC
instantsoft -- icms2
 
Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.2023-09-10not yet calculatedCVE-2023-4879
MISC
MISC
google -- chrome_for_android
 
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)2023-09-12not yet calculatedCVE-2023-4900
MISC
MISC
google -- chrome
 
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)2023-09-12not yet calculatedCVE-2023-4901
MISC
MISC
google -- chrome
 
Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)2023-09-12not yet calculatedCVE-2023-4902
MISC
MISC
google -- chrome_for_android
 
Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)2023-09-12not yet calculatedCVE-2023-4903
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)2023-09-12not yet calculatedCVE-2023-4904
MISC
MISC
google -- chrome
 
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)2023-09-12not yet calculatedCVE-2023-4905
MISC
MISC
google -- chrome
 
Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)2023-09-12not yet calculatedCVE-2023-4906
MISC
MISC
google -- chrome_for_android
 
Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)2023-09-12not yet calculatedCVE-2023-4907
MISC
MISC
google -- chrome
 
Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)2023-09-12not yet calculatedCVE-2023-4908
MISC
MISC
google -- chrome
 
Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)2023-09-12not yet calculatedCVE-2023-4909
MISC
MISC
keycloak -- keycloak
 
A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the user's passwords in clear text, jeopardizing their environment.2023-09-12not yet calculatedCVE-2023-4918
MISC
MISC
MISC
linux -- kernel
 
A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. When the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue(). We recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.2023-09-12not yet calculatedCVE-2023-4921
MISC
MISC
instantsoft -- icms2
 
SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.2023-09-13not yet calculatedCVE-2023-4928
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.