Vulnerability Summary for the Week of September 25, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accusoft -- imagegear | An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2023-09-25 | 9.8 | CVE-2023-32284 MISC |
accusoft -- imagegear | A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2023-09-25 | 9.8 | CVE-2023-32614 MISC |
accusoft -- imagegear | A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-09-25 | 9.8 | CVE-2023-35002 MISC |
accusoft -- imagegear | A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability. | 2023-09-25 | 9.8 | CVE-2023-39453 MISC |
accusoft -- imagegear | An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2023-09-25 | 9.8 | CVE-2023-40163 MISC |
accusoft -- imagegear | A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-09-25 | 8.8 | CVE-2023-23567 MISC |
accusoft -- imagegear | A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2023-09-25 | 8.8 | CVE-2023-28393 MISC |
accusoft -- imagegear | An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2023-09-25 | 8.8 | CVE-2023-32653 MISC |
acronis -- cyber_protect | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | 2023-09-27 | 9.1 | CVE-2023-44152 MISC |
acronis -- cyber_protect | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 9.1 | CVE-2023-44154 MISC |
acronis -- cyber_protect | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 9.1 | CVE-2023-44206 MISC |
acronis -- cyber_protect | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. | 2023-09-27 | 7.8 | CVE-2023-44157 MISC |
acronis -- cyber_protect | Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | 2023-09-27 | 7.5 | CVE-2023-44153 MISC |
acronis -- cyber_protect | Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 7.5 | CVE-2023-44155 MISC |
acronis -- cyber_protect | Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 7.5 | CVE-2023-44156 MISC |
acronis -- cyber_protect | Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 7.5 | CVE-2023-44158 MISC |
acronis -- cyber_protect | Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 7.5 | CVE-2023-44159 MISC |
apple -- iphone_os/ipad_os | The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-40431 MISC |
apple -- iphone_os/ipad_os | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges. | 2023-09-27 | 7.8 | CVE-2023-40443 MISC |
apple -- macos | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | 2023-09-27 | 10 | CVE-2023-38586 MISC |
apple -- macos | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | 2023-09-27 | 10 | CVE-2023-40455 MISC |
apple -- macos | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. | 2023-09-27 | 9.1 | CVE-2023-40436 MISC |
apple -- macos | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-32377 MISC |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-38615 MISC |
apple -- macos | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remote attacker may be able to cause a denial-of-service. | 2023-09-27 | 7.5 | CVE-2023-40407 MISC |
apple -- multiple_products | This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution. | 2023-09-27 | 9.8 | CVE-2023-40400 MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 2023-09-27 | 8.8 | CVE-2023-35074 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 2023-09-27 | 8.8 | CVE-2023-39434 MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 2023-09-27 | 8.8 | CVE-2023-41074 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox. | 2023-09-27 | 8.6 | CVE-2023-40448 MISC MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges. | 2023-09-27 | 7.8 | CVE-2023-32396 MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-40409 MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-40412 MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges. | 2023-09-27 | 7.8 | CVE-2023-40419 MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-40432 MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-41063 MISC MISC MISC MISC MISC |
apple -- multiple_products | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges. | 2023-09-27 | 7.8 | CVE-2023-41068 MISC MISC MISC MISC |
apple -- multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-41071 MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-41174 MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-41984 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 2023-09-27 | 7.8 | CVE-2023-41995 MISC MISC |
apple -- multiple_products | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files. | 2023-09-27 | 7.1 | CVE-2023-40452 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission. | 2023-09-27 | 7.1 | CVE-2023-40454 MISC MISC MISC MISC MISC MISC MISC |
apple -- safari | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code. | 2023-09-27 | 8.8 | CVE-2023-40451 MISC MISC |
automataci -- automataci | AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tool. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g., `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository. | 2023-09-22 | 9.1 | CVE-2023-42798 MISC MISC |
blog -- blog | SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php | 2023-09-27 | 7.5 | CVE-2023-43381 MISC MISC |
cadence -- cadence | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible. | 2023-09-22 | 7.5 | CVE-2023-43783 MISC MISC |
cassia_networks -- access_controller | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks. | 2023-09-27 | 8.8 | CVE-2023-35793 MISC MISC |
cesanta_software_ltd. -- mjs | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. | 2023-09-23 | 9.8 | CVE-2023-43338 MISC |
cilium -- cilium | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect Cilium network policies that use the namespace, service account or cluster constructs to restrict traffic, Cilium clusterwide network policies that use Cilium namespace labels to select the Pod and Kubernetes network policies. Non-existent construct names can be provided, which bypass all network policies applicable to the construct. For example, providing a pod with a non-existent namespace as the value of the `io.kubernetes.pod.namespace` label results in none of the namespaced CiliumNetworkPolicies applying to the pod in question. This attack requires the attacker to have Kubernetes API Server access, as described in the Cilium Threat Model. This issue has been resolved in: Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users are advised to upgrade. As a workaround an admission webhook can be used to prevent pod label updates to the `k8s:io.kubernetes.pod.namespace` and `io.cilium.k8s.policy.*` keys. | 2023-09-27 | 9 | CVE-2023-39347 MISC MISC |
cilium -- cilium | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted `endpointSelector` that uses the `DoesNotExist` operator on the `reserved:init` label, the attacker can create policies that bypass namespace restrictions and affect the entire Cilium cluster. This includes potentially allowing or denying all traffic. This attack requires API server access, as described in the Kubernetes API Server Attacker section of the Cilium Threat Model. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. As a workaround an admission webhook can be used to prevent the use of `endpointSelectors` that use the `DoesNotExist` operator on the `reserved:init` label in CiliumNetworkPolicies. | 2023-09-27 | 8.1 | CVE-2023-41333 MISC MISC MISC |
cisco -- ios_xe | A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2023-09-27 | 8.6 | CVE-2023-20033 MISC |
cisco -- sd-wan_manager | A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial-of-service condition. | 2023-09-27 | 8.8 | CVE-2023-20254 MISC |
collne_inc. -- welcart_e-commerce | SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations. | 2023-09-27 | 8.8 | CVE-2023-43610 MISC MISC |
collne_inc. -- welcart_e-commerce | Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. | 2023-09-27 | 7.2 | CVE-2023-40219 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function. | 2023-09-28 | 9.8 | CVE-2023-43869 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function. | 2023-09-28 | 7.5 | CVE-2023-43860 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function. | 2023-09-28 | 7.5 | CVE-2023-43861 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function. | 2023-09-28 | 7.5 | CVE-2023-43862 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function. | 2023-09-28 | 7.5 | CVE-2023-43863 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function. | 2023-09-28 | 7.5 | CVE-2023-43864 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function. | 2023-09-28 | 7.5 | CVE-2023-43865 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function. | 2023-09-28 | 7.5 | CVE-2023-43866 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function. | 2023-09-28 | 7.5 | CVE-2023-43867 MISC MISC |
d-link -- dir-619l_firmware | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function. | 2023-09-28 | 7.5 | CVE-2023-43868 MISC MISC |
d-link -- dir-806_firmware | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. | 2023-09-22 | 9.8 | CVE-2023-43129 MISC MISC |
d-link -- dir-806_firmware | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. | 2023-09-22 | 9.8 | CVE-2023-43130 MISC MISC |
dedebiz -- dedebiz | DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | 2023-09-27 | 9.8 | CVE-2023-43234 MISC MISC MISC MISC |
dedecms -- dedecms | An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | 2023-09-28 | 8.8 | CVE-2023-43226 MISC |
dell -- networker | Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. | 2023-09-27 | 8.8 | CVE-2023-28055 MISC |
docker -- docker_desktop | Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | 2023-09-25 | 9.8 | CVE-2023-0625 MISC |
docker -- docker_desktop | Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. | 2023-09-25 | 9.8 | CVE-2023-0626 MISC |
docker -- docker_desktop | Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. | 2023-09-25 | 8.8 | CVE-2023-5165 MISC |
docker -- docker_desktop | Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE). This issue affects Docker Desktop: 4.11.X. | 2023-09-25 | 7.8 | CVE-2023-0627 MISC |
docker -- docker_desktop | In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE). This issue affects Docker Desktop: before 4.12.0. | 2023-09-25 | 7.8 | CVE-2023-0633 MISC |
dreamer_cms -- dreamer_cms | Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. | 2023-09-25 | 8.8 | CVE-2023-43382 MISC MISC MISC |
dreamer_cms -- dreamer_cms | Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. | 2023-09-27 | 7.5 | CVE-2023-43856 MISC MISC MISC MISC |
dst-admin -- dst-admin | dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. | 2023-09-22 | 9.8 | CVE-2023-43270 MISC |
easyphp -- webserver | An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter. | 2023-09-27 | 9.8 | CVE-2023-3767 MISC |
emlog_pro -- emlog_pro | Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. | 2023-09-27 | 9.8 | CVE-2023-43291 MISC |
f-secure -- client_security | Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 2023-09-22 | 7.5 | CVE-2023-43760 MISC MISC |
f-secure -- linux_protection | Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 2023-09-22 | 7.8 | CVE-2023-43766 MISC MISC |
f-secure -- linux_protection | Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 2023-09-22 | 7.5 | CVE-2023-43761 MISC MISC |
f-secure -- linux_protection | Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 2023-09-22 | 7.5 | CVE-2023-43765 MISC MISC |
f-secure -- linux_protection | Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 2023-09-22 | 7.5 | CVE-2023-43767 MISC MISC |
f5 -- big-ip_access_policy_manager | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2023-09-27 | 7.1 | CVE-2023-43124 MISC |
fortect -- fortect | Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. | 2023-09-27 | 7.8 | CVE-2023-42486 MISC |
fuxa -- fuxa | FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. | 2023-09-22 | 9.8 | CVE-2023-31719 MISC MISC MISC |
fuxa -- fuxa | FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | 2023-09-22 | 7.5 | CVE-2023-31716 MISC MISC |
fuxa -- fuxa | A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. | 2023-09-22 | 7.5 | CVE-2023-31717 MISC MISC MISC |
fuxa -- fuxa | FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | 2023-09-22 | 7.5 | CVE-2023-31718 MISC MISC MISC |
general_device_manager -- general_device_manager | General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow. | 2023-09-25 | 9.8 | CVE-2023-43131 MISC |
gevent -- gevent | An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. | 2023-09-25 | 9.8 | CVE-2023-41419 MISC MISC |
glpi -- glpi | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be used to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 2023-09-27 | 9.8 | CVE-2023-41320 MISC |
glpi -- glpi | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 2023-09-27 | 9.8 | CVE-2023-42461 MISC |
glpi -- glpi | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 2023-09-27 | 9.1 | CVE-2023-42462 MISC |
glpi -- glpi | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work arounds for this vulnerability. | 2023-09-27 | 8.8 | CVE-2023-41322 MISC |
glpi -- glpi | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that has read access on users' resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 2023-09-27 | 8.8 | CVE-2023-41324 MISC |
glpi -- glpi | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 2023-09-27 | 8.8 | CVE-2023-41326 MISC |
gnu -- gawk | A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. | 2023-09-25 | 7.1 | CVE-2023-4156 MISC MISC |
gnu -- glibc | A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. | 2023-09-25 | 7.5 | CVE-2023-5156 MISC MISC MISC MISC |
gomarkdown -- markdown | The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue. | 2023-09-22 | 7.5 | CVE-2023-42821 MISC MISC MISC |
google -- chrome | Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) | 2023-09-28 | 8.8 | CVE-2023-5186 MISC MISC MISC MISC MISC MISC |
google -- chrome | Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-09-28 | 8.8 | CVE-2023-5187 MISC MISC MISC MISC MISC MISC |
hancom -- hancom_office_2020 | A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability. | 2023-09-27 | 7.8 | CVE-2023-32541 MISC |
hedef_tracking -- admin_panel | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2. | 2023-09-27 | 9.8 | CVE-2023-4737 MISC |
huawei -- emui | Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking. | 2023-09-25 | 9.8 | CVE-2023-41297 MISC MISC |
huawei -- emui | Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality. | 2023-09-25 | 9.1 | CVE-2023-41296 MISC MISC |
huawei -- emui | Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability. | 2023-09-27 | 7.5 | CVE-2022-48606 MISC MISC |
huawei -- emui | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 2023-09-25 | 7.5 | CVE-2023-39408 MISC MISC |
huawei -- emui | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 2023-09-25 | 7.5 | CVE-2023-39409 MISC MISC |
huawei -- emui | Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 2023-09-25 | 7.5 | CVE-2023-41300 MISC MISC |
huawei -- emui | Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-09-25 | 7.5 | CVE-2023-41301 MISC MISC |
huawei -- emui | Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-09-25 | 7.5 | CVE-2023-41302 MISC MISC |
huawei -- emui | Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified. | 2023-09-25 | 7.5 | CVE-2023-41303 MISC MISC |
huawei -- emui | Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality. | 2023-09-27 | 7.5 | CVE-2023-41305 MISC MISC |
huawei -- harmonyos | Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. | 2023-09-25 | 9.8 | CVE-2022-48605 MISC MISC |
huawei -- harmonyos | The DP module has a service hijacking vulnerability. Successful exploitation of this vulnerability may affect some Super Device services. | 2023-09-25 | 9.8 | CVE-2023-41294 MISC |
huawei -- harmonyos | The Watchkit has a risk of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality and integrity. | 2023-09-25 | 9.1 | CVE-2023-39407 MISC |
huawei -- harmonyos | Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality. | 2023-09-25 | 7.5 | CVE-2023-41293 MISC MISC |
huawei -- harmonyos | Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. | 2023-09-25 | 7.5 | CVE-2023-41298 MISC MISC |
huawei -- harmonyos | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 2023-09-25 | 7.5 | CVE-2023-41299 MISC MISC |
huawei -- harmonyos | Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability. | 2023-09-27 | 7.5 | CVE-2023-41307 MISC MISC |
huawei -- harmonyos | Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. | 2023-09-27 | 7.5 | CVE-2023-41308 MISC MISC |
huawei -- harmonyos | Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability. | 2023-09-27 | 7.5 | CVE-2023-41309 MISC MISC |
ibm -- i | Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. | 2023-09-28 | 7.8 | CVE-2023-40375 MISC MISC |
jeecg -- jeecg_boot | SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. | 2023-09-22 | 9.8 | CVE-2023-40989 MISC |
jumpserver -- jumpserver | JumpServer is an open-source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd` a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-27 | 8.8 | CVE-2023-42819 MISC MISC |
jumpserver -- jumpserver | JumpServer is an open-source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affected. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue. | 2023-09-27 | 8.2 | CVE-2023-42820 MISC MISC |
juplink -- rx4-1500_firmware | Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. | 2023-09-22 | 8.8 | CVE-2023-41027 MISC |
juplink -- rx4-1500_firmware | Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint. | 2023-09-22 | 8.8 | CVE-2023-41029 MISC |
juplink -- rx4-1500_firmware | Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint. | 2023-09-22 | 8.8 | CVE-2023-41031 MISC |
kubernetes -- cri-o | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | 2023-09-25 | 7.8 | CVE-2022-4318 MISC MISC MISC MISC |
kubernetes -- kube-apiserver | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | 2023-09-24 | 9.1 | CVE-2023-1260 MISC MISC MISC MISC MISC MISC |
libvpx -- libvpx | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-09-28 | 8.8 | CVE-2023-5217 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
linux -- kernel | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | 2023-09-25 | 7.8 | CVE-2023-42753 MISC MISC MISC MISC |
mediawiki -- mediawiki | Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. | 2023-09-25 | 9 | CVE-2023-3550 MISC MISC |
metersphere -- metersphere | MeterSphere is a one-stop open-source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-27 | 9.8 | CVE-2023-41878 MISC MISC |
mozilla -- firefox | A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 2023-09-27 | 9.8 | CVE-2023-5168 MISC MISC MISC MISC |
mozilla -- firefox | If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 2023-09-27 | 9.8 | CVE-2023-5174 MISC MISC MISC MISC |
mozilla -- firefox | During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. | 2023-09-27 | 9.8 | CVE-2023-5175 MISC MISC |
mozilla -- firefox | In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118. | 2023-09-27 | 7.5 | CVE-2023-5173 MISC MISC |
mozilla -- multiple_products | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 2023-09-27 | 9.8 | CVE-2023-5176 MISC MISC MISC MISC MISC MISC |
mrv_tech -- logging_administration_panel | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915. | 2023-09-27 | 9.8 | CVE-2023-35071 MISC |
nodebb_inc. -- nodebb | A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. | 2023-09-27 | 9.8 | CVE-2023-43187 MISC |
online_book_store_project -- online_book_store_project | The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-09-28 | 9.8 | CVE-2023-43739 MISC MISC |
online_job_portal -- online_job_portal | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component. | 2023-09-23 | 9.8 | CVE-2023-43468 MISC MISC MISC |
online_job_portal -- online_job_portal | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component. | 2023-09-23 | 9.8 | CVE-2023-43469 MISC MISC MISC |
online_voting_system -- online_voting_system | SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component. | 2023-09-23 | 9.8 | CVE-2023-43470 MISC MISC MISC |
opencart -- opencart | Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | 2023-09-27 | 8.8 | CVE-2023-2315 MISC MISC |
pgadmin -- pgadmin | A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. | 2023-09-22 | 8.8 | CVE-2023-5002 MISC MISC |
phpkobo -- ajaxnewsticker | An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | 2023-09-27 | 9.8 | CVE-2023-41449 MISC MISC MISC |
phpkobo -- ajaxnewsticker | An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | 2023-09-28 | 8.8 | CVE-2023-41450 MISC MISC MISC |
phpkobo -- ajaxnewsticker | Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. | 2023-09-27 | 8.8 | CVE-2023-41452 MISC MISC MISC |
progress -- ws_ftp_server | In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. | 2023-09-27 | 9.6 | CVE-2023-42657 MISC MISC |
progress -- ws_ftp_server | In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | 2023-09-27 | 8.8 | CVE-2023-40044 MISC MISC |
progress -- ws_ftp_server | In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. | 2023-09-27 | 7.2 | CVE-2023-40046 MISC MISC |
projectworlds -- asset_management_system | Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 2023-09-28 | 9.8 | CVE-2023-43013 MISC MISC |
projectworlds -- asset_management_system | Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | 2023-09-28 | 8.8 | CVE-2023-43014 MISC MISC |
projectworlds -- asset_management_system_project_in_php | Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | 2023-09-22 | 9.8 | CVE-2023-43144 MISC |
projectworlds -- gym_management_system_project | Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 2023-09-28 | 8.8 | CVE-2023-5185 MISC MISC |
projectworlds -- online_movie_ticket_booking_system | The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-09-28 | 9.8 | CVE-2023-44163 MISC MISC |
projectworlds -- online_movie_ticket_booking_system | The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-09-28 | 9.8 | CVE-2023-44164 MISC MISC |
projectworlds -- online_movie_ticket_booking_system | The 'Password' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-09-28 | 9.8 | CVE-2023-44165 MISC MISC |
projectworlds -- online_movie_ticket_booking_system | The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-09-28 | 9.8 | CVE-2023-44166 MISC MISC |
projectworlds -- online_movie_ticket_booking_system | The 'name' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-09-28 | 9.8 | CVE-2023-44167 MISC MISC |
projectworlds -- online_movie_ticket_booking_system | The 'phone' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-09-28 | 9.8 | CVE-2023-44168 MISC MISC |
qnap -- multimedia_console | A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 (2023/03/29) and later Multimedia Console 1.4.7 (2023/03/20) and later | 2023-09-22 | 9.8 | CVE-2023-23364 MISC |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later | 2023-09-22 | 9.8 | CVE-2023-23363 MISC |
qnap -- qutscloud | An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | 2023-09-22 | 8.8 | CVE-2023-23362 MISC |
redhat -- apicast | A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | 2023-09-27 | 7.5 | CVE-2023-0456 MISC MISC |
redhat -- satellite | A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. | 2023-09-22 | 9.1 | CVE-2022-3874 MISC MISC |
redhat -- single_sign-on | A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | 2023-09-22 | 9.8 | CVE-2022-4039 MISC MISC MISC |
redhat -- undertow | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | 2023-09-27 | 7.5 | CVE-2023-3223 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
sagernet -- sing-box | Sing-box is an open-source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments. | 2023-09-25 | 9.8 | CVE-2023-43644 MISC |
seacms -- seacms | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | 2023-09-27 | 9.8 | CVE-2023-43216 MISC |
seacms -- seacms | SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | 2023-09-27 | 9.8 | CVE-2023-43222 MISC |
seacms -- seacms | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. | 2023-09-27 | 9.8 | CVE-2023-44169 MISC |
seacms -- seacms | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. | 2023-09-27 | 9.8 | CVE-2023-44170 MISC |
seacms -- seacms | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. | 2023-09-27 | 9.8 | CVE-2023-44171 MISC |
seacms -- seacms | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | 2023-09-27 | 9.8 | CVE-2023-44172 MISC |
seacms -- seacms | A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. | 2023-09-25 | 8.8 | CVE-2023-43278 MISC MISC MISC |
siberiancms -- siberiancms | SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges | 2023-09-27 | 9.8 | CVE-2023-39375 MISC |
siberiancms -- siberiancms | SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user | 2023-09-27 | 8.8 | CVE-2023-39378 MISC |
siberiancms -- siberiancms | SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method | 2023-09-27 | 7.2 | CVE-2023-39377 MISC |
soundminer -- soundminer | Soundminer - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2023-09-27 | 7.5 | CVE-2023-42487 MISC |
sourcecodester -- packers_and_movers_management_system | Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. | 2023-09-28 | 9.8 | CVE-2023-30415 MISC MISC |
sourcecodester -- service_provider_management_system | An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | 2023-09-25 | 9.8 | CVE-2023-43457 MISC MISC MISC |
sourcecodester -- toll_tax_management_system | Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. | 2023-09-27 | 7.2 | CVE-2023-44047 MISC MISC |
super_store_finder -- super_store_finder | Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. | 2023-09-27 | 7.2 | CVE-2023-44044 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function. | 2023-09-27 | 9.8 | CVE-2023-44013 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters. | 2023-09-27 | 9.8 | CVE-2023-44014 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function. | 2023-09-27 | 9.8 | CVE-2023-44015 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | 2023-09-27 | 9.8 | CVE-2023-44016 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | 2023-09-27 | 9.8 | CVE-2023-44017 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function. | 2023-09-27 | 9.8 | CVE-2023-44018 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function. | 2023-09-27 | 9.8 | CVE-2023-44019 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. | 2023-09-27 | 9.8 | CVE-2023-44020 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function. | 2023-09-27 | 9.8 | CVE-2023-44021 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | 2023-09-27 | 9.8 | CVE-2023-44022 MISC |
tenda -- ac10u_firmware | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 2023-09-27 | 9.8 | CVE-2023-44023 MISC |
totolink -- a3700r_firmware | TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | 2023-09-25 | 9.8 | CVE-2023-43141 MISC MISC |
tp-link -- tapo_l530e_firmware | An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function. | 2023-09-25 | 7.5 | CVE-2023-38907 MISC MISC |
uplight -- cookie_law | UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). | 2023-09-25 | 9.8 | CVE-2023-39640 MISC |
usta -- aybs | Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before 1.0.3. | 2023-09-27 | 8.8 | CVE-2023-4934 MISC |
vyperlang -- vyper | Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626. | 2023-09-27 | 7.5 | CVE-2023-42460 MISC MISC |
webcatalog -- webcatalog | WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | 2023-09-28 | 8.8 | CVE-2023-42222 MISC MISC MISC |
wind_river -- vxworks | An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior. | 2023-09-22 | 8.8 | CVE-2023-38346 MISC MISC MISC |
withsecure -- f-secure_policy_manager | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. | 2023-09-22 | 9.8 | CVE-2023-43762 MISC MISC |
withsecure -- f-secure_policy_manager | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affects WithSecure Policy Manager 15 on Windows and Linux. | 2023-09-22 | 9.8 | CVE-2023-43764 MISC MISC |
wordpress -- wordpress | The WP Job Portal WordPress plugin through 2.0.3 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | 2023-09-25 | 9.8 | CVE-2023-4490 MISC |
wordpress -- wordpress | The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version. | 2023-09-25 | 9.8 | CVE-2023-4521 MISC |
wordpress -- wordpress | The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. | 2023-09-25 | 8.8 | CVE-2023-3547 MISC |
wordpress -- wordpress | The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. | 2023-09-25 | 7.2 | CVE-2023-3664 MISC |
wordpress -- wordpress | The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. | 2023-09-25 | 7.2 | CVE-2023-4238 MISC |
wordpress -- wordpress | The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. | 2023-09-25 | 7.2 | CVE-2023-4300 MISC |
wordpress -- wordpress | The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site. | 2023-09-30 | 9.9 | CVE-2023-5201 MISC MISC MISC |
xen -- xen | The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately, the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver. | 2023-09-22 | 7.8 | CVE-2023-34319 MISC |
xerial -- snappy-java | snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources. | 2023-09-25 | 7.5 | CVE-2023-43642 MISC MISC |
xunruicms -- xunruicms | xunruicms <=4.5.1 is vulnerable to Remote Code Execution. | 2023-09-27 | 9.8 | CVE-2021-38243 MISC |
yt-dlp -- yt-dlp | yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\n` will be replaced by `\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead. | 2023-09-25 | 7.8 | CVE-2023-40581 MISC MISC MISC MISC MISC |
zephyr -- zephyr | Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. | 2023-09-27 | 10 | CVE-2023-4260 MISC |
zephyr -- zephyr | Possible buffer overflow in Zephyr mgmt subsystem when asserts are disabled. | 2023-09-27 | 10 | CVE-2023-4262 MISC |
zephyr -- zephyr | Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. | 2023-09-26 | 8.8 | CVE-2023-4259 MISC |
zephyr -- zephyr | Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. | 2023-09-27 | 9.6 | CVE-2023-4264 MISC |
zod -- zod | Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails | 2023-09-28 | 7.5 | CVE-2023-4316 MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acronis -- cyber_protect | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 6.5 | CVE-2023-44160 MISC |
acronis -- cyber_protect | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 6.5 | CVE-2023-44161 MISC |
acronis -- cyber_protect | Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 5.4 | CVE-2023-44207 MISC |
acronis -- cyber_protect | Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 2023-09-27 | 5.3 | CVE-2023-44205 MISC |
aes-gcm -- aes-gcm | aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e., the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue. | 2023-09-22 | 5.5 | CVE-2023-42811 MISC MISC |
apple -- iphone_os/ipad_os | The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to access sensitive user data. | 2023-09-27 | 5.5 | CVE-2023-40428 MISC |
apple -- macos | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information. | 2023-09-27 | 6.5 | CVE-2023-39233 MISC |
apple -- macos | A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | 2023-09-27 | 5.5 | CVE-2023-23495 MISC |
apple -- macos | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data. | 2023-09-27 | 5.5 | CVE-2023-32421 MISC |
apple -- macos | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | 2023-09-27 | 5.5 | CVE-2023-40402 MISC |
apple -- macos | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files. | 2023-09-27 | 5.5 | CVE-2023-40406 MISC MISC MISC |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service. | 2023-09-27 | 5.5 | CVE-2023-40422 MISC |
apple -- macos | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | 2023-09-27 | 5.5 | CVE-2023-40426 MISC |
apple -- macos | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. | 2023-09-27 | 5.5 | CVE-2023-40450 MISC |
apple -- macos | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent. | 2023-09-27 | 5.5 | CVE-2023-40541 MISC |
apple -- macos | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields. | 2023-09-27 | 5.5 | CVE-2023-41066 MISC |
apple -- macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. | 2023-09-27 | 5.5 | CVE-2023-41067 MISC |
apple -- macos | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | 2023-09-27 | 5.5 | CVE-2023-41078 MISC |
apple -- macos | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences. | 2023-09-27 | 5.5 | CVE-2023-41079 MISC |
apple -- macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch. | 2023-09-27 | 5.5 | CVE-2023-41996 MISC |
apple -- macos | A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system. | 2023-09-27 | 4.7 | CVE-2023-41979 MISC |
apple -- macos | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location. | 2023-09-27 | 4.3 | CVE-2023-40388 MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. | 2023-09-27 | 6.5 | CVE-2023-40403 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. | 2023-09-27 | 6.5 | CVE-2023-40420 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. | 2023-09-27 | 6.5 | CVE-2023-40441 MISC MISC |
apple -- multiple_products | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. | 2023-09-27 | 5.5 | CVE-2023-32361 MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security. | 2023-09-27 | 5.5 | CVE-2023-38596 MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. | 2023-09-27 | 5.5 | CVE-2023-40391 MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory. | 2023-09-27 | 5.5 | CVE-2023-40399 MISC MISC MISC MISC |
apple -- multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory. | 2023-09-27 | 5.5 | CVE-2023-40410 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. | 2023-09-27 | 5.5 | CVE-2023-40424 MISC MISC MISC |
apple -- multiple_products | A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data. | 2023-09-27 | 5.5 | CVE-2023-40429 MISC MISC MISC MISC |
apple -- multiple_products | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link. | 2023-09-27 | 5.5 | CVE-2023-41070 MISC MISC MISC MISC MISC |
apple -- multiple_products | An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data. | 2023-09-27 | 5.5 | CVE-2023-41073 MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory. | 2023-09-27 | 5.5 | CVE-2023-41232 MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files. | 2023-09-27 | 5.5 | CVE-2023-41968 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences. | 2023-09-27 | 5.5 | CVE-2023-41980 MISC MISC |
apple -- multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system. | 2023-09-27 | 5.5 | CVE-2023-41986 MISC MISC |
apple -- multiple_products | A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. | 2023-09-27 | 5.4 | CVE-2023-40417 MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | 2023-09-27 | 4.4 | CVE-2023-41981 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write. | 2023-09-27 | 4.3 | CVE-2023-35984 MISC MISC MISC MISC |
apple -- watchos | An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app. | 2023-09-27 | 5.5 | CVE-2023-40418 MISC |
apple -- xcode | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. | 2023-09-27 | 5.5 | CVE-2023-40435 MISC |
black_cat_cms -- black_cat_cms | A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website footer parameter. | 2023-09-27 | 6.1 | CVE-2023-44043 MISC |
black_cat_cms -- black_cat_cms | A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter. | 2023-09-27 | 5.4 | CVE-2023-44042 MISC |
cadence -- cadence | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. | 2023-09-22 | 5.5 | CVE-2023-43782 MISC MISC |
cmsmadesimple -- cmsmadesimple | Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. | 2023-09-25 | 6.1 | CVE-2023-43339 MISC MISC MISC |
cmsmadesimple -- cmsmadesimple | A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 2023-09-28 | 5.4 | CVE-2023-43872 MISC |
collne_inc. -- welcart | Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. | 2023-09-27 | 4.3 | CVE-2023-40532 MISC MISC |
collne_inc. -- welcart_e-commerce | Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | 2023-09-27 | 6.1 | CVE-2023-41233 MISC MISC |
collne_inc. -- welcart_e-commerce | Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. | 2023-09-27 | 6.1 | CVE-2023-41962 MISC MISC |
collne_inc. -- welcart_e-commerce | Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | 2023-09-27 | 6.1 | CVE-2023-43484 MISC MISC |
collne_inc. -- welcart_e-commerce | Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | 2023-09-27 | 6.1 | CVE-2023-43614 MISC MISC |
collne_inc. -- welcart_e-commerce | SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. | 2023-09-27 | 4.9 | CVE-2023-43493 MISC MISC |
dedebiz -- dedebiz | A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. | 2023-09-27 | 5.4 | CVE-2023-43232 MISC MISC MISC |
docker -- docker_desktop | Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | 2023-09-25 | 6.5 | CVE-2023-5166 MISC |
dreamer_cms -- dreamer_cms | Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. | 2023-09-27 | 5.4 | CVE-2023-43857 MISC |
e017_cms -- e017_cms | A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. | 2023-09-28 | 5.4 | CVE-2023-43873 MISC |
e017_cms -- e017_cms | Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. | 2023-09-28 | 5.4 | CVE-2023-43874 MISC |
f5 -- big-ip_edge_client | BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2023-09-27 | 6.8 | CVE-2023-43125 MISC |
froala -- froala_editor | Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. | 2023-09-25 | 6.1 | CVE-2023-42426 MISC MISC MISC |
froala -- froala_editor | A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. | 2023-09-27 | 6.1 | CVE-2023-43263 MISC MISC |
galaxy -- galaxy | Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue. | 2023-09-22 | 4.3 | CVE-2023-42812 MISC MISC |
github -- enterprise_server | An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-09-22 | 6.5 | CVE-2023-23766 MISC MISC MISC MISC MISC |
gladys_assistant -- gladys_assistant | A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. | 2023-09-25 | 6.5 | CVE-2023-43256 MISC MISC |
glpi -- glpi | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 2023-09-27 | 6.5 | CVE-2023-41321 MISC |
glpi -- glpi | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page that can be used to attempt a phishing attack on user credentials. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 2023-09-27 | 5.4 | CVE-2023-41888 MISC |
glpi -- glpi | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users' logins. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 2023-09-27 | 5.3 | CVE-2023-41323 MISC |
gnome -- gnome-shell | A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. | 2023-09-22 | 5.5 | CVE-2023-43090 MISC MISC MISC MISC |
h3c -- multiple_products | A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-24 | 5.3 | CVE-2023-5142 MISC MISC MISC MISC |
hitachi_vantara -- pentaho_business_analytics | Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. | 2023-09-27 | 4.9 | CVE-2023-2358 MISC |
huawei -- emui | Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable. | 2023-09-27 | 5.3 | CVE-2023-4565 MISC MISC |
huawei -- harmonyos | Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. | 2023-09-25 | 5.3 | CVE-2023-41295 MISC MISC |
huawei -- harmonyos | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. | 2023-09-27 | 5.3 | CVE-2023-41311 MISC MISC |
huawei -- harmonyos | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically. | 2023-09-27 | 5.3 | CVE-2023-41312 MISC MISC |
icewarp -- webclient | Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | 2023-09-25 | 6.1 | CVE-2023-43319 MISC |
intelliants -- subrion | A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. | 2023-09-27 | 5.4 | CVE-2023-43828 MISC |
intelliants -- subrion | A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'. | 2023-09-27 | 5.4 | CVE-2023-43830 MISC |
intelliants -- subrion | A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter. | 2023-09-28 | 5.4 | CVE-2023-43884 MISC |
juniper_networks -- junos | A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R2. | 2023-09-27 | 5.3 | CVE-2023-36851 MISC |
keycloak -- keycloak | A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. | 2023-09-25 | 6.1 | CVE-2022-4137 MISC MISC MISC MISC MISC MISC |
kiali -- kiali | A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. | 2023-09-23 | 4.3 | CVE-2022-3962 MISC MISC MISC |
linux -- kernel | A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor. | 2023-09-25 | 5.5 | CVE-2023-5158 MISC MISC |
matrix -- synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-09-27 | 4.3 | CVE-2023-42453 MISC MISC |
microweber -- microweber | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. | 2023-09-28 | 6.1 | CVE-2023-5244 MISC MISC |
moosocial -- moosocial | mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]. | 2023-09-28 | 6.5 | CVE-2023-43323 MISC |
moosocial -- moosocial | A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. | 2023-09-26 | 6.1 | CVE-2023-43325 MISC MISC MISC |
moosocial -- moosocial | A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. | 2023-09-25 | 6.1 | CVE-2023-43326 MISC MISC |
multibit_hd -- multibit_hd | MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC). | 2023-09-25 | 5.3 | CVE-2015-6964 MISC |
not_quite_ptp -- not_quite_ptp | In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. | 2023-09-22 | 5.5 | CVE-2023-43771 MISC MISC MISC |
october_cms -- october_cms | A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. | 2023-09-28 | 5.4 | CVE-2023-43876 MISC |
one_identity_password_manager -- one_identity_password_manager | One Identity Password Manager version 5.9.7.1. An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. | 2023-09-27 | 6.8 | CVE-2023-4003 MISC |
openstack -- openstack | A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. | 2023-09-24 | 5.5 | CVE-2023-1633 MISC MISC |
openstack -- openstack | A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. | 2023-09-24 | 5 | CVE-2023-1636 MISC MISC |
openstack -- openstack | An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. | 2023-09-24 | 5 | CVE-2023-1625 MISC MISC MISC MISC |
palantir -- apollo_autopilot | In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. | 2023-09-27 | 5.4 | CVE-2023-30959 MISC |
phpkobo -- ajaxnewsticker | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. | 2023-09-27 | 6.1 | CVE-2023-41445 MISC MISC MISC |
phpkobo -- ajaxnewsticker | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. | 2023-09-28 | 6.1 | CVE-2023-41446 MISC MISC MISC |
phpkobo -- ajaxnewsticker | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. | 2023-09-28 | 6.1 | CVE-2023-41447 MISC MISC MISC |
phpkobo -- ajaxnewsticker | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. | 2023-09-27 | 6.1 | CVE-2023-41448 MISC MISC MISC |
phpkobo -- ajaxnewsticker | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. | 2023-09-27 | 6.1 | CVE-2023-41451 MISC MISC MISC |
phpkobo -- ajaxnewsticker | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. | 2023-09-27 | 6.1 | CVE-2023-41453 MISC MISC MISC |
pimcore -- pimcore | Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0. | 2023-09-27 | 6.5 | CVE-2023-5192 MISC MISC |
pimcore -- pimcore | Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including "%s" (from "%suggest%) is parsed by sprintf() even though it's supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain "modules") and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually. | 2023-09-25 | 5.4 | CVE-2023-42817 MISC MISC |
progress -- ws_ftp_server | In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function. | 2023-09-27 | 6.5 | CVE-2023-40048 MISC MISC |
progress -- ws_ftp_server | In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victim's browser. | 2023-09-27 | 6.1 | CVE-2023-40045 MISC MISC |
progress -- ws_ftp_server | In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. | 2023-09-27 | 5.3 | CVE-2023-40049 MISC MISC |
progress -- ws_ftp_server | In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victim's browser. | 2023-09-27 | 4.8 | CVE-2023-40047 MISC MISC |
projectworlds -- online_movie_ticket_booking_system | Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. | 2023-09-28 | 5.4 | CVE-2023-44173 MISC MISC |
projectworlds -- online_movie_ticket_booking_system | Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. | 2023-09-28 | 5.4 | CVE-2023-44174 MISC MISC |
real_time_automation -- 460_series_firmware | Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm. | 2023-09-27 | 6.1 | CVE-2023-4523 MISC |
resort_reservation_system -- resort_reservation_system | Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function. | 2023-09-25 | 5.4 | CVE-2023-43458 MISC MISC |
rite_cms -- rite_cms | Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. | 2023-09-28 | 5.4 | CVE-2023-43878 MISC |
rite_cms -- rite_cms | Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. | 2023-09-28 | 4.8 | CVE-2023-43879 MISC |
roundcube -- webmail | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | 2023-09-22 | 6.1 | CVE-2023-43770 MISC MISC MLIST |
siberiancms -- siberiancms | SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network | 2023-09-27 | 6.5 | CVE-2023-39376 MISC |
small_crm -- small_crm | A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 2023-09-27 | 5.4 | CVE-2023-43331 MISC |
sourcecodester -- expense_tracker_app | Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. | 2023-09-27 | 5.4 | CVE-2023-44048 MISC MISC |
sourcecodester -- service_provider_management_system | Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint. | 2023-09-25 | 5.4 | CVE-2023-43456 MISC MISC MISC |
symantec -- protection_engine | Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. | 2023-09-27 | 6.5 | CVE-2023-23958 MISC |
taxonworks -- taxonworks | TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue. | 2023-09-22 | 6.5 | CVE-2023-43640 MISC MISC |
teedy -- teedy | Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. | 2023-09-25 | 4.6 | CVE-2023-4892 MISC MISC |
vmqphp -- vmqphp | szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password. | 2023-09-25 | 6.5 | CVE-2023-43132 MISC MISC MISC |
vmware -- aria_operations_cloud_foundation | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | 2023-09-27 | 6.7 | CVE-2023-34043 MISC |
wbce_cms -- wbce_cms | A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 2023-09-28 | 5.4 | CVE-2023-43871 MISC |
withsecure -- f-secure_policy_manager | Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux. | 2023-09-22 | 6.1 | CVE-2023-43763 MISC MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions. | 2023-09-27 | 5.4 | CVE-2023-27628 MISC |
wordpress -- wordpress | The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. | 2023-09-27 | 6.5 | CVE-2023-4506 MISC MISC MISC |
wordpress -- wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. | 2023-09-27 | 6.1 | CVE-2023-27616 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions. | 2023-09-27 | 6.1 | CVE-2023-28490 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.7 versions. | 2023-09-27 | 6.1 | CVE-2023-30471 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeShop URL Shortener by MyThemeShop plugin <= 1.0.17 versions. | 2023-09-27 | 6.1 | CVE-2023-30472 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions. | 2023-09-27 | 6.1 | CVE-2023-30493 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions. | 2023-09-27 | 6.1 | CVE-2023-40330 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <= 3.0.9 versions. | 2023-09-27 | 6.1 | CVE-2023-40333 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions. | 2023-09-27 | 6.1 | CVE-2023-40663 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy - Smart Donations plugin <= 4.0.12 versions. | 2023-09-27 | 6.1 | CVE-2023-40664 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <= 117 versions. | 2023-09-27 | 6.1 | CVE-2023-40667 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Everest News Pro theme <= 1.1.7 versions. | 2023-09-27 | 6.1 | CVE-2023-41235 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions. | 2023-09-27 | 6.1 | CVE-2023-41236 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose Pro theme <= 1.0.8 versions. | 2023-09-27 | 6.1 | CVE-2023-41237 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.3 versions. | 2023-09-27 | 6.1 | CVE-2023-41238 MISC |
wordpress -- wordpress | The Ditty WordPress plugin before 3.1.25 does not sanitize and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-09-25 | 6.1 | CVE-2023-4148 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e - Sermons Online plugin <= 1.0.0 versions. | 2023-09-27 | 6.1 | CVE-2023-41653 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions. | 2023-09-29 | 6.1 | CVE-2023-41691 MISC |
wordpress -- wordpress | Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <= 1.0.1 versions. | 2023-09-27 | 6.1 | CVE-2023-41860 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions. | 2023-09-27 | 6.1 | CVE-2023-41861 MISC |
wordpress -- wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <= 1.7.0 versions. | 2023-09-25 | 6.1 | CVE-2023-41863 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions. | 2023-09-25 | 6.1 | CVE-2023-41867 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions. | 2023-09-25 | 6.1 | CVE-2023-41868 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions. | 2023-09-25 | 6.1 | CVE-2023-41871 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions. | 2023-09-25 | 6.1 | CVE-2023-41872 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions. | 2023-09-25 | 6.1 | CVE-2023-41874 MISC |
wordpress -- wordpress | The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitize and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-09-25 | 6.1 | CVE-2023-4476 MISC |
wordpress -- wordpress | The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form. | 2023-09-25 | 6.1 | CVE-2023-4549 MISC |
wordpress -- wordpress | Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6 versions. | 2023-09-27 | 5.4 | CVE-2023-40605 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in twinpictures, baden03 Collapse-O-Matic plugin <= 1.8.5.5 versions. | 2023-09-27 | 5.4 | CVE-2023-40669 MISC |
wordpress -- wordpress | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-22 | 5.4 | CVE-2023-4716 MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-22 | 5.4 | CVE-2023-4774 MISC MISC MISC |
wordpress -- wordpress | The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-23 | 5.4 | CVE-2023-5125 MISC MISC |
wordpress -- wordpress | The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-27 | 5.4 | CVE-2023-5161 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-27 | 5.4 | CVE-2023-5162 MISC MISC MISC |
wordpress -- wordpress | This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. | 2023-09-25 | 5.3 | CVE-2023-4281 MISC |
wordpress -- wordpress | The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. | 2023-09-25 | 5.3 | CVE-2023-4631 MISC |
wordpress -- wordpress | The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. | 2023-09-27 | 4.9 | CVE-2023-4505 MISC MISC MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <= 2.3 versions. | 2023-09-27 | 4.8 | CVE-2023-25483 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. | 2023-09-27 | 4.8 | CVE-2023-27617 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions. | 2023-09-27 | 4.8 | CVE-2023-27622 MISC |
wordpress -- wordpress | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions. | 2023-09-27 | 4.8 | CVE-2023-28790 MISC |
wordpress -- wordpress | The Popup Builder WordPress plugin through 4.1.15 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-09-25 | 4.8 | CVE-2023-3226 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <= 1.0 versions. | 2023-09-27 | 4.8 | CVE-2023-40604 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin <= 2.16.0 versions. | 2023-09-27 | 4.8 | CVE-2023-40665 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin <= 2.16.0 versions. | 2023-09-27 | 4.8 | CVE-2023-40668 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <= 1.5.1.2 versions. | 2023-09-27 | 4.8 | CVE-2023-40675 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.8 versions. | 2023-09-27 | 4.8 | CVE-2023-40676 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions. | 2023-09-27 | 4.8 | CVE-2023-40677 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <= 2.5.0 versions. | 2023-09-27 | 4.8 | CVE-2023-41241 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions. | 2023-09-27 | 4.8 | CVE-2023-41242 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions. | 2023-09-25 | 4.8 | CVE-2023-41948 MISC |
wordpress -- wordpress | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions. | 2023-09-25 | 4.8 | CVE-2023-41949 MISC |
wordpress -- wordpress | The WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-09-27 | 4.8 | CVE-2023-4423 MISC MISC MISC MISC |
wordpress -- wordpress | The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters. | 2023-09-25 | 4.8 | CVE-2023-4502 MISC |
wordpress -- wordpress | The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta. | 2023-09-23 | 4.3 | CVE-2023-5134 MISC MISC |
wordpress -- wordpress | The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-27 | 6.4 | CVE-2023-5135 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-28 | 6.4 | CVE-2023-5230 MISC MISC |
wordpress -- wordpress | The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-28 | 6.4 | CVE-2023-5232 MISC MISC |
wordpress -- wordpress | The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-28 | 6.4 | CVE-2023-5233 MISC MISC |
wordpress -- wordpress | The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-09-30 | 6.4 | CVE-2023-5295 MISC MISC |
zephyr -- zephyr | In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | 2023-09-25 | 6.5 | CVE-2023-4258 MISC |
zoho_corp -- manageengine_admanager_plus | Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. | 2023-09-27 | 5.4 | CVE-2023-41904 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- macos | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory. | 2023-09-27 | 3.3 | CVE-2023-29497 MISC |
apple -- macos | A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen. | 2023-09-27 | 3.3 | CVE-2023-37448 MISC |
apple -- macos | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments. | 2023-09-27 | 3.3 | CVE-2023-40386 MISC |
apple -- multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. | 2023-09-27 | 3.3 | CVE-2023-35990 MISC MISC MISC MISC |
apple -- multiple_products | A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information. | 2023-09-27 | 3.3 | CVE-2023-40384 MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts. | 2023-09-27 | 3.3 | CVE-2023-40395 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information. | 2023-09-27 | 3.3 | CVE-2023-40427 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library. | 2023-09-27 | 3.3 | CVE-2023-40434 MISC MISC |
apple -- multiple_products | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. | 2023-09-27 | 3.3 | CVE-2023-40456 MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. | 2023-09-27 | 3.3 | CVE-2023-40520 MISC MISC MISC |
apple -- multiple_products | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information. | 2023-09-27 | 3.3 | CVE-2023-41065 MISC MISC MISC MISC |
cilium -- cilium | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `io.cilium.proxy-visibility` annotations (in Cilium <= v1.12) causes the Cilium agent to segfault on the node to which the workload is assigned. Existing traffic on the affected node will continue to flow, but the Cilium agent on the node will not be able to process changes to workloads running on the node. This will also prevent workloads from being able to start on the affected node. The denial of service will be limited to the node on which the workload is scheduled, however an attacker may be able to schedule workloads on the node of their choosing, which could lead to targeted attacks. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users unable to upgrade can avoid this denial-of-service attack by enabling the Layer 7 proxy. | 2023-09-27 | 3.5 | CVE-2023-41332 MISC MISC |
huawei -- emui | Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable. | 2023-09-27 | 3.7 | CVE-2023-41306 MISC MISC |
huawei -- emui | Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background. | 2023-09-27 | 3.3 | CVE-2023-41310 MISC MISC |
matrix -- synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities-it already learns the users' passwords as part of the authentication process-it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-09-27 | 3.7 | CVE-2023-41335 MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apple -- macos | An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data. | 2023-09-28 | not yet calculated | CVE-2023-40307 MISC |
argo_cd -- argo_cd | Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. User's still using Argo CD 2.3 or below are advised to update to a supported version. If this is not possible, disabling Helm chart rendering, or using an additional repo-server for each Helm chart would prevent possible exploitation. | 2023-09-27 | not yet calculated | CVE-2023-40026 MISC MISC |
binalyze -- binalyze | An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. | 2023-09-28 | not yet calculated | CVE-2023-41444 MISC MISC MISC |
cambium_networks -- multiple_products | Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | 2023-09-29 | not yet calculated | CVE-2022-35908 CONFIRM MISC |
caphyon -- advanced_installer | A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903. | 2023-09-30 | not yet calculated | CVE-2022-4956 MISC MISC MISC MISC |
cisco -- cisco_aironet_access_point_software | A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear down and reset, causing a denial of service (DoS) condition. | 2023-09-27 | not yet calculated | CVE-2023-20176 MISC |
cisco -- cisco_aironet_access_point_software | A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic. | 2023-09-27 | not yet calculated | CVE-2023-20268 MISC |
cisco -- cisco_catalyst_sd-wan_manager | A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service. | 2023-09-27 | not yet calculated | CVE-2023-20262 MISC |
cisco -- cisco_digital_network_architecture_center | A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. | 2023-09-27 | not yet calculated | CVE-2023-20223 MISC |
cisco -- cisco_ios_xe_software | A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition. | 2023-09-27 | not yet calculated | CVE-2023-20187 MISC |
cisco -- cisco_ios_xe_software | A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition. | 2023-09-27 | not yet calculated | CVE-2023-20202 MISC |
cisco -- cisco_ios_xe_software | A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2023-09-27 | not yet calculated | CVE-2023-20226 MISC |
cisco -- cisco_ios_xe_software | A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. | 2023-09-27 | not yet calculated | CVE-2023-20227 MISC |
cisco -- cisco_ios_xe_software | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default. | 2023-09-27 | not yet calculated | CVE-2023-20231 MISC |
cisco -- cisco_sd-wan_vmanage | Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. This vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability. | 2023-09-27 | not yet calculated | CVE-2023-20034 MISC |
cisco -- cisco_sd-wan_vmanage | A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application. | 2023-09-27 | not yet calculated | CVE-2023-20179 MISC |
cisco -- cisco_sd-wan_vmanage | A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. | 2023-09-27 | not yet calculated | CVE-2023-20252 MISC |
cisco -- cisco_sd-wan_vmanage | A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system. | 2023-09-27 | not yet calculated | CVE-2023-20253 MISC |
cisco -- cisco_wireless_lan_controller | A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition. | 2023-09-27 | not yet calculated | CVE-2023-20251 MISC |
cisco -- ios | A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory. | 2023-09-27 | not yet calculated | CVE-2023-20109 MISC |
cisco -- ios | A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device. | 2023-09-27 | not yet calculated | CVE-2023-20186 MISC |
codehaus-plexus -- codehaus-plexus | A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files. | 2023-09-25 | not yet calculated | CVE-2022-4244 MISC MISC MISC |
codehaus-plexus -- codehaus-plexus | A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. | 2023-09-25 | not yet calculated | CVE-2022-4245 MISC MISC MISC |
composer -- composer | Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini and avoid publishing composer.phar to the web as this is not best practice. | 2023-09-29 | not yet calculated | CVE-2023-43655 MISC MISC MISC MISC |
consensys -- gnark-crypto | Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval. | 2023-09-28 | not yet calculated | CVE-2023-44273 MISC MISC MISC |
dedebiz -- dedebiz | A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879. | 2023-09-29 | not yet calculated | CVE-2023-5266 MISC MISC MISC MISC |
dedebiz -- dedebiz | A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5268 MISC MISC MISC |
dedecms -- dedecms | A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940. | 2023-09-30 | not yet calculated | CVE-2023-5301 MISC MISC MISC |
dell -- common_event_enabler | Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges. | 2023-09-29 | not yet calculated | CVE-2023-32477 MISC |
dell -- data_protection_central | Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. | 2023-09-27 | not yet calculated | CVE-2023-4129 MISC |
dell -- dell_emc_appsync | Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. | 2023-09-27 | not yet calculated | CVE-2023-32458 MISC |
discourse -- discourse | discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured. | 2023-09-28 | not yet calculated | CVE-2023-43657 MISC MISC MISC |
drupal -- core | In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected. | 2023-09-28 | not yet calculated | CVE-2023-5256 MISC |
eaton -- smp_sg-4260 | Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore. | 2023-09-27 | not yet calculated | CVE-2023-43775 MISC |
economizzer -- economizzer | A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection. | 2023-09-28 | not yet calculated | CVE-2023-38870 MISC MISC MISC |
economizzer -- economizzer | The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses. | 2023-09-28 | not yet calculated | CVE-2023-38871 MISC MISC MISC |
economizzer -- economizzer | An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. | 2023-09-28 | not yet calculated | CVE-2023-38872 MISC MISC MISC |
economizzer -- economizzer | The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both. | 2023-09-28 | not yet calculated | CVE-2023-38873 MISC MISC MISC |
economizzer -- economizzer | A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands. | 2023-09-28 | not yet calculated | CVE-2023-38874 MISC MISC MISC |
economizzer -- economizzer | A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords. | 2023-09-28 | not yet calculated | CVE-2023-38877 MISC MISC MISC |
ecshop -- ecshop | A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240924. | 2023-09-29 | not yet calculated | CVE-2023-5293 MISC MISC MISC |
ecshop -- ecshop | A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240925 was assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5294 MISC MISC MISC |
ekakin -- shihonkanri_plus | Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product. | 2023-09-27 | not yet calculated | CVE-2023-43825 MISC MISC |
foru_cms -- foru_cms | A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-27 | not yet calculated | CVE-2023-5221 MISC MISC MISC |
foru_cms -- foru_cms | A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continuous delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-240868. | 2023-09-29 | not yet calculated | CVE-2023-5259 MISC MISC MISC |
generex -- ups_cs141 | There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory. | 2023-09-28 | not yet calculated | CVE-2022-47186 MISC MISC |
generex -- ups_cs141 | There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file. | 2023-09-28 | not yet calculated | CVE-2022-47187 MISC MISC |
get-func-name -- get-func-name | get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial-of-service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\t'.repeat(54773) + '\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-27 | not yet calculated | CVE-2023-43646 MISC MISC |
gitlab -- gitlab | An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. | 2023-09-29 | not yet calculated | CVE-2023-0989 MISC MISC |
gitlab -- gitlab | An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects. | 2023-09-29 | not yet calculated | CVE-2023-2233 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories. | 2023-09-29 | not yet calculated | CVE-2023-3115 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members. | 2023-09-29 | not yet calculated | CVE-2023-3413 MISC MISC |
gitlab -- gitlab | An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy. | 2023-09-29 | not yet calculated | CVE-2023-3906 MISC MISC |
gitlab -- gitlab | A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects. | 2023-09-29 | not yet calculated | CVE-2023-3914 MISC MISC |
gitlab -- gitlab | Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. | 2023-09-29 | not yet calculated | CVE-2023-3917 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation. | 2023-09-29 | not yet calculated | CVE-2023-3920 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. | 2023-09-29 | not yet calculated | CVE-2023-3922 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request's source branch. | 2023-09-29 | not yet calculated | CVE-2023-3979 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. | 2023-09-29 | not yet calculated | CVE-2023-4532 MISC MISC |
gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys. | 2023-09-29 | not yet calculated | CVE-2023-5198 MISC MISC |
gitlab -- gitlab | A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. | 2023-09-30 | not yet calculated | CVE-2023-5207 MISC MISC MISC |
hashicorp -- vault | The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0. | 2023-09-29 | not yet calculated | CVE-2023-5077 MISC |
hashicorp -- vault_enterprise | A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. | 2023-09-29 | not yet calculated | CVE-2023-3775 MISC |
himitzh -- hoj | A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240365 was assigned to this vulnerability. | 2023-09-27 | not yet calculated | CVE-2023-5223 MISC MISC MISC |
hospital-management-system -- hospital-management-system | Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | 2023-09-29 | not yet calculated | CVE-2023-43909 MISC |
hospital-management-system -- hospital-management-system | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 2023-09-28 | not yet calculated | CVE-2023-5004 MISC MISC |
hospital-management-system -- hospital-management-system | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 2023-09-28 | not yet calculated | CVE-2023-5053 MISC MISC |
huakecms -- huakecms | A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5264 MISC MISC MISC |
ibm -- license_metric_tool | IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893. | 2023-09-28 | not yet calculated | CVE-2023-43044 MISC MISC |
illumio -- core_pce | Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE's operating system user. | 2023-09-27 | not yet calculated | CVE-2023-5183 MISC |
imagination_technologies -- powervr_image_compression_(pvric) | PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. | 2023-09-27 | not yet calculated | CVE-2023-44216 MISC MISC MISC MISC MISC MISC MISC MISC |
inure -- inure | Missing Authorization in GitHub repository hamza417/inure prior to build94. | 2023-09-30 | not yet calculated | CVE-2023-5321 MISC MISC |
jfinalcms -- jfinalcms | JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft | 2023-09-27 | not yet calculated | CVE-2023-43191 MISC |
jfinalcms -- jfinalcms | SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. | 2023-09-27 | not yet calculated | CVE-2023-43192 MISC |
jumpserver -- jumpserver | JumpServer is an open-source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-09-27 | not yet calculated | CVE-2023-42818 MISC |
jumpserver -- jumpserver | JumpServer is an open-source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code, ranging from 000000 to 999999, to facilitate the password reset. Although the code is only available in 1 minute, this window potentially allows for up to 1,000,000 validation attempts. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-27 | not yet calculated | CVE-2023-43650 MISC |
jumpserver -- jumpserver | JumpServer is an open-source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-27 | not yet calculated | CVE-2023-43651 MISC |
jumpserver -- jumpserver | JumpServer is an open-source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not be used as an authentication secret alone. JumpServer provides an API for the KoKo component to validate user private key logins. This API does not verify the source of requests and will generate a personal authentication token. Given that public keys can be easily leaked, an attacker can exploit the leaked public key and username to authenticate, subsequently gaining access to the current user's information and authorized actions. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-27 | not yet calculated | CVE-2023-43652 MISC |
lemonldap::ng -- lemonldap::ng | A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770. | 2023-09-29 | not yet calculated | CVE-2023-44469 MISC MISC MISC |
lg_electronics -- lg_v60_thin_q_5g | The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps. | 2023-09-27 | not yet calculated | CVE-2023-44121 MISC |
lg_electronics -- lg_v60_thin_q_5g | The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable. | 2023-09-27 | not yet calculated | CVE-2023-44122 MISC |
lg_electronics -- lg_v60_thin_q_5g | The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. | 2023-09-27 | not yet calculated | CVE-2023-44123 MISC |
lg_electronics -- lg_v60_thin_q_5g | The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage. | 2023-09-27 | not yet calculated | CVE-2023-44124 MISC |
lg_electronics -- lg_v60_thin_q_5g | The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. | 2023-09-27 | not yet calculated | CVE-2023-44125 MISC |
lg_electronics -- lg_v60_thin_q_5g | The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc. | 2023-09-27 | not yet calculated | CVE-2023-44126 MISC |
lg_electronics -- lg_v60_thin_q_5g | The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers. | 2023-09-27 | not yet calculated | CVE-2023-44127 MISC |
lg_electronics -- lg_v60_thin_q_5g | The vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted. | 2023-09-27 | not yet calculated | CVE-2023-44128 MISC |
lg_electronics -- lg_v60_thin_q_5g | The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set. | 2023-09-27 | not yet calculated | CVE-2023-44129 MISC |
libhv -- libhv | All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered. | 2023-09-29 | not yet calculated | CVE-2023-26146 MISC MISC |
libhv -- libhv | All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-26147 MISC MISC |
libhv -- libhv | All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent. | 2023-09-29 | not yet calculated | CVE-2023-26148 MISC MISC |
libnbd -- libnbd | A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. | 2023-09-28 | not yet calculated | CVE-2023-5215 MISC MISC MISC |
libvpx -- libvpx | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | 2023-09-30 | not yet calculated | CVE-2023-44488 MISC MISC MISC MISC MLIST MLIST |
linux -- kernel | A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. | 2023-09-28 | not yet calculated | CVE-2023-42756 MISC MISC MISC |
linux -- kernel | An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. | 2023-09-29 | not yet calculated | CVE-2023-44466 MISC MISC MISC MISC |
linux -- kernel | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. | 2023-09-27 | not yet calculated | CVE-2023-5197 MISC MISC |
macs_framework_content_management_system -- macs_framework_content_management_system | In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. | 2023-09-27 | not yet calculated | CVE-2023-43154 MISC MISC |
mariadb -- mariadb | A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | 2023-09-27 | not yet calculated | CVE-2023-5157 MISC MISC |
matrix-org -- matrix-hookshot | matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If you have only enabled a limited set of trusted users, this threat is reduced (though not eliminated). Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. Users are advised to upgrade. Users unable to upgrade should disable `generic.allowJsTransformationFunctions` in the config. | 2023-09-27 | not yet calculated | CVE-2023-43656 MISC MISC |
mattermost -- mattermost | Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. | 2023-09-29 | not yet calculated | CVE-2023-5159 MISC |
mattermost -- mattermost | Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation. | 2023-09-29 | not yet calculated | CVE-2023-5193 MISC |
mattermost -- mattermost | Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager | 2023-09-29 | not yet calculated | CVE-2023-5194 MISC |
mattermost -- mattermost | Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of | 2023-09-29 | not yet calculated | CVE-2023-5195 MISC |
mattermost -- mattermost | Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users. | 2023-09-29 | not yet calculated | CVE-2023-5196 MISC |
microweber -- microweber | Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | 2023-09-30 | not yet calculated | CVE-2023-5318 MISC MISC |
mozilla -- firefox | In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to affect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118. | 2023-09-27 | not yet calculated | CVE-2023-5170 MISC MISC |
mozilla -- firefox | A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118. | 2023-09-27 | not yet calculated | CVE-2023-5172 MISC MISC |
mozilla -- multiple_products | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 2023-09-27 | not yet calculated | CVE-2023-5169 MISC MISC MISC MISC MISC MISC |
mozilla -- multiple_products | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 2023-09-27 | not yet calculated | CVE-2023-5171 MISC MISC MISC MISC MISC MISC |
nodebb_inc. -- nodebb | Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively. | 2023-09-29 | not yet calculated | CVE-2023-30591 MISC MISC MISC MISC |
okhttp -- okhttp | A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. | 2023-09-27 | not yet calculated | CVE-2023-0833 MISC MISC MISC MISC MISC |
online_banquet_booking_system -- online_banquet_booking_system | A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability. | 2023-09-30 | not yet calculated | CVE-2023-5303 MISC MISC |
online_banquet_booking_system -- online_banquet_booking_system | A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943. | 2023-09-30 | not yet calculated | CVE-2023-5304 MISC MISC |
online_banquet_booking_system -- online_banquet_booking_system | A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944. | 2023-09-30 | not yet calculated | CVE-2023-5305 MISC MISC |
online_book_store_project -- online_book_store_project | Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 2023-09-28 | not yet calculated | CVE-2023-43740 MISC MISC |
openfga -- openfga | OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial-of-service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Users are advised to upgrade to v1.3.2 and update any offending models. There are no known workarounds for this vulnerability. Note that for models which contained cycles or a relation definition that has the relation itself in its evaluation path, checks and queries that require evaluation will no longer be evaluated on v1.3.2+ and will return errors instead. Users who do not have cyclic models are unaffected. | 2023-09-27 | not yet calculated | CVE-2023-43645 MISC MISC |
openrapid -- rapidcms | A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867. | 2023-09-29 | not yet calculated | CVE-2023-5258 MISC MISC MISC MISC |
openrapid -- rapidcms | A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871. | 2023-09-29 | not yet calculated | CVE-2023-5262 MISC MISC MISC MISC |
opnsense -- opnsense | OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. | 2023-09-28 | not yet calculated | CVE-2023-44275 MISC MISC MISC |
opnsense -- opnsense | OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. | 2023-09-28 | not yet calculated | CVE-2023-44276 MISC MISC MISC |
oracle -- apache_avro | When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue. | 2023-09-29 | not yet calculated | CVE-2023-39410 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43702 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43703 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43704 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43705 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43706 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name] " parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43707 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43708 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43709 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43710 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "admin_firstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43711 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "access_levels_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43712 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43713 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43714 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43715 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43716 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43717 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43718 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43719 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "BILLING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43720 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43721 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43722 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43723 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43724 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43725 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43726 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43727 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43728 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43729 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43730 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "zone_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43731 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43732 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43733 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43734 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-43735 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-5111 MISC MISC |
os_commerce -- os_commerce | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 2023-09-30 | not yet calculated | CVE-2023-5112 MISC MISC |
palantir -- gotham-fe-bundle | Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link. | 2023-09-27 | not yet calculated | CVE-2023-30961 MISC |
pgyer -- codefever | An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. | 2023-09-27 | not yet calculated | CVE-2023-44080 MISC |
phpkobo -- ajax_poll_script | A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability. | 2023-09-30 | not yet calculated | CVE-2023-5313 MISC MISC MISC |
phpmyfaq -- phpmyfaq | Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | 2023-09-30 | not yet calculated | CVE-2023-5227 MISC MISC |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | 2023-09-30 | not yet calculated | CVE-2023-5316 MISC MISC |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | 2023-09-30 | not yet calculated | CVE-2023-5317 MISC MISC |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | 2023-09-30 | not yet calculated | CVE-2023-5319 MISC MISC |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | 2023-09-30 | not yet calculated | CVE-2023-5320 MISC MISC |
postcss -- postcss | An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule. | 2023-09-29 | not yet calculated | CVE-2023-44270 MISC MISC MISC |
prestashop -- prestashop | PrestaShop is an open-source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shop's functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-09-28 | not yet calculated | CVE-2023-43663 MISC MISC |
prestashop -- prestashop | PrestaShop is an open-source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-09-28 | not yet calculated | CVE-2023-43664 MISC MISC |
pretix -- pretix | pretix before 2023.7.2 allows Pillow to parse EPS files. | 2023-09-29 | not yet calculated | CVE-2023-44464 MISC MISC MISC MISC |
proxmox_server_solutions_gmbh -- multiple_products | An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. | 2023-09-27 | not yet calculated | CVE-2023-43320 MISC MISC MISC |
pydash -- pydash | This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. **Note:** The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function. | 2023-09-28 | not yet calculated | CVE-2023-26145 MISC MISC MISC |
pytorch -- serve | TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-09-28 | not yet calculated | CVE-2023-43654 MISC MISC MISC |
quill-mention -- quill-mention | Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. **Note:** If the mentions list is sourced from unsafe (user-sourced) data, this might allow an injection attack when a Quill user hits @. | 2023-09-28 | not yet calculated | CVE-2023-26149 MISC MISC MISC MISC MISC MISC |
rdiffweb -- rdiffweb | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. | 2023-09-29 | not yet calculated | CVE-2023-5289 MISC MISC |
red_hat -- amq_broker | A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. | 2023-09-27 | not yet calculated | CVE-2023-4065 MISC MISC MISC |
red_hat -- amq_broker | A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | 2023-09-27 | not yet calculated | CVE-2023-4066 MISC MISC MISC |
samsung-- exynos | Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). | 2023-09-28 | not yet calculated | CVE-2023-41911 MISC |
scylladb -- scylladb | Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace and create new tables on behalf of other users. | 2023-09-27 | not yet calculated | CVE-2023-33972 MISC |
shokoanime -- shokoserver | ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191. | 2023-09-28 | not yet calculated | CVE-2023-43662 MISC MISC |
sick_ag -- sim1012 | A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device. | 2023-09-29 | not yet calculated | CVE-2023-5288 MISC MISC MISC |
silabs.com -- gsdk | Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | 2023-09-29 | not yet calculated | CVE-2023-3024 MISC MISC |
sourcecodester -- best_courier_management_system | A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5269 MISC MISC MISC |
sourcecodester -- best_courier_management_system | A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240883. | 2023-09-29 | not yet calculated | CVE-2023-5270 MISC MISC MISC |
sourcecodester -- best_courier_management_system | A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240884. | 2023-09-29 | not yet calculated | CVE-2023-5271 MISC MISC MISC |
sourcecodester -- best_courier_management_system | A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5272 MISC MISC MISC |
sourcecodester -- best_courier_management_system | A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240886 is the identifier assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5273 MISC MISC MISC |
sourcecodester -- best_courier_management_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability. | 2023-09-30 | not yet calculated | CVE-2023-5302 MISC MISC MISC |
sourcecodester -- engineers_online_portal | A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-240904. | 2023-09-29 | not yet calculated | CVE-2023-5276 MISC MISC MISC |
sourcecodester -- engineers_online_portal | A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5277 MISC MISC MISC |
sourcecodester -- engineers_online_portal | A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240906 is the identifier assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5278 MISC MISC MISC |
sourcecodester -- engineers_online_portal | A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240907. | 2023-09-29 | not yet calculated | CVE-2023-5279 MISC MISC MISC |
sourcecodester -- engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240908. | 2023-09-29 | not yet calculated | CVE-2023-5280 MISC MISC MISC |
sourcecodester -- engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240909 was assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5281 MISC MISC MISC |
sourcecodester -- engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240910 is the identifier assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5282 MISC MISC MISC |
sourcecodester -- engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240911. | 2023-09-29 | not yet calculated | CVE-2023-5283 MISC MISC MISC |
sourcecodester -- engineers_online_portal | A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912. | 2023-09-29 | not yet calculated | CVE-2023-5284 MISC MISC MISC |
sourcecodester -- expense_tracker_app | A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5286 MISC MISC MISC |
sourcecodester -- simple_membership_system | A vulnerability, which was classified as critical, has been found in SourceCodester Simple Membership System 1.0. This issue affects some unknown processing of the file group_validator.php. The manipulation of the argument club_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240869 was assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5260 MISC MISC MISC |
sourcecodester -- task_management_system | A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list. | 2023-09-29 | not yet calculated | CVE-2023-43944 MISC |
tibco_software_inc. -- tibco_nimbus | The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6.0 and below. | 2023-09-29 | not yet calculated | CVE-2023-26218 MISC |
tongda -- oa_2017 | A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240870 is the identifier assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5261 MISC MISC MISC |
tongda -- oa_2017 | A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5265 MISC MISC MISC |
tongda -- oa_2017 | A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880. | 2023-09-29 | not yet calculated | CVE-2023-5267 MISC MISC MISC |
tongda -- oa_2017 | A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-240913 was assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5285 MISC MISC MISC |
tongda -- oa_2017 | A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability. | 2023-09-30 | not yet calculated | CVE-2023-5298 MISC MISC MISC |
ttsplanning -- ttsplanning | A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939. | 2023-09-30 | not yet calculated | CVE-2023-5300 MISC MISC MISC |
viessmann -- vitogate_300 | A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-09-27 | not yet calculated | CVE-2023-5222 MISC MISC MISC |
warp-tech -- warpgate | Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-27 | not yet calculated | CVE-2023-43660 MISC MISC |
whitehsbg -- jndiexploit | A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5257 MISC MISC MISC |
wordpress -- wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <=1.0.7 versions. | 2023-09-29 | not yet calculated | CVE-2023-39308 MISC MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <=2.5.9 versions. | 2023-09-29 | not yet calculated | CVE-2023-41655 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <=2.3.2 versions. | 2023-09-29 | not yet calculated | CVE-2023-41657 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <=1.0.13 versions. | 2023-09-29 | not yet calculated | CVE-2023-41658 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions. | 2023-09-29 | not yet calculated | CVE-2023-41661 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | 2023-09-29 | not yet calculated | CVE-2023-41662 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions. | 2023-09-29 | not yet calculated | CVE-2023-41663 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions. | 2023-09-29 | not yet calculated | CVE-2023-41666 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions. | 2023-09-29 | not yet calculated | CVE-2023-41687 MISC |
xinhu -- rockoa | A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability. | 2023-09-29 | not yet calculated | CVE-2023-5296 MISC MISC MISC |
xinhu -- rockoa | A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927. | 2023-09-29 | not yet calculated | CVE-2023-5297 MISC MISC MISC |
xrdp -- xrdp | xrdp is an open-source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-09-27 | not yet calculated | CVE-2023-42822 MISC MISC |
yzncms -- yzncms | A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. | 2023-09-27 | not yet calculated | CVE-2023-43233 MISC |
zephyr -- zephyr | Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. | 2023-09-27 | not yet calculated | CVE-2023-5184 MISC |
zyxel -- zyxel | Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component. | 2023-09-27 | not yet calculated | CVE-2023-43314 MISC |
zzzcms -- zzzcms | A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872. | 2023-09-29 | not yet calculated | CVE-2023-5263 MISC MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.