Vulnerability Summary for the Week of October 23, 2023

Released
Oct 30, 2023
Document ID
SB23-303

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
projectworlds_pvt._limited -- online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-269.8CVE-2023-43737
MISC
MISC
projectworlds_pvt._limited -- online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-43738
MISC
MISC
projectworlds_pvt._limited -- online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-44162
MISC
MISC
projectworlds_pvt._limited -- online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-269.8CVE-2023-44267
MISC
MISC
projectworlds_pvt._limited -- online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-269.8CVE-2023-44268
MISC
MISC
projectworlds_pvt._limited -- online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-44375
MISC
MISC
projectworlds_pvt._limited -- online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-44376
MISC
MISC
projectworlds_pvt._limited -- online_art_gallery
 
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-44377
MISC
MISC
apache -- http_serverOut-of-bounds Read vulnerability in mod_macro of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.57.2023-10-239.1CVE-2023-31122
MISC
MISC
MISC
byzoro -- smart_s85f_firmwareA vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-219.8CVE-2023-5683
MISC
MISC
MISC
byzoro -- smart_s85f_firmwareA vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-219.8CVE-2023-5684
MISC
MISC
MISC
calibre-ebook -- calibrelink_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.2023-10-227.5CVE-2023-46303
MISC
MISC
codeastro -- internet_banking_systemA vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131.2023-10-229.8CVE-2023-5693
MISC
MISC
MISC
color -- demoiccmaxIn International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a.2023-10-238.8CVE-2023-46602
MISC
color -- demoiccmaxIn International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a.2023-10-237.8CVE-2023-46603
MISC
dell -- unity_operating_environmentDell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.2023-10-237.8CVE-2023-43066
MISC
dell -- unity_operating_environmentDell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.2023-10-237.5CVE-2023-43074
MISC
edm_informatics -- e-invoice
 
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1.2023-10-277.5CVE-2023-5443
MISC
f5 -- big-ipUndisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2023-10-269.8CVE-2023-46747
MISC
f5 -- big-ipAn authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2023-10-268.8CVE-2023-46748
MISC
frostming -- pdmpdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g., an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-10-207.8CVE-2023-45805
MISC
MISC
MISC
MISC
MISC
ibm -- cognos_dashboards_on_cloud_pak_for_dataIBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730.2023-10-227.5CVE-2023-38275
MISC
MISC
ibm -- cognos_dashboards_on_cloud_pak_for_dataIBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736.2023-10-227.5CVE-2023-38276
MISC
MISC
ibm -- security_verify_governanceIBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222.2023-10-239.8CVE-2022-22466
MISC
MISC
ibm -- security_verify_governanceIBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036.2023-10-238.8CVE-2023-33839
MISC
MISC
ibm -- security_verify_governanceIBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020.2023-10-237.5CVE-2023-33837
MISC
MISC
ibm -- sterling_partner_engagement_managerIBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896.2023-10-237.5CVE-2023-43045
MISC
MISC
idattend -- idwebUnauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-26568
MISC
idattend -- idwebUnauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-26569
MISC
idattend -- idwebUnauthenticated SQL injection in the GetExcursionList method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-26572
MISC
idattend -- idwebMissing authentication in the SetDB method in IDAttend's IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials.2023-10-259.1CVE-2023-26573
MISC
idattend -- idwebUnauthenticated SQL injection in the GetVisitors method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-26581
MISC
idattend -- idwebUnauthenticated SQL injection in the GetExcursionDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-26582
MISC
idattend -- idwebUnauthenticated SQL injection in the GetCurrentPeriod method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-26583
MISC
idattend -- idwebUnauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-26584
MISC
idattend -- idwebUnauthenticated SQL injection in the GetRoomChanges method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-27254
MISC
idattend -- idwebUnauthenticated SQL injection in the DeleteRoomChanges method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-27255
MISC
idattend -- idwebUnauthenticated SQL injection in the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-27260
MISC
idattend -- idwebUnauthenticated SQL injection in the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers.2023-10-259.1CVE-2023-27262
MISC
idattend -- idwebArbitrary file upload to web root in the IDAttend's IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server.2023-10-258.8CVE-2023-26578
MISC
idattend -- idwebMissing authentication in the StudentPopupDetails_Timetable method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.2023-10-257.5CVE-2023-26570
MISC
idattend -- idwebMissing authentication in the SetStudentNotes method in IDAttend's IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers.2023-10-257.5CVE-2023-26571
MISC
idattend -- idwebMissing authentication in the SearchStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.2023-10-257.5CVE-2023-26574
MISC
idattend -- idwebMissing authentication in the SearchStudentsStaff method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers.2023-10-257.5CVE-2023-26575
MISC
idattend -- idwebMissing authentication in the SearchStudentsRFID method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers.2023-10-257.5CVE-2023-26576
MISC
idattend -- idwebUnauthenticated arbitrary file read in the IDAttend's IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers.2023-10-257.5CVE-2023-26580
MISC
idattend -- idwebMissing authentication in the GetActiveToiletPasses method in IDAttend's IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers.2023-10-257.5CVE-2023-27257
MISC
idattend -- idwebMissing authentication in the GetStudentGroupStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers.2023-10-257.5CVE-2023-27258
MISC
idattend -- idwebMissing authentication in the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers.2023-10-257.5CVE-2023-27259
MISC
idattend -- idwebMissing authentication in the StudentPopupDetails_ContactDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.2023-10-257.5CVE-2023-27375
MISC
idattend -- idwebMissing authentication in the StudentPopupDetails_StudentDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.2023-10-257.5CVE-2023-27376
MISC
idattend -- idwebMissing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers.2023-10-257.5CVE-2023-27377
MISC
inohom -- home_manager_gateway
 
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting. This issue affects Home Manager Gateway: before v.1.27.12.2023-10-277.5CVE-2023-5570
MISC
langchain -- langchainIn Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain.2023-10-209.8CVE-2023-32785
MISC
langchain -- langchainIn Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks.2023-10-207.5CVE-2023-32786
MISC
m-files -- web_companionExecution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution 2023-10-207.8CVE-2023-5523
MISC
modoboa -- modoboaCross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2.2023-10-208.8CVE-2023-5690
MISC
MISC
mosparo -- mosparoCross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3.2023-10-208.8CVE-2023-5687
MISC
MISC
netentsec -- application_security_gatewayA vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability.2023-10-239.8CVE-2023-5700
MISC
MISC
MISC
netentsec -- application_security_gatewayA vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-207.2CVE-2023-5681
MISC
MISC
MISC
openimageio -- openimageioAn issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c2023-10-238.8CVE-2023-42295
MISC
pleaser -- pleaserplease (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.)2023-10-207.8CVE-2023-46277
MISC
MISC
MISC
MISC
projectworlds_pvt._limited -- leave_management_system_project
 
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-44480
MISC
MISC
qnap -- qusbcam2An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later2023-10-208.8CVE-2023-23373
MISC
radare -- radare2Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.2023-10-208.8CVE-2023-5686
MISC
MISC
reconftw -- reconftwreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.2023-10-208.8CVE-2023-46117
MISC
MISC
secudos -- qiataSECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user.2023-10-207.8CVE-2023-40361
MISC
silabs -- gecko_bootloaderAn integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots.2023-10-207.8CVE-2023-3487
MISC
MISC
sitolog -- sitolog_application_connectSitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php.2023-10-209.8CVE-2023-37824
MISC
sollace -- unicopiaSollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code.2023-10-209.8CVE-2023-39680
MISC
stb_image.h -- stb_image.hstb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn't give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn't do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. It would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non-null value. However, at the same time the function may return null value but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. The issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn't fail or to a double-free if the `delays` is always freed2023-10-219.8CVE-2023-45666
MISC
MISC
MISC
stb_image.h -- stb_image.hstb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first "free", the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution.2023-10-218.8CVE-2023-45664
MISC
MISC
stb_image.h -- stb_image.hstb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn't match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn't match the real image array dimensions.2023-10-218.1CVE-2023-45662
MISC
MISC
stb_image.h -- stb_image.hstb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails, it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash.2023-10-217.5CVE-2023-45667
MISC
MISC
MISC
stb_image.h -- stb_image.hstb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information.2023-10-217.1CVE-2023-45661
MISC
MISC
MISC
stb_image.h -- stb_vorbis.cstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution.2023-10-217.8CVE-2023-45676
MISC
MISC
MISC
stb_image.h -- stb_vorbis.cstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution.2023-10-217.8CVE-2023-45677
MISC
MISC
MISC
MISC
MISC
MISC
stb_image.h -- stb_vorbis.cstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution.2023-10-217.8CVE-2023-45678
MISC
MISC
MISC
stb_image.h -- stb_vorbis.cstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution.2023-10-217.8CVE-2023-45679
MISC
MISC
MISC
stb_image.h -- stb_vorbis.cstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution.2023-10-217.8CVE-2023-45681
MISC
MISC
stb_image.h -- stb_vorbis.cstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information.2023-10-217.1CVE-2023-45682
MISC
MISC
MISC
MISC
stb_image.h -- stb_vorbis.cstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution.2023-10-217.8CVE-2023-45675
MISC
MISC
MISC
MISC
superwebmailer -- superwebmailerAn issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter.2023-10-218.8CVE-2023-38190
MISC
MISC
superwebmailer -- superwebmailerAn issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line.2023-10-218.8CVE-2023-38193
MISC
MISC
thingnario -- photonAn issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint.2023-10-218.8CVE-2023-46055
MISC
tongda -- oaA vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-209.8CVE-2023-5682
MISC
MISC
MISC
totolink -- a3700r_firmwareAn issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.2023-10-259.8CVE-2023-46574
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel.2023-10-259.8CVE-2023-46554
MISC
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw.2023-10-259.8CVE-2023-46555
MISC
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter.2023-10-259.8CVE-2023-46556
MISC
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN.2023-10-259.8CVE-2023-46557
MISC
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.2023-10-259.8CVE-2023-46558
MISC
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr.2023-10-259.8CVE-2023-46559
MISC
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup.2023-10-259.8CVE-2023-46560
MISC
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg.2023-10-259.8CVE-2023-46562
MISC
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS.2023-10-259.8CVE-2023-46563
MISC
MISC
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ.2023-10-259.8CVE-2023-46564
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle.2023-10-259.8CVE-2023-46520
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister.2023-10-259.8CVE-2023-46521
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister.2023-10-259.8CVE-2023-46522
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister.2023-10-259.8CVE-2023-46523
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister.2023-10-259.8CVE-2023-46525
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister.2023-10-259.8CVE-2023-46526
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle.2023-10-259.8CVE-2023-46527
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister.2023-10-259.8CVE-2023-46534
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister.2023-10-259.8CVE-2023-46535
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister.2023-10-259.8CVE-2023-46536
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister.2023-10-259.8CVE-2023-46537
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister.2023-10-259.8CVE-2023-46538
MISC
MISC
tp-link -- tl-wr886n_firmwareTP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle.2023-10-259.8CVE-2023-46539
MISC
MISC
trtek_software -- education_portalImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29.2023-10-279.8CVE-2023-5807
MISC
vercel -- next.jsNext.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.2023-10-227.5CVE-2023-46298
MISC
MISC
MISC
vmware -- fusionVMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.2023-10-207.8CVE-2023-34045
MISC
vmware -- fusionVMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.2023-10-207CVE-2023-34046
MISC
wallix -- bastionWALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface.2023-10-237.5CVE-2023-46319
MISC
wordpress -- wordpressThe Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths.2023-10-207.5CVE-2023-4668
MISC
MISC
wordpress -- wordpressThe Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the 'zbscrmcsvimpf' parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link.2023-10-208.8CVE-2022-3342
MISC
MISC
MISC
wordpress -- wordpressThe Brizy plugin for WordPress is vulnerable to authorization bypass due to an incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions.2023-10-208.1CVE-2020-36714
MISC
MISC
wordpress -- wordpressThe Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files.2023-10-208.8CVE-2020-36698
MISC
MISC
MISC
wordpress -- wordpressThe Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7.2023-10-208.8CVE-2022-4290
MISC
MISC
wordpress -- wordpressThe Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-208.8CVE-2023-4999
MISC
MISC
wordpress -- wordpressThe Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included.2023-10-209.8CVE-2023-4488
MISC
MISC
wordpress -- wordpressThe Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments.2023-10-207.2CVE-2023-5414
MISC
MISC
MISC
wordpress -- wordpressThe ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server.2023-10-208.8CVE-2022-2441
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions.2023-10-218.8CVE-2023-46078
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection.2023-10-208.8CVE-2023-4920
MISC
MISC
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.2023-10-218.8CVE-2023-46067
MISC
wordpress -- wordpressThe Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation.2023-10-208.8CVE-2021-4334
MISC
MISC
wordpress -- wordpressThe Simple:Press - WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.2023-10-209.8CVE-2020-36706
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata).2023-10-217.5CVE-2023-5132
MISC
MISC
wordpress -- wordpressThe Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2023-10-208.1CVE-2023-4386
MISC
MISC
wordpress -- wordpressThe Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2023-10-209.8CVE-2023-4402
MISC
MISC
wordpress -- wordpressThe Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering.2023-10-209.3CVE-2023-5576
MISC
MISC
MISC
zscaler -- client_connectorAn Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.1052023-10-239.8CVE-2023-28805
MISC
zscaler -- client_connectorThe Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges.2023-10-237.8CVE-2021-26735
MISC
zscaler -- client_connectorMultiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.2023-10-237.8CVE-2021-26736
MISC
zscaler -- client_connectorZscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.2023-10-237.8CVE-2021-26738
MISC
zscaler -- client_connectorBuffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.2023-10-237.8CVE-2023-28793
MISC
zscaler -- client_connectorOrigin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.2023-10-237.8CVE-2023-28795
MISC
zscaler -- client_connectorImproper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.2023-10-237.8CVE-2023-28796
MISC
zscaler -- client_connectorZscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user.2023-10-237.3CVE-2023-28797
MISC
zzzcms -- zzzcmsFile Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.2023-10-259.8CVE-2023-45554
MISC
zzzcms -- zzzcmsFile Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.2023-10-257.8CVE-2023-45555
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache -- airflowExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.2023-10-234.3CVE-2023-46288
MISC
MISC
apache -- santuario_xml_security_for_javaAll versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue.2023-10-206.5CVE-2023-44483
MISC
MISC
cmsmadesimple -- cmsmadesimpleCross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.2023-10-205.4CVE-2023-43353
MISC
cmsmadesimple -- cmsmadesimpleCross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.2023-10-205.4CVE-2023-43354
MISC
cmsmadesimple -- cmsmadesimpleCross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.2023-10-205.4CVE-2023-43355
MISC
MISC
cmsmadesimple -- cmsmadesimpleCross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.2023-10-205.4CVE-2023-43356
MISC
cmsmadesimple -- cmsmadesimpleCross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component.2023-10-205.4CVE-2023-43357
MISC
codeastro -- internet_banking_systemA vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132.2023-10-226.1CVE-2023-5694
MISC
MISC
MISC
codeastro -- internet_banking_systemA vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability.2023-10-226.1CVE-2023-5695
MISC
MISC
MISC
codeastro -- internet_banking_systemA vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928--><ScRiPt%20>alert(9206)</ScRiPt><!-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243134 is the identifier assigned to this vulnerability.2023-10-226.1CVE-2023-5696
MISC
MISC
MISC
codeastro -- internet_banking_systemA vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614--><ScRiPt%20>alert(1234)</ScRiPt><!-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243135.2023-10-236.1CVE-2023-5697
MISC
MISC
MISC
codeastro -- internet_banking_systemA vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136.2023-10-236.1CVE-2023-5698
MISC
MISC
MISC
codeastro -- internet_banking_systemA vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%<zzz><ScRiPt >alert(5646)</ScRiPt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243137 was assigned to this vulnerability.2023-10-236.1CVE-2023-5699
MISC
MISC
MISC
dell -- unity_operating_environmentDell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.2023-10-236.5CVE-2023-43067
MISC
dell -- unity_operating_environmentDell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges.2023-10-235.4CVE-2023-43065
MISC
enhancesoft -- osticketA stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.2023-10-234.8CVE-2023-27148
MISC
enhancesoft -- osticketA stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.2023-10-234.8CVE-2023-27149
MISC
home-assistant -- home-assistantHome assistant is an open source home automation. The audit team's analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim's `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim's own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.2023-10-205.4CVE-2023-41893
MISC
MISC
home-assistant -- home-assistantHome assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.2023-10-205.3CVE-2023-41894
MISC
MISC
i-doit -- i-doitI-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php.2023-10-215.4CVE-2023-46003
MISC
MISC
MISC
ibm -- cognos_dashboards_on_cloud_pak_for_dataIBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.2023-10-226.5CVE-2023-38735
MISC
MISC
ibm -- security_verify_governanceIBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.2023-10-234.8CVE-2023-33840
MISC
MISC
ibm -- sterling_partner_engagement_managerIBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.2023-10-235.4CVE-2023-38722
MISC
MISC
idattend -- idwebMissing authentication in the DeleteAssignments method in IDAttend's IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers.2023-10-256.5CVE-2023-27261
MISC
idattend -- idwebStored cross-site scripting in the IDAttend's IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user.2023-10-255.4CVE-2023-26577
MISC
idattend -- idwebMissing authentication in the DeleteStaff method in IDAttend's IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers.2023-10-255.3CVE-2023-26579
MISC
idattend -- idwebMissing authentication in the GetLogFiles method in IDAttend's IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers.2023-10-255.3CVE-2023-27256
MISC
kaibutsunosato -- kaibutsunosatoThe leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.2023-10-205.3CVE-2023-39731
MISC
MISC
m-files -- classic_webStored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document.2023-10-205.4CVE-2023-2325
MISC
modoboa -- modoboaCross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.2023-10-205.4CVE-2023-5688
MISC
MISC
modoboa -- modoboaCross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2.2023-10-205.4CVE-2023-5689
MISC
MISC
nagvis -- nagvisXSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php.2023-10-206.1CVE-2023-46287
MISC
MISC
MISC
opensolution -- quick_cmsCross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.2023-10-205.4CVE-2023-43346
MISC
MISC
stb_image.h -- stb_image.hstb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer.2023-10-215.5CVE-2023-45663
MISC
MISC
MISC
MISC
stb_vorbis.c -- stb_vorbis.cstb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service.2023-10-215.5CVE-2023-45680
MISC
MISC
MISC
superwebmailer -- superwebmailerAn issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename.2023-10-206.1CVE-2023-38191
MISC
MISC
superwebmailer -- superwebmailerAn issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords.2023-10-216.1CVE-2023-38192
MISC
MISC
superwebmailer -- superwebmailerAn issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.2023-10-216.1CVE-2023-38194
MISC
MISC
tauri -- tauriTauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application.2023-10-205.5CVE-2023-46115
MISC
MISC
vmware -- workstationVMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.2023-10-206CVE-2023-34044
MISC
vnote_project -- vnoteA vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-236.1CVE-2023-5701
MISC
MISC
MISC
wbce -- wbce_cmsCross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.2023-10-215.4CVE-2023-46054
MISC
wordpress -- wordpressThe Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only.2023-10-204.3CVE-2022-3622
MISC
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.2023-10-256.1CVE-2023-45769
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione Trasparente plugin <= 8.0.2 versions.2023-10-254.8CVE-2023-45758
MISC
wordpress -- wordpressThe Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-215.4CVE-2023-5205
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.2023-10-254.8CVE-2023-45644
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc Copy or Move Comments plugin <= 5.0.4 versions.2023-10-256.1CVE-2023-45634
MISC
wordpress -- wordpressThe ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-10-204.8CVE-2023-3996
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options.2023-10-204.3CVE-2023-4796
MISC
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BuddyBoss BuddyPress Global Search plugin <= 1.2.1 versions.2023-10-254.8CVE-2023-45755
MISC
wordpress -- wordpressThe WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-206.1CVE-2022-4712
MISC
MISC
wordpress -- wordpressThe Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2020-36759
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'psres_button_size' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-10-204.8CVE-2023-4271
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions.2023-10-256.1CVE-2023-45770
MISC
wordpress -- wordpressThe WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-5668
MISC
MISC
wordpress -- wordpressThe flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-5200
MISC
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Scroll post excerpt plugin <= 8.0 versions.2023-10-254.8CVE-2023-45764
MISC
wordpress -- wordpressThe WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-10-204.8CVE-2023-4648
MISC
MISC
wordpress -- wordpressThe wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment.2023-10-205.3CVE-2023-3869
MISC
MISC
wordpress -- wordpressThe wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post.2023-10-205.3CVE-2023-3998
MISC
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender - Email Newsletter Plugin for WordPress plugin <= 2.0.1 versions.2023-10-255.4CVE-2023-45829
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Henryholtgeerts PDF Block plugin <= 1.1.0 versions.2023-10-255.4CVE-2023-45646
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.18 versions.2023-10-254.8CVE-2023-45754
MISC
wordpress -- wordpressThe iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7.2023-10-205.4CVE-2023-4919
MISC
MISC
MISC
MISC
wordpress -- wordpressThe WP Mailto Links - Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4.2023-10-205.4CVE-2023-5109
MISC
MISC
wordpress -- wordpressThe Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2020-36751
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin <= 5.13 versions.2023-10-256.1CVE-2023-45761
MISC
wordpress -- wordpressThe Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-5086
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.2023-10-256.1CVE-2023-45637
MISC
wordpress -- wordpressThe Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-4482
MISC
MISC
wordpress -- wordpressThe miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings.2023-10-205.3CVE-2022-4943
MISC
MISC
wordpress -- wordpressThe EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-10-216.1CVE-2023-4635
MISC
MISC
wordpress -- wordpressThe Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-10-206.1CVE-2023-3962
MISC
MISC
wordpress -- wordpressThe Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2020-36754
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-204.8CVE-2022-4954
MISC
MISC
wordpress -- wordpressThe Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-5614
MISC
MISC
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2023-4923
MISC
MISC
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products.2023-10-204.3CVE-2023-4924
MISC
MISC
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2023-4926
MISC
MISC
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2023-4935
MISC
MISC
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2023-4937
MISC
MISC
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2023-4940
MISC
MISC
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.2023-10-204.3CVE-2023-4941
MISC
MISC
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2023-4942
MISC
MISC
MISC
wordpress -- wordpressThe BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products.2023-10-204.3CVE-2023-4943
MISC
MISC
MISC
wordpress -- wordpressThe Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-4961
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions.2023-10-256.1CVE-2023-45750
MISC
wordpress -- wordpressThe Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2020-36755
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2020-36753
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-5618
MISC
MISC
wordpress -- wordpressThe Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account.2023-10-206.3CVE-2021-4335
MISC
MISC
wordpress -- wordpressThe Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-5615
MISC
MISC
wordpress -- wordpressThe WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings.2023-10-205.3CVE-2021-4353
MISC
MISC
wordpress -- wordpressThe nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-10-206.1CVE-2023-3965
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11 versions.2023-10-256.1CVE-2023-45772
MISC
wordpress -- wordpressThe Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-5308
MISC
MISC
MISC
wordpress -- wordpressThe Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2023-4975
MISC
MISC
MISC
wordpress -- wordpressThe Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-5071
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline - Application Form Builder and Manager plugin <= 2.5.2 versions.2023-10-256.1CVE-2023-45756
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephanie Leary Next Page plugin <= 1.5.2 versions.2023-10-254.8CVE-2023-45768
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin <= 3.0.6.5 versions.2023-10-254.8CVE-2023-45747
MISC
wordpress -- wordpressThe RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2020-36758
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-205.4CVE-2023-5613
MISC
MISC
MISC
wordpress -- wordpressThe Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords.2023-10-206.5CVE-2023-5070
MISC
MISC
wordpress -- wordpressThe Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-10-204.8CVE-2023-4021
MISC
MISC
wordpress -- wordpressThe Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-10-206.1CVE-2023-3933
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wokamoto Simple Tweet plugin <= 1.4.0.2 versions.2023-10-254.8CVE-2023-45767
MISC
wordpress -- wordpressThe Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-206.5CVE-2023-4598
MISC
MISC
MISC
wordpress -- wordpressThe WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-204.8CVE-2023-4968
MISC
MISC
MISC
wordpress -- wordpressThe Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-204.3CVE-2021-4418
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders.2023-10-204.3CVE-2023-4947
MISC
MISC
wordpress -- wordpressThe Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments.2023-10-206.5CVE-2023-4274
MISC
MISC
MISC
wordpress -- wordpressThe Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-204.8CVE-2023-5120
MISC
MISC
zscaler -- client_connectorAn authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9.2023-10-236.5CVE-2023-28803
MISC
zscaler -- client_connectorZscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context.2023-10-235.5CVE-2021-26734
MISC
zscaler -- client_connectorAn Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.1052023-10-235.3CVE-2023-28804
MISC
zscaler -- client_connectorThe Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition.2023-10-234.7CVE-2021-26737
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abus_group -- tvipAn issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.2023-10-26not yet calculatedCVE-2018-16739
MISC
MISC
abus_group -- tvipHardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root.2023-10-26not yet calculatedCVE-2018-17558
MISC
MISC
abus_group -- tvipDue to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras.2023-10-26not yet calculatedCVE-2018-17559
MISC
MISC
abus_group -- tvipBuffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function.2023-10-26not yet calculatedCVE-2018-17878
MISC
MISC
abus_group -- tvipAn issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts.2023-10-26not yet calculatedCVE-2018-17879
MISC
MISC
agevolt_slovakia_s.r.o. -- agevolt_portalAn arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges.2023-10-25not yet calculatedCVE-2022-38484
MISC
agevolt_slovakia_s.r.o. -- agevolt_portalA directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.2023-10-25not yet calculatedCVE-2022-38485
MISC
alexander_maier_gmbh -- eisbaer_scadaEisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2023-10-25not yet calculatedCVE-2023-42488
MISC
alexander_maier_gmbh -- eisbaer_scadaEisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource2023-10-25not yet calculatedCVE-2023-42489
MISC
alexander_maier_gmbh -- eisbaer_scadaEisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor2023-10-25not yet calculatedCVE-2023-42490
MISC
alexander_maier_gmbh -- eisbaer_scadaEisBaer Scada - CWE-285: Improper Authorization2023-10-25not yet calculatedCVE-2023-42491
MISC
alexander_maier_gmbh -- eisbaer_scadaEisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key2023-10-25not yet calculatedCVE-2023-42492
MISC
alexander_maier_gmbh -- eisbaer_scadaEisBaer Scada - CWE-256: Plaintext Storage of a Password2023-10-25not yet calculatedCVE-2023-42493
MISC
alexander_maier_gmbh -- eisbaer_scadaEisBaer Scada - CWE-749: Exposed Dangerous Method or Function2023-10-25not yet calculatedCVE-2023-42494
MISC
anglaise.company -- anglaise.companyAn issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.2023-10-25not yet calculatedCVE-2023-38845
MISC
MISC
apache -- activemqApache ActiveMQ is vulnerable to Remote Code Execution. The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue.2023-10-27not yet calculatedCVE-2023-46604
MISC
MISC
apache -- airflow_celeryInsertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.2023-10-28not yet calculatedCVE-2023-46215
MISC
MISC
MISC
apache -- http_serverAn attacker, opening a HTTP/2 connection with an initial window size of 0 was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well-known "slow loris" attack pattern. This has been fixed in version 2.4.58 so that such connections are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue.2023-10-23not yet calculatedCVE-2023-43622
MISC
MISC
apache -- http_server
 
When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue.2023-10-23not yet calculatedCVE-2023-45802
MISC
MISC
MISC
apple -- ios/ipadosThis issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver.2023-10-25not yet calculatedCVE-2023-32359
MISC
MISC
apple -- ios/ipadosThe issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock.2023-10-25not yet calculatedCVE-2023-40445
MISC
MISC
MISC
apple -- macosThe issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication.2023-10-25not yet calculatedCVE-2023-40401
MISC
MISC
MISC
apple -- macosA use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.2023-10-25not yet calculatedCVE-2023-40404
MISC
MISC
MISC
apple -- macosA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information.2023-10-25not yet calculatedCVE-2023-40405
MISC
MISC
MISC
apple -- macosA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data.2023-10-25not yet calculatedCVE-2023-40421
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information.2023-10-25not yet calculatedCVE-2023-40425
MISC
MISC
MISC
apple -- macosA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data.2023-10-25not yet calculatedCVE-2023-40444
MISC
MISC
MISC
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data.2023-10-25not yet calculatedCVE-2023-41077
MISC
MISC
MISC
apple -- macosThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown.2023-10-25not yet calculatedCVE-2023-41975
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosThe issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history.2023-10-25not yet calculatedCVE-2023-41977
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosThe issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen.2023-10-25not yet calculatedCVE-2023-41989
MISC
MISC
MISC
apple -- macosAn inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing.2023-10-25not yet calculatedCVE-2023-42438
MISC
MISC
MISC
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.2023-10-25not yet calculatedCVE-2023-42842
MISC
MISC
MISC
apple -- macosThe issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data.2023-10-25not yet calculatedCVE-2023-42850
MISC
MISC
MISC
apple -- macosA logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac.2023-10-25not yet calculatedCVE-2023-42861
MISC
MISC
MISC
apple -- multiple_productsAn inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly.2023-10-25not yet calculatedCVE-2023-40408
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information.2023-10-25not yet calculatedCVE-2023-40413
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory.2023-10-25not yet calculatedCVE-2023-40416
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges.2023-10-25not yet calculatedCVE-2023-40423
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.2023-10-25not yet calculatedCVE-2023-40447
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service.2023-10-25not yet calculatedCVE-2023-40449
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.2023-10-25not yet calculatedCVE-2023-41072
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data.2023-10-25not yet calculatedCVE-2023-41254
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.2023-10-25not yet calculatedCVE-2023-41976
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.2023-10-25not yet calculatedCVE-2023-41982
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.2023-10-25not yet calculatedCVE-2023-41983
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.2023-10-25not yet calculatedCVE-2023-41988
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data.2023-10-25not yet calculatedCVE-2023-41997
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges.2023-10-25not yet calculatedCVE-2023-42841
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks.2023-10-25not yet calculatedCVE-2023-42844
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsAn authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication.2023-10-25not yet calculatedCVE-2023-42845
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address.2023-10-25not yet calculatedCVE-2023-42846
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication.2023-10-25not yet calculatedCVE-2023-42847
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.2023-10-25not yet calculatedCVE-2023-42849
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.2023-10-25not yet calculatedCVE-2023-42852
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients.2023-10-25not yet calculatedCVE-2023-42854
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution.2023-10-25not yet calculatedCVE-2023-42856
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data.2023-10-25not yet calculatedCVE-2023-42857
MISC
MISC
MISC
MISC
MISC
MISC
ashlar-vellum -- graphite
 
In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.2023-10-26not yet calculatedCVE-2023-39936
MISC
ashlar-vellum -- multiple_productsIn Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.2023-10-26not yet calculatedCVE-2023-39427
MISC
audimex -- audimexAudimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters.2023-10-25not yet calculatedCVE-2023-46396
MISC
basercms -- basercmsbaserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0.2023-10-27not yet calculatedCVE-2023-29009
MISC
MISC
MISC
bosch_rexroth_ag -- ctrlx_hmi_web_pane
 
The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device2023-10-25not yet calculatedCVE-2023-45851
MISC
bosch_rexroth_ag -- ctrlx_hmi_web_panelThe Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol.2023-10-25not yet calculatedCVE-2023-45321
MISC
bosch_rexroth_ag -- ctrlx_hmi_web_panelThe Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself.2023-10-25not yet calculatedCVE-2023-46102
MISC
browserify -- browserifybrowserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.2023-10-26not yet calculatedCVE-2023-46234
MISC
MISC
MISC
cacti -- cactiSQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function.2023-10-27not yet calculatedCVE-2023-46490
MISC
MISC
carrental -- carrentalcarRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System).2023-10-23not yet calculatedCVE-2023-33517
MISC
cassia_networks -- access_controllerAn issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console.2023-10-27not yet calculatedCVE-2023-35794
MISC
MISC
catdoc -- catdocCatdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c.2023-10-26not yet calculatedCVE-2023-46345
MISC
christina_japan_line -- christina_japan_lineAn issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.2023-10-25not yet calculatedCVE-2023-38847
MISC
MISC
cisco -- cisco_ios_xe_softwareA vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.2023-10-25not yet calculatedCVE-2023-20273
MISC
cloud_software_group -- netscaler_adc/gatewayDenial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server2023-10-27not yet calculatedCVE-2023-4967
MISC
cmsmadesimple -- cmsmadesimpleAn issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component.2023-10-26not yet calculatedCVE-2023-43352
MISC
MISC
cmsmadesimple -- cmsmadesimpleCross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.2023-10-23not yet calculatedCVE-2023-43358
MISC
MISC
cmsmadesimple -- cmsmadesimpleCross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.2023-10-25not yet calculatedCVE-2023-43360
MISC
MISC
code-projects -- admission_management_systemA vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file student_avatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243728.2023-10-27not yet calculatedCVE-2023-5829
MISC
MISC
MISC
codeastro -- pos_systemA vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability.2023-10-26not yet calculatedCVE-2023-5795
MISC
MISC
MISC
codeastro -- pos_systemA vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability.2023-10-26not yet calculatedCVE-2023-5796
MISC
MISC
MISC
coderedcorp -- wagtail_crxviews.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media.2023-10-22not yet calculatedCVE-2021-46897
MISC
MISC
MISC
columbiasoft -- document_locatorA vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability.2023-10-27not yet calculatedCVE-2023-5830
MISC
MISC
concrete_cms -- concrete_cmsMultiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.2023-10-23not yet calculatedCVE-2023-44760
MISC
contec_co._ltd. -- solarview_compactAn issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.2023-10-27not yet calculatedCVE-2023-46509
MISC
crypto-es -- crypto-esCryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations.2023-10-25not yet calculatedCVE-2023-46133
MISC
MISC
crypto-js -- crypto-jscrypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations.2023-10-25not yet calculatedCVE-2023-46233
MISC
MISC
d-link -- dar-7000
 
SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component.2023-10-26not yet calculatedCVE-2023-42406
MISC
MISC
deciso_b.v. -- opnsenseDECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication.2023-10-23not yet calculatedCVE-2023-27152
MISC
django_grappelli -- django_grappelliviews/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack.2023-10-22not yet calculatedCVE-2021-46898
MISC
MISC
MISC
MISC
dragon_path -- 707gr1A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >><img/src/onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability.2023-10-26not yet calculatedCVE-2023-5789
MISC
MISC
MISC
dromara_sureness -- dromara_surenessDromara Sureness before v1.0.8 was discovered to use a hardcoded key.2023-10-25not yet calculatedCVE-2023-31581
MISC
MISC
egroupware -- egroupwareAn issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password.2023-10-26not yet calculatedCVE-2023-38328
MISC
elastic -- beatsIt was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.2023-10-26not yet calculatedCVE-2023-31421
MISC
MISC
elastic -- elastic_cloud_on_kubernetesSecret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment.2023-10-26not yet calculatedCVE-2023-31416
MISC
MISC
elastic -- elastic_sharepoint_online_python_connectorAn issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a SharePoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.2023-10-26not yet calculatedCVE-2023-46666
MISC
MISC
elastic -- elasticsearchElasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured.2023-10-26not yet calculatedCVE-2023-31417
MISC
MISC
elastic -- elasticsearchAn issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.2023-10-26not yet calculatedCVE-2023-31418
MISC
MISC
elastic -- elasticsearchA flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.2023-10-26not yet calculatedCVE-2023-31419
MISC
MISC
elastic -- endpointIf Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts.2023-10-26not yet calculatedCVE-2023-46668
MISC
MISC
elastic -- fleet_serverAn issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server's log file in plain text. These enrolment tokens could allow someone to enroll an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch.2023-10-26not yet calculatedCVE-2023-46667
MISC
MISC
elastic -- kibanaAn issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.2023-10-26not yet calculatedCVE-2023-31422
MISC
MISC
exfatprogs -- exfatprogsexfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.2023-10-28not yet calculatedCVE-2023-45897
MISC
MISC
MISC
MISC
fancms -- fancmsCross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file.2023-10-27not yet calculatedCVE-2023-46505
MISC
ffmpeg -- ffmpegFFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function.2023-10-27not yet calculatedCVE-2023-46407
MISC
MISC
MISC
fides -- fidesFides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`.2023-10-25not yet calculatedCVE-2023-46124
MISC
MISC
MISC
fides -- fidesFides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the `GET api/v1/config` endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers' addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users. This vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. The vulnerability has been patched in Fides version `2.22.1`.2023-10-25not yet calculatedCVE-2023-46125
MISC
MISC
MISC
fides -- fidesFides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability makes it possible to craft a payload in the privacy policy URL which triggers JavaScript execution when the privacy notice is served by an integrated website. The domain scope of the executed JavaScript is that of the integrated website. Exploitation is limited to Admin UI users with the contributor role or higher. The vulnerability has been patched in Fides version `2.22.1`.2023-10-25not yet calculatedCVE-2023-46126
MISC
MISC
MISC
flusity_cms -- flusity_cmsA vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 81252bc764e1de2422e79e36194bba1289e7a0a5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243599.2023-10-26not yet calculatedCVE-2023-5793
MISC
MISC
MISC
MISC
flusity_cms -- flusity_cmsA vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability.2023-10-27not yet calculatedCVE-2023-5810
MISC
MISC
MISC
MISC
flusity_cms -- flusity_cmsA vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. VDB-243642 is the identifier assigned to this vulnerability.2023-10-27not yet calculatedCVE-2023-5811
MISC
MISC
MISC
MISC
flusity_cms -- flusity_cmsA vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-243643.2023-10-27not yet calculatedCVE-2023-5812
MISC
MISC
MISC
fotoscms2 -- fotoscms2A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.2023-10-28not yet calculatedCVE-2023-5837
MISC
MISC
MISC
frappe -- frappeFrappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.2023-10-23not yet calculatedCVE-2023-46127
MISC
MISC
MISC
free5gc -- free5gcpkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key.2023-10-23not yet calculatedCVE-2023-46324
MISC
MISC
frrouting_frr -- frrouting_frrAn issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.2023-10-26not yet calculatedCVE-2023-46752
MISC
frrouting_frr -- frrouting_frrAn issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.2023-10-26not yet calculatedCVE-2023-46753
MISC
fukunaga_memberscard_line -- fukunaga_memberscard_lineThe leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.2023-10-25not yet calculatedCVE-2023-39736
MISC
MISC
geeklog -- geeklogCross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.2023-10-24not yet calculatedCVE-2023-46058
MISC
geeklog -- geeklogCross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.2023-10-24not yet calculatedCVE-2023-46059
MISC
geoserver -- geoserverGeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.2023-10-25not yet calculatedCVE-2023-41339
MISC
MISC
MISC
geoserver -- geoserverGeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.2023-10-25not yet calculatedCVE-2023-43795
MISC
geoserver -- geowebcacheA vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592.2023-10-26not yet calculatedCVE-2023-5786
MISC
MISC
MISC
github -- enterprise_serverIncorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.2023-10-25not yet calculatedCVE-2023-23767
MISC
MISC
MISC
MISC
google -- androidIn onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40116
MISC
MISC
google -- androidIn resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40117
MISC
MISC
MISC
google -- androidIn multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40120
MISC
MISC
google -- androidIn appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40121
MISC
MISC
google -- androidIn updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40123
MISC
MISC
google -- androidIn onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40125
MISC
MISC
google -- androidIn multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40127
MISC
MISC
google -- androidIn several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40128
MISC
MISC
google -- androidIn build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40129
MISC
MISC
google -- androidIn onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40130
MISC
MISC
google -- androidIn GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40131
MISC
MISC
google -- androidIn multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40133
MISC
MISC
google -- androidIn isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40134
MISC
MISC
google -- androidIn applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40135
MISC
MISC
google -- androidIn setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40136
MISC
MISC
google -- androidIn multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40137
MISC
MISC
google -- androidIn FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40138
MISC
MISC
google -- androidIn FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40139
MISC
MISC
google -- androidIn android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-27not yet calculatedCVE-2023-40140
MISC
MISC
google -- chrome
 
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-10-25not yet calculatedCVE-2023-5472
MISC
MISC
MISC
MISC
gougucms -- gougucmsgougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.2023-10-27not yet calculatedCVE-2023-46393
MISC
gougucms -- gougucms
 
A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.2023-10-27not yet calculatedCVE-2023-46394
MISC
grafana -- grafanaGrafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability.2023-10-25not yet calculatedCVE-2023-3010
MISC
hashicorp -- vagrantHashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0.2023-10-27not yet calculatedCVE-2023-5834
MISC
hcl_software -- hcl_commerceHCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system.2023-10-23not yet calculatedCVE-2023-37532
MISC
hewlett_packard_enterprise -- aruba_clearpass_policy_managerA vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.2023-10-25not yet calculatedCVE-2023-43506
MISC
hewlett_packard_enterprise -- aruba_clearpass_policy_managerA vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.2023-10-25not yet calculatedCVE-2023-43507
MISC
hewlett_packard_enterprise -- aruba_clearpass_policy_managerVulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.2023-10-25not yet calculatedCVE-2023-43508
MISC
hewlett_packard_enterprise -- aruba_clearpass_policy_managerA vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.2023-10-25not yet calculatedCVE-2023-43509
MISC
hewlett_packard_enterprise -- aruba_clearpass_policy_managerA vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.2023-10-25not yet calculatedCVE-2023-43510
MISC
hewlett_packard_enterprise -- hpe_oneviewA remote code execution issue exists in HPE OneView.2023-10-25not yet calculatedCVE-2023-30912
MISC
hp_inc. -- hp_print_and_scan_doctor_for_windowsHP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability.2023-10-25not yet calculatedCVE-2023-5671
MISC
hu60wap6 -- hu60wap6A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named a1cd9f12d7687243bfcb7ce295665acb83b9174e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243775.2023-10-28not yet calculatedCVE-2023-5835
MISC
MISC
MISC
ibm -- txseries_for_multiplatformsIBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016.2023-10-25not yet calculatedCVE-2023-42031
MISC
MISC
MISC
ibm -- websphere_application_server_libertyIBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775.2023-10-25not yet calculatedCVE-2023-46158
MISC
MISC
icecms -- icecmsIceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).2023-10-27not yet calculatedCVE-2023-42188
MISC
MISC
idattend_pty_ltd -- idwebReflected cross-site scripting in the StudentSearch component in IDAttend's IDWeb application 3.1.052 and earlier allows hijacking of a user's browsing session by attackers who have convinced the said user to click on a malicious link.2023-10-25not yet calculatedCVE-2023-1356
MISC
ilias -- iliasILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system's security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet.2023-10-26not yet calculatedCVE-2023-45867
MISC
MISC
ilias -- iliasThe Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it's essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable.2023-10-26not yet calculatedCVE-2023-45868
MISC
MISC
ilias -- iliasILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system.2023-10-26not yet calculatedCVE-2023-45869
MISC
MISC
ispconfig -- ispconfig
 
An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled.2023-10-27not yet calculatedCVE-2023-46818
MISC
iterm2 -- iterm2iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.2023-10-22not yet calculatedCVE-2023-46300
MISC
MISC
MISC
MISC
iterm2 -- iterm2iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.2023-10-22not yet calculatedCVE-2023-46301
MISC
MISC
MISC
MISC
iterm2 -- iterm2iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.2023-10-23not yet calculatedCVE-2023-46321
MISC
MISC
iterm2 -- iterm2iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.2023-10-23not yet calculatedCVE-2023-46322
MISC
MISC
itop -- itopiTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.2023-10-25not yet calculatedCVE-2023-34446
MISC
MISC
itop -- itop
 
iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0.2023-10-25not yet calculatedCVE-2023-34447
MISC
MISC
MISC
ivanti -- secure_access_clientA logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system.2023-10-25not yet calculatedCVE-2023-38041
MISC
jenkins -- jenkinsJenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2023-10-25not yet calculatedCVE-2023-46650
MISC
MISC
jenkins -- jenkinsJenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1.2023-10-25not yet calculatedCVE-2023-46651
MISC
MISC
jenkins -- jenkinsA missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.2023-10-25not yet calculatedCVE-2023-46652
MISC
MISC
jenkins -- jenkinsJenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure.2023-10-25not yet calculatedCVE-2023-46653
MISC
MISC
jenkins -- jenkinsJenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system.2023-10-25not yet calculatedCVE-2023-46654
MISC
MISC
jenkins -- jenkinsJenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server.2023-10-25not yet calculatedCVE-2023-46655
MISC
MISC
jenkins -- jenkinsJenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.2023-10-25not yet calculatedCVE-2023-46656
MISC
MISC
jenkins -- jenkinsJenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.2023-10-25not yet calculatedCVE-2023-46657
MISC
MISC
jenkins -- jenkinsJenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.2023-10-25not yet calculatedCVE-2023-46658
MISC
MISC
jenkins -- jenkinsJenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2023-10-25not yet calculatedCVE-2023-46659
MISC
MISC
jenkins -- jenkinsJenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token.2023-10-25not yet calculatedCVE-2023-46660
MISC
MISC
jose4j -- jose4jjose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.2023-10-25not yet calculatedCVE-2023-31582
MISC
MISC
jumpserver -- jumpserverjumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0.2023-10-25not yet calculatedCVE-2023-46123
MISC
MISC
juzawebcms -- juzawebcmsCross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page.2023-10-28not yet calculatedCVE-2023-46467
MISC
juzawebcms -- juzawebcmsAn issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.2023-10-28not yet calculatedCVE-2023-46468
MISC
knot_resolver -- knot_resolver
 
Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers.2023-10-22not yet calculatedCVE-2023-46317
MISC
MISC
kodbox -- kodboxkodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS.2023-10-23not yet calculatedCVE-2023-45998
MISC
kubernetes -- ingress-nginxIngress-nginx `path` sanitization can be bypassed with `log_format` directive.2023-10-25not yet calculatedCVE-2022-4886
MISC
MISC
MISC
kubernetes -- ingress-nginxIngress nginx annotation injection causes arbitrary command execution.2023-10-25not yet calculatedCVE-2023-5043
MISC
MISC
MISC
kubernetes -- ingress-nginxCode injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.2023-10-25not yet calculatedCVE-2023-5044
MISC
MISC
MISC
lenovo -- app_storeAn information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications.2023-10-27not yet calculatedCVE-2022-3611
MISC
lenovo -- elliptic_labs_virtual_lock_sensorA vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.2023-10-25not yet calculatedCVE-2023-3112
MISC
lenovo -- hardwarescanpluginA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.2023-10-25not yet calculatedCVE-2022-0353
MISC
MISC
lenovo -- hardwarescanpluginA denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.2023-10-25not yet calculatedCVE-2022-3698
MISC
MISC
lenovo -- hardwarescanpluginA privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.2023-10-25not yet calculatedCVE-2022-3699
MISC
MISC
lenovo -- hardwarescanpluginA denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.2023-10-27not yet calculatedCVE-2022-3702
MISC
lenovo -- printer_gm265dnA denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.2023-10-27not yet calculatedCVE-2022-3429
MISC
lenovo -- printer_gm265dnA remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow.2023-10-27not yet calculatedCVE-2022-34886
MISC
lenovo -- printer_gm265dnStandard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password.2023-10-27not yet calculatedCVE-2022-34887
MISC
lenovo -- thinksystemAn authenticated XCC user with Read-Only permission can change a different user's password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.2023-10-25not yet calculatedCVE-2023-4606
MISC
lenovo -- thinksystemAn authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected.2023-10-25not yet calculatedCVE-2023-4608
MISC
lenovo -- vantage_systemupdate_pluginA Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.2023-10-27not yet calculatedCVE-2022-3700
MISC
lenovo -- vantage_systemupdate_pluginA privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.2023-10-27not yet calculatedCVE-2022-3701
MISC
light-oauth2 -- light-oauth2light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token.2023-10-25not yet calculatedCVE-2023-31580
MISC
MISC
linux -- kernelThe reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges.2023-10-23not yet calculatedCVE-2023-5633
MISC
MISC
linux -- kernel
 
An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.2023-10-27not yet calculatedCVE-2023-46813
MISC
MISC
MISC
MISC
MISC
linux -- kernel
 
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.2023-10-25not yet calculatedCVE-2023-5717
MISC
MISC
man-group -- dtaleD-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in version 3.7.0 by turning off "Custom Filter" input by default. The only workaround for versions earlier than 3.7.0 is to only host D-Tale to trusted users.2023-10-25not yet calculatedCVE-2023-46134
MISC
MISC
marbre_lapin_line -- marbre_lapin_line An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.2023-10-25not yet calculatedCVE-2023-38846
MISC
MISC
matsuya_line -- matsuya_line
 
The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.2023-10-25not yet calculatedCVE-2023-39737
MISC
MISC
matter-labs -- era-compiler-vyperera-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The problem arises when there is a String or Array with more 256-bit words allocated than initialized. It results in the second word's index unset, that is effectively set to 0, so the first immutable value with the actual 0 index is overwritten in the ImmutableSimulator. Version 1.3.10 fixes this issue by setting all indexes in advance. The problem will go away, but it will get more expensive if the user allocates a lot of uninitialized space, e.g. `String[4096]`. Upgrading and redeploying affected contracts is the only way of working around the issue.2023-10-25not yet calculatedCVE-2023-46232
MISC
MISC
MISC
memcached -- memcachedIn Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring.2023-10-27not yet calculatedCVE-2023-46852
MISC
MISC
memcached -- memcachedIn Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n.2023-10-27not yet calculatedCVE-2023-46853
MISC
MISC
mercury_a15 -- mercury_a15Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB.2023-10-25not yet calculatedCVE-2023-46518
MISC
MISC
MISC
mintty -- minttyAn issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal.2023-10-26not yet calculatedCVE-2023-39726
MISC
motorola -- mr2600_routerA vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network.2023-10-27not yet calculatedCVE-2022-3681
MISC
mozilla -- firefox
 
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119.2023-10-25not yet calculatedCVE-2023-5722
MISC
MISC
mozilla -- firefox
 
An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119.2023-10-25not yet calculatedCVE-2023-5723
MISC
MISC
mozilla -- firefox
 
A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119.2023-10-25not yet calculatedCVE-2023-5729
MISC
MISC
mozilla -- firefox
 
Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119.2023-10-25not yet calculatedCVE-2023-5731
MISC
MISC
mozilla -- firefox_for_iosWhen opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119.2023-10-25not yet calculatedCVE-2023-5758
MISC
MISC
mozilla -- multiple_productsIt was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.2023-10-25not yet calculatedCVE-2023-5721
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- multiple_productsDrivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.2023-10-25not yet calculatedCVE-2023-5724
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- multiple_productsA malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.2023-10-25not yet calculatedCVE-2023-5725
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- multiple_productsA website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.2023-10-25not yet calculatedCVE-2023-5726
MISC
MISC
MISC
MISC
mozilla -- multiple_productsThe executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.2023-10-25not yet calculatedCVE-2023-5727
MISC
MISC
MISC
MISC
mozilla -- multiple_productsDuring garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.2023-10-25not yet calculatedCVE-2023-5728
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- multiple_productsMemory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.2023-10-25not yet calculatedCVE-2023-5730
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- multiple_productsAn attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.2023-10-25not yet calculatedCVE-2023-5732
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nanning_ontall_software_co._ltd. -- longxing_industrial_development_zone_project_construction_and_installation_management_systemA vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727.2023-10-27not yet calculatedCVE-2023-5828
MISC
MISC
MISC
nautobot -- nautobotNautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3.2023-10-25not yet calculatedCVE-2023-46128
MISC
MISC
MISC
netentsec -- ns-asg_application_security_gatewayA vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-26not yet calculatedCVE-2023-5784
MISC
MISC
MISC
netentsec -- ns-asg_application_security_gatewayA vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-26not yet calculatedCVE-2023-5785
MISC
MISC
MISC
netentsec -- ns-asg_application_security_gateway
 
A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure, but the official mail address was not working properly.2023-10-27not yet calculatedCVE-2023-5826
MISC
MISC
MISC
netmodule -- router_software
 
The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105.2023-10-22not yet calculatedCVE-2023-46306
MISC
MISC
MISC
nextgen_healthcare -- mirth_connectNextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679.2023-10-26not yet calculatedCVE-2023-43208
MISC
npmjs -- npmjs_node_email_checkReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component.2023-10-25not yet calculatedCVE-2023-39619
MISC
MISC
MISC
obl.ong -- obl.ongThe admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.2023-10-26not yet calculatedCVE-2023-46754
MISC
ocomon -- ocomonAn information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames.2023-10-26not yet calculatedCVE-2023-33558
MISC
MISC
ocomon -- ocomonA local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file.2023-10-26not yet calculatedCVE-2023-33559
MISC
MISC
omron_corporation -- cx-designerCX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed.2023-10-23not yet calculatedCVE-2023-43624
MISC
MISC
onigiriya-musubee_line -- onigiriya-musubee_lineThe leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.2023-10-25not yet calculatedCVE-2023-39740
MISC
MISC
openssl -- opensslIssue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. It is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However, if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.2023-10-25not yet calculatedCVE-2023-5363
MISC
MISC
MISC
MISC
MISC
MISC
palantir -- palantirGotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system.2023-10-26not yet calculatedCVE-2023-30967
MISC
pallets -- werkzeugWerkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1.2023-10-25not yet calculatedCVE-2023-46136
MISC
MISC
parse_server -- parse_serverParse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1.2023-10-25not yet calculatedCVE-2023-46119
MISC
MISC
MISC
MISC
MISC
pfsense_ce -- pfsense_cePfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall.2023-10-25not yet calculatedCVE-2023-29973
MISC
phpgurukul -- nipah_virus_testing_management_systemCross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field.2023-10-25not yet calculatedCVE-2023-46583
MISC
phpgurukul -- nipah_virus_testing_management_systemSQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint.2023-10-25not yet calculatedCVE-2023-46584
MISC
phpgurukul -- nipah_virus_testing_management_systemA vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability.2023-10-26not yet calculatedCVE-2023-5804
MISC
MISC
MISC
phpgurukul -- online_railway_catering_systemA vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600.2023-10-26not yet calculatedCVE-2023-5794
MISC
MISC
MISC
ping_identity -- pingfederateWhen an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request.2023-10-25not yet calculatedCVE-2023-34085
MISC
MISC
ping_identity -- pingfederateUnder a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter2023-10-25not yet calculatedCVE-2023-37283
MISC
MISC
ping_identity -- pingfederatePingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests2023-10-25not yet calculatedCVE-2023-39219
MISC
MISC
ping_identity -- pingfederatePingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials.2023-10-25not yet calculatedCVE-2023-39231
MISC
MISC
ping_identity -- pingfederateA first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.2023-10-25not yet calculatedCVE-2023-39930
MISC
MISC
pip -- pipWhen installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial.2023-10-25not yet calculatedCVE-2023-5752
MISC
MISC
prestashop -- prestashopIn the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system.2023-10-25not yet calculatedCVE-2023-46346
MISC
prestashop -- prestashopIn the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.2023-10-25not yet calculatedCVE-2023-46347
MISC
prestashop -- prestashopIn the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.2023-10-25not yet calculatedCVE-2023-46358
MISC
proxmox -- proxmoxProxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.2023-10-28not yet calculatedCVE-2023-46854
MISC
MISC
MISC
rabbitmq -- rabbitmqRabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7.2023-10-25not yet calculatedCVE-2023-46118
MISC
rabbitmq -- rabbitmq
 
The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0.2023-10-25not yet calculatedCVE-2023-46120
MISC
MISC
MISC
MISC
radare2 -- radare2An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.2023-10-28not yet calculatedCVE-2023-46569
MISC
MISC
radare2 -- radare2An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.2023-10-28not yet calculatedCVE-2023-46570
MISC
MISC
regina_sweets&bakery_line -- regina_sweets&bakery_lineThe leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.2023-10-25not yet calculatedCVE-2023-39739
MISC
MISC
remark42 -- remark42umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability.2023-10-23not yet calculatedCVE-2023-45966
MISC
MISC
rexroth -- ctrlx_hmi_web_panelThe vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the 'su' binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.2023-10-25not yet calculatedCVE-2023-41255
MISC
rexroth -- ctrlx_hmi_web_panelThe vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.2023-10-25not yet calculatedCVE-2023-41960
MISC
rexroth -- ctrlx_hmi_web_panelThe vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.2023-10-25not yet calculatedCVE-2023-43488
MISC
rexroth -- ctrlx_hmi_web_panelThe Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user.2023-10-25not yet calculatedCVE-2023-45220
MISC
rexroth -- ctrlx_hmi_web_panelThe vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug).2023-10-25not yet calculatedCVE-2023-45844
MISC
rexroth -- ctrlx_hmi_web_panel
 
The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair2023-10-25not yet calculatedCVE-2023-41372
MISC
ritecms -- ritecmsA File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.2023-10-25not yet calculatedCVE-2023-44767
MISC
rmc_r_beauty_clinic_line -- rmc_r_beauty_clinic_lineAn issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.2023-10-25not yet calculatedCVE-2023-38848
MISC
MISC
rockwell_automation -- arena_simulationAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.2023-10-27not yet calculatedCVE-2023-27854
MISC
rockwell_automation -- arena_simulationRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute.2023-10-27not yet calculatedCVE-2023-27858
MISC
rockwell_automation -- factorytalkRockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.2023-10-27not yet calculatedCVE-2023-46289
MISC
rockwell_automation -- factorytalkDue to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service.2023-10-27not yet calculatedCVE-2023-46290
MISC
samba -- sambaA heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.2023-10-25not yet calculatedCVE-2023-5568
MISC
MISC
MISC
MISC
satoken -- satokenAn issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass.2023-10-25not yet calculatedCVE-2023-43961
MISC
satoken -- satokenAn issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.2023-10-25not yet calculatedCVE-2023-44794
MISC
sbt -- sbtsbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.2023-10-23not yet calculatedCVE-2023-46122
MISC
MISC
MISC
MISC
sd-webui-infinite-image-browsing -- sd-webui-infinite-image-browsingThe zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials.2023-10-22not yet calculatedCVE-2023-46315
MISC
MISC
seacms -- seacmsAn issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.2023-10-25not yet calculatedCVE-2023-46010
MISC
MISC
shaanxi_chanming_education_technology -- score_query_systemA vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument stuIdCard leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243593 was assigned to this vulnerability.2023-10-26not yet calculatedCVE-2023-5787
MISC
MISC
MISC
shanghai_cti_navigation -- cti_monitoring_and_early_warning_systemA vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-243717 was assigned to this vulnerability.2023-10-27not yet calculatedCVE-2023-5827
MISC
MISC
MISC
sick_ag -- fx0-gmod00000Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay.2023-10-23not yet calculatedCVE-2023-5246
MISC
MISC
MISC
sielco -- analog_fm_transmitterThe application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter.2023-10-26not yet calculatedCVE-2023-41966
MISC
MISC
sielco -- analog_fm_transmitterThe cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter.2023-10-26not yet calculatedCVE-2023-42769
MISC
MISC
sielco -- analog_fm_transmitterThe application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters.2023-10-26not yet calculatedCVE-2023-45228
MISC
MISC
sielco -- analog_fm_transmitterThe application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.2023-10-26not yet calculatedCVE-2023-45317
MISC
MISC
sielco_ -- polyeco1000Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests.2023-10-26not yet calculatedCVE-2023-46661
MISC
sielco_ -- polyeco1000Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information.2023-10-26not yet calculatedCVE-2023-46662
MISC
sielco_ -- polyeco1000Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests.2023-10-26not yet calculatedCVE-2023-46663
MISC
sielco_ -- polyeco1000Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.2023-10-26not yet calculatedCVE-2023-46664
MISC
sielco_ -- polyeco1000Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges.2023-10-26not yet calculatedCVE-2023-46665
MISC
sielco_ -- polyeco1000Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system.2023-10-26not yet calculatedCVE-2023-5754
MISC
sielco_ -- polyeco1000
 
Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests.2023-10-26not yet calculatedCVE-2023-0897
MISC
silicon_labs -- ember_znet_sdkMissing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.2023-10-26not yet calculatedCVE-2023-41096
MISC
silicon_labs -- openthread_sdkMissing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.2023-10-26not yet calculatedCVE-2023-41095
MISC
sisqualwfm -- sisqualwfmThe sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.2023-10-25not yet calculatedCVE-2023-36085
MISC
sonicwall -- directory_services_connectorA local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature.2023-10-27not yet calculatedCVE-2023-44219
MISC
sonicwall -- netextender_windowsSonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.2023-10-27not yet calculatedCVE-2023-44220
MISC
sourcecodester -- file_manager_appA vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595.2023-10-26not yet calculatedCVE-2023-5790
MISC
MISC
MISC
sourcecodester -- free_and_open_source_inventory_management_systemSourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.2023-10-26not yet calculatedCVE-2023-46449
MISC
MISC
sourcecodester -- free_and_open_source_inventory_management_systemSourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function.2023-10-26not yet calculatedCVE-2023-46450
MISC
MISC
sourcecodester -- simple_real_estate_portal_systemA vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. It has been classified as critical. Affected is an unknown function of the file view_estate.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243618 is the identifier assigned to this vulnerability.2023-10-26not yet calculatedCVE-2023-5805
MISC
MISC
MISC
sourcecodester -- sticky_notes_appA vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability.2023-10-26not yet calculatedCVE-2023-5791
MISC
MISC
MISC
sourcecodester -- sticky_notes_appA vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability.2023-10-26not yet calculatedCVE-2023-5792
MISC
MISC
MISC
sourcecodester -- task_reminder_systemA vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_reminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243644.2023-10-27not yet calculatedCVE-2023-5813
MISC
MISC
sourcecodester -- task_reminder_systemA vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-243645 was assigned to this vulnerability.2023-10-27not yet calculatedCVE-2023-5814
MISC
MISC
sourcecodester -- task_reminder_systemA vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800.2023-10-28not yet calculatedCVE-2023-5836
MISC
MISC
sourcecodester -- packers_and_movers_management_systemSourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id.2023-10-26not yet calculatedCVE-2023-46435
MISC
stb_image.h -- stb_image.h
 
Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.2023-10-25not yet calculatedCVE-2023-43281
MISC
MISC
stellar -- rs-stellar-strkeyrs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8.2023-10-25not yet calculatedCVE-2023-46135
MISC
MISC
sugarcrm -- sugarcrmAn issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this.2023-10-27not yet calculatedCVE-2023-46815
MISC
sugarcrm -- sugarcrmAn issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this.2023-10-27not yet calculatedCVE-2023-46816
MISC
synology -- camera_firmwareA vulnerability regarding use of externally controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500.2023-10-25not yet calculatedCVE-2023-5746
MISC
tenable -- nessus_network_monitorUnder certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file.2023-10-26not yet calculatedCVE-2023-5622
MISC
tenable -- nessus_network_monitorNNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location2023-10-26not yet calculatedCVE-2023-5623
MISC
tenable -- nessus_network_monitorUnder certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection.2023-10-26not yet calculatedCVE-2023-5624
MISC
tenda -- w18eTenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function.2023-10-25not yet calculatedCVE-2023-46369
MISC
tenda -- w18eTenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function.2023-10-25not yet calculatedCVE-2023-46370
MISC
tibco_software_inc. -- tibco_hawkThe Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console's and Agent's log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.2023-10-25not yet calculatedCVE-2023-26219
MISC
tire-sales_line -- tire-sales_lineAn issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.2023-10-25not yet calculatedCVE-2023-38849
MISC
MISC
tokueimaru_waiting_line -- ztokueimaru_waiting_lineThe leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.2023-10-25not yet calculatedCVE-2023-39732
MISC
MISC
tongda -- oaA vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-26not yet calculatedCVE-2023-5780
MISC
MISC
MISC
tongda -- oaA vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-26not yet calculatedCVE-2023-5781
MISC
MISC
MISC
tongda -- oaA vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-26not yet calculatedCVE-2023-5782
MISC
MISC
MISC
tongda -- oaA vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-26not yet calculatedCVE-2023-5783
MISC
MISC
MISC
tonton-tei_line -- tonton-tei_lineThe leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.2023-10-25not yet calculatedCVE-2023-39733
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp.2023-10-25not yet calculatedCVE-2023-46540
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup.2023-10-25not yet calculatedCVE-2023-46541
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig.2023-10-25not yet calculatedCVE-2023-46542
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey.2023-10-25not yet calculatedCVE-2023-46543
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl.2023-10-25not yet calculatedCVE-2023-46544
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc.2023-10-25not yet calculatedCVE-2023-46545
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats.2023-10-25not yet calculatedCVE-2023-46546
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog.2023-10-25not yet calculatedCVE-2023-46547
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect.2023-10-25not yet calculatedCVE-2023-46548
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg.2023-10-25not yet calculatedCVE-2023-46549
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice.2023-10-25not yet calculatedCVE-2023-46550
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl.2023-10-25not yet calculatedCVE-2023-46551
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP.2023-10-25not yet calculatedCVE-2023-46552
MISC
MISC
totolink -- x2000r_firmware
 
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl.2023-10-25not yet calculatedCVE-2023-46553
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function.2023-10-25not yet calculatedCVE-2023-46408
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function.2023-10-25not yet calculatedCVE-2023-46409
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function.2023-10-25not yet calculatedCVE-2023-46410
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function.2023-10-25not yet calculatedCVE-2023-46411
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function.2023-10-25not yet calculatedCVE-2023-46412
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function.2023-10-25not yet calculatedCVE-2023-46413
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function.2023-10-25not yet calculatedCVE-2023-46414
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function.2023-10-25not yet calculatedCVE-2023-46415
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function.2023-10-25not yet calculatedCVE-2023-46416
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function.2023-10-25not yet calculatedCVE-2023-46417
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function.2023-10-25not yet calculatedCVE-2023-46418
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function.2023-10-25not yet calculatedCVE-2023-46419
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function.2023-10-25not yet calculatedCVE-2023-46420
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function.2023-10-25not yet calculatedCVE-2023-46421
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function.2023-10-25not yet calculatedCVE-2023-46422
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function.2023-10-25not yet calculatedCVE-2023-46423
MISC
MISC
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function.2023-10-25not yet calculatedCVE-2023-46424
MISC
MISC
tp-link -- tl-wdr7660TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin.2023-10-25not yet calculatedCVE-2023-46371
MISC
tp-link -- tl-wdr7660TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses.2023-10-25not yet calculatedCVE-2023-46373
MISC
traceroute -- tracerouteIn buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.2023-10-25not yet calculatedCVE-2023-46316
MISC
MISC
twisted -- twistedTwisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue.2023-10-25not yet calculatedCVE-2023-46137
MISC
ubiquiti -- unifi_network_applicationInstances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later.2023-10-25not yet calculatedCVE-2023-41721
MISC
ubuntu -- ubuntu_grub2An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved.2023-10-25not yet calculatedCVE-2023-4692
MISC
MISC
MISC
MISC
MISC
ubuntu -- ubuntu_grub2An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk.2023-10-25not yet calculatedCVE-2023-4693
MISC
MISC
MISC
MISC
MISC
univention -- ucs@schoolIncorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash.2023-10-26not yet calculatedCVE-2020-17477
MISC
uomasa_saiji_news_line -- uomasa_saiji_news_lineThe leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.2023-10-25not yet calculatedCVE-2023-39735
MISC
MISC
uvdesk_community_skeleton -- uvdesk_community_skeletonUVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application.2023-10-23not yet calculatedCVE-2023-37635
MISC
uvdesk_community_skeleton -- uvdesk_community_skeletonA stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.2023-10-23not yet calculatedCVE-2023-37636
MISC
vermeg -- agilereporterAn issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component.2023-10-27not yet calculatedCVE-2022-34832
MISC
MISC
vermeg -- agilereporterAn issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component.2023-10-27not yet calculatedCVE-2022-34833
MISC
MISC
vermeg -- agilereporterAn issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log.2023-10-27not yet calculatedCVE-2022-34834
MISC
MISC
viessmann -- vitogate_300A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-23not yet calculatedCVE-2023-5702
MISC
MISC
MISC
vim -- vimVim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.2023-10-27not yet calculatedCVE-2023-46246
MISC
MISC
vinchin -- backup_&_recoveryVinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.2023-10-27not yet calculatedCVE-2023-45498
MISC
FULLDISC
vinchin -- backup_&_recoveryVinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.2023-10-27not yet calculatedCVE-2023-45499
MISC
FULLDISC
vision_meat_works_trackdiner10/10_mc_line -- vision_meat_works_trackdiner10/10_mc_lineThe leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.2023-10-25not yet calculatedCVE-2023-39734
MISC
MISC
vmware -- open-vm-toolsopen-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.2023-10-27not yet calculatedCVE-2023-34059
MISC
MISC
MISC
vmware -- vcenter_servervCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.2023-10-25not yet calculatedCVE-2023-34048
MISC
vmware -- vcenter_servervCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.2023-10-25not yet calculatedCVE-2023-34056
MISC
vmware -- vmware_toolsVMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.2023-10-27not yet calculatedCVE-2023-34057
MISC
vmware -- vmware_toolsVMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .2023-10-27not yet calculatedCVE-2023-34058
MISC
MISC
vue.js -- vue.js_devtoolsThe Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e., a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource.2023-10-23not yet calculatedCVE-2023-5718
MISC
wabt -- wabtWebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault.2023-10-23not yet calculatedCVE-2023-46331
MISC
wabt -- wabtWebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault.2023-10-23not yet calculatedCVE-2023-46332
MISC
wenwenaicms -- wenwenaicmsInsecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges.2023-10-25not yet calculatedCVE-2023-45990
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin <= 5.5.1 versions.2023-10-25not yet calculatedCVE-2023-25032
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <= 2.0.0.1 versions.2023-10-26not yet calculatedCVE-2023-30492
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions.2023-10-26not yet calculatedCVE-2023-32116
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions.2023-10-27not yet calculatedCVE-2023-32738
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions.2023-10-25not yet calculatedCVE-2023-39924
MISC
wordpress -- wordpressThe Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-27not yet calculatedCVE-2023-5774
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike - Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8 versions.2023-10-25not yet calculatedCVE-2023-45640
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Keung Peter's Custom Anti-Spam plugin <= 3.2.2 versions.2023-10-25not yet calculatedCVE-2023-45759
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson WP GoToWebinar plugin <= 14.45 versions.2023-10-25not yet calculatedCVE-2023-45832
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LeadSquared Suite plugin <= 0.7.4 versions.2023-10-25not yet calculatedCVE-2023-45833
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions.2023-10-25not yet calculatedCVE-2023-45835
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.2023-10-25not yet calculatedCVE-2023-45837
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions.2023-10-25not yet calculatedCVE-2023-46068
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Osmansorkar Ajax Archive Calendar plugin <= 2.6.7 versions.2023-10-25not yet calculatedCVE-2023-46069
MISC
wordpress -- wordpress
 
An authenticated XCC user can change permissions for any user through a crafted API command.2023-10-25not yet calculatedCVE-2023-4607
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions.2023-10-25not yet calculatedCVE-2023-46070
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos Protección de Datos RGPD plugin <= 3.1.0 versions.2023-10-25not yet calculatedCVE-2023-46071
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions.2023-10-26not yet calculatedCVE-2023-46072
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions.2023-10-26not yet calculatedCVE-2023-46074
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions.2023-10-26not yet calculatedCVE-2023-46075
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.102 versions.2023-10-26not yet calculatedCVE-2023-46076
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed - Custom Feed plugin <= 2.2.5 versions.2023-10-26not yet calculatedCVE-2023-46077
MISC
wordpress -- wordpress
 
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions.2023-10-26not yet calculatedCVE-2023-46081
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions.2023-10-22not yet calculatedCVE-2023-46085
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.2023-10-26not yet calculatedCVE-2023-46088
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions.2023-10-22not yet calculatedCVE-2023-46089
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.2023-10-26not yet calculatedCVE-2023-46090
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.2023-10-27not yet calculatedCVE-2023-46091
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin <= 2.0 versions.2023-10-27not yet calculatedCVE-2023-46093
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.3 versions.2023-10-26not yet calculatedCVE-2023-46094
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions.2023-10-22not yet calculatedCVE-2023-46095
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions.2023-10-25not yet calculatedCVE-2023-46150
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.2023-10-25not yet calculatedCVE-2023-46151
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.2023-10-25not yet calculatedCVE-2023-46152
MISC
wordpress -- wordpress
 
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions.2023-10-27not yet calculatedCVE-2023-46153
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar - Google Calendar Plugin <= 3.2.5 versions.2023-10-25not yet calculatedCVE-2023-46189
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.2023-10-25not yet calculatedCVE-2023-46190
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions.2023-10-25not yet calculatedCVE-2023-46191
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.2023-10-27not yet calculatedCVE-2023-46192
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.2023-10-25not yet calculatedCVE-2023-46193
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist - Custom Archive Templates plugin <= 1.7.5 versions.2023-10-27not yet calculatedCVE-2023-46194
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions.2023-10-25not yet calculatedCVE-2023-46198
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <= 4.1.1 versions.2023-10-27not yet calculatedCVE-2023-46199
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions.2023-10-27not yet calculatedCVE-2023-46200
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions.2023-10-25not yet calculatedCVE-2023-46202
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions.2023-10-25not yet calculatedCVE-2023-46204
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.2023-10-27not yet calculatedCVE-2023-46208
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus - Unlimited grid plugin <= 1.3.2 versions.2023-10-27not yet calculatedCVE-2023-46209
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.2023-10-27not yet calculatedCVE-2023-46211
MISC
wordpress -- wordpress
 
The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-27not yet calculatedCVE-2023-5051
MISC
MISC
MISC
wordpress -- wordpress
 
The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-25not yet calculatedCVE-2023-5085
MISC
MISC
wordpress -- wordpress
 
The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-25not yet calculatedCVE-2023-5110
MISC
MISC
wordpress -- wordpress
 
The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users.2023-10-25not yet calculatedCVE-2023-5126
MISC
MISC
wordpress -- wordpress
 
The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-25not yet calculatedCVE-2023-5127
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution.2023-10-25not yet calculatedCVE-2023-5311
MISC
MISC
MISC
wordpress -- wordpress
 
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges.2023-10-28not yet calculatedCVE-2023-5425
MISC
MISC
wordpress -- wordpress
 
The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users.2023-10-28not yet calculatedCVE-2023-5426
MISC
MISC
wordpress -- wordpress
 
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users.2023-10-20not yet calculatedCVE-2023-5533
MISC
MISC
wordpress -- wordpress
 
The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-20not yet calculatedCVE-2023-5534
MISC
MISC
wordpress -- wordpress
 
The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-27not yet calculatedCVE-2023-5705
MISC
MISC
MISC
wordpress -- wordpress
 
The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-25not yet calculatedCVE-2023-5740
MISC
MISC
MISC
wordpress -- wordpress
 
The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-25not yet calculatedCVE-2023-5744
MISC
MISC
MISC
wordpress -- wordpress
 
The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-25not yet calculatedCVE-2023-5745
MISC
MISC
wordpress -- wordpress
 
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks2023-10-26not yet calculatedCVE-2023-5798
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin - WP Knowledgebase plugin <= 1.3.4 versions.2023-10-26not yet calculatedCVE-2023-5802
MISC
wordpress -- wordpress
 
The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-27not yet calculatedCVE-2023-5817
MISC
MISC
MISC
wordpress -- wordpress
 
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-27not yet calculatedCVE-2023-5820
MISC
MISC
MISC
wordpress -- wordpress
 
The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-27not yet calculatedCVE-2023-5821
MISC
MISC
MISC
writercms -- writercms
 
Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors.2023-10-26not yet calculatedCVE-2023-43905
MISC
xnview_classic -- xnview_classicBuffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file.2023-10-27not yet calculatedCVE-2023-46587
MISC
xolo_cms -- xolo_cms
 
Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.2023-10-26not yet calculatedCVE-2023-43906
MISC
xorg-server -- xorg-serverA out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.2023-10-25not yet calculatedCVE-2023-5367
MISC
MISC
MISC
MISC
MISC
MISC
xorg-server -- xorg-serverA use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.2023-10-25not yet calculatedCVE-2023-5380
MISC
MISC
MISC
MISC
MISC
xorg-server -- xorg-serverA use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.2023-10-25not yet calculatedCVE-2023-5574
MISC
MISC
MISC
xpand -- it_write-back_managerXpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter.2023-10-26not yet calculatedCVE-2023-27170
MISC
xwiki -- xwikiXWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix.2023-10-25not yet calculatedCVE-2023-37908
MISC
MISC
MISC
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed.2023-10-25not yet calculatedCVE-2023-37909
MISC
MISC
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version.2023-10-25not yet calculatedCVE-2023-37910
MISC
MISC
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.2023-10-25not yet calculatedCVE-2023-37911
MISC
MISC
MISC
MISC
MISC
MISC
xwiki -- xwikiXWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro.2023-10-25not yet calculatedCVE-2023-37912
MISC
MISC
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove `/` or `\` from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter.2023-10-25not yet calculatedCVE-2023-37913
MISC
MISC
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker's user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki's WAR and can be patched by manually applying the changes from the fix.2023-10-25not yet calculatedCVE-2023-45134
MISC
MISC
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right. For the attack to work, the attacker needs to convince the victim to visit a link like `<xwiki-host>/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)` where `<xwiki-host>` is the URL of the Wiki installation and to then click on the "Create" button on that page. The page looks like a regular XWiki page that the victim would also see when clicking the button to create a page that doesn't exist yet, the malicious code is not displayed anywhere on that page. After clicking the "Create" button, the malicious title would be displayed but at this point, the code has already been executed and the attacker could use this code also to hide the attack, e.g., by redirecting the victim again to the same page with an innocent title. It thus seems plausible that this attack could work if the attacker can place a fake "create page" button on a page which is possible with edit right. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by displaying the title already in the first step such that the victim can notice the attack before continuing. It is possible to manually patch the modified files from the patch in an existing installation. For the JavaScript change, the minified JavaScript file would need to be obtained from a build of XWiki and replaced accordingly.2023-10-25not yet calculatedCVE-2023-45135
MISC
MISC
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.2023-10-25not yet calculatedCVE-2023-45136
MISC
MISC
MISC
xwiki -- xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.2023-10-25not yet calculatedCVE-2023-45137
MISC
MISC
MISC
yxbookcms -- yxbookcmsCross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.2023-10-27not yet calculatedCVE-2023-46503
MISC
yxbookcms -- yxbookcmsCross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component.2023-10-27not yet calculatedCVE-2023-46504
MISC
zenario_cms -- zenario_cmsA Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.2023-10-25not yet calculatedCVE-2023-44769
MISC
MISC
zentao_biz -- zentao_bizZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).2023-10-27not yet calculatedCVE-2023-46375
MISC
zentao_biz -- zentao_bizZentao Biz version 8.7 and before is vulnerable to Information Disclosure.2023-10-27not yet calculatedCVE-2023-46376
MISC
zentao_biz -- zentao_bizZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.2023-10-27not yet calculatedCVE-2023-46491
MISC
zentao_enterprise_edition -- zentao_enterprise_editionZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS).2023-10-27not yet calculatedCVE-2023-46374
MISC
zephyr -- zephyrPotential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver2023-10-26not yet calculatedCVE-2023-5139
MISC
zephyr -- zephyrPotential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c2023-10-25not yet calculatedCVE-2023-5753
MISC
zioncom_holdings_ltd. -- a7000rAn issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function.2023-10-27not yet calculatedCVE-2023-46510
MISC
zitadel -- zitadelZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victim's account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2.2023-10-26not yet calculatedCVE-2023-46238
MISC
MISC
MISC
zpe_systems,_inc. -- nodegrid_osZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.2023-10-28not yet calculatedCVE-2023-43322
CONFIRM
 palantir -- palantirThe Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.2023-10-26not yet calculatedCVE-2023-30969
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.