Vulnerability Summary for the Week of October 23, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
projectworlds_pvt._limited -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'fnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-26 | 9.8 | CVE-2023-43737 MISC MISC |
projectworlds_pvt._limited -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-43738 MISC MISC |
projectworlds_pvt._limited -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44162 MISC MISC |
projectworlds_pvt._limited -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-26 | 9.8 | CVE-2023-44267 MISC MISC |
projectworlds_pvt._limited -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'gender' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-26 | 9.8 | CVE-2023-44268 MISC MISC |
projectworlds_pvt._limited -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44375 MISC MISC |
projectworlds_pvt._limited -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44376 MISC MISC |
projectworlds_pvt._limited -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44377 MISC MISC |
apache -- http_server | Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.57. | 2023-10-23 | 9.1 | CVE-2023-31122 MISC MISC MISC |
byzoro -- smart_s85f_firmware | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-21 | 9.8 | CVE-2023-5683 MISC MISC MISC |
byzoro -- smart_s85f_firmware | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-21 | 9.8 | CVE-2023-5684 MISC MISC MISC |
calibre-ebook -- calibre | link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. | 2023-10-22 | 7.5 | CVE-2023-46303 MISC MISC |
codeastro -- internet_banking_system | A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131. | 2023-10-22 | 9.8 | CVE-2023-5693 MISC MISC MISC |
color -- demoiccmax | In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. | 2023-10-23 | 8.8 | CVE-2023-46602 MISC |
color -- demoiccmax | In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a. | 2023-10-23 | 7.8 | CVE-2023-46603 MISC |
dell -- unity_operating_environment | Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. | 2023-10-23 | 7.8 | CVE-2023-43066 MISC |
dell -- unity_operating_environment | Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. | 2023-10-23 | 7.5 | CVE-2023-43074 MISC |
edm_informatics -- e-invoice | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1. | 2023-10-27 | 7.5 | CVE-2023-5443 MISC |
f5 -- big-ip | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2023-10-26 | 9.8 | CVE-2023-46747 MISC |
f5 -- big-ip | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2023-10-26 | 8.8 | CVE-2023-46748 MISC |
frostming -- pdm | pdm is a Python package and dependency manager supporting the latest PEP standards. It's possible to craft a malicious `pdm.lock` file that could allow e.g., an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it's not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what's actually installed could differ from what's listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-10-20 | 7.8 | CVE-2023-45805 MISC MISC MISC MISC MISC |
ibm -- cognos_dashboards_on_cloud_pak_for_data | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. | 2023-10-22 | 7.5 | CVE-2023-38275 MISC MISC |
ibm -- cognos_dashboards_on_cloud_pak_for_data | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. | 2023-10-22 | 7.5 | CVE-2023-38276 MISC MISC |
ibm -- security_verify_governance | IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. | 2023-10-23 | 9.8 | CVE-2022-22466 MISC MISC |
ibm -- security_verify_governance | IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | 2023-10-23 | 8.8 | CVE-2023-33839 MISC MISC |
ibm -- security_verify_governance | IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | 2023-10-23 | 7.5 | CVE-2023-33837 MISC MISC |
ibm -- sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. | 2023-10-23 | 7.5 | CVE-2023-43045 MISC MISC |
idattend -- idweb | Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26568 MISC |
idattend -- idweb | Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26569 MISC |
idattend -- idweb | Unauthenticated SQL injection in the GetExcursionList method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26572 MISC |
idattend -- idweb | Missing authentication in the SetDB method in IDAttend's IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | 2023-10-25 | 9.1 | CVE-2023-26573 MISC |
idattend -- idweb | Unauthenticated SQL injection in the GetVisitors method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26581 MISC |
idattend -- idweb | Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26582 MISC |
idattend -- idweb | Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26583 MISC |
idattend -- idweb | Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26584 MISC |
idattend -- idweb | Unauthenticated SQL injection in the GetRoomChanges method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-27254 MISC |
idattend -- idweb | Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-27255 MISC |
idattend -- idweb | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-27260 MISC |
idattend -- idweb | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-27262 MISC |
idattend -- idweb | Arbitrary file upload to web root in the IDAttend's IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | 2023-10-25 | 8.8 | CVE-2023-26578 MISC |
idattend -- idweb | Missing authentication in the StudentPopupDetails_Timetable method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26570 MISC |
idattend -- idweb | Missing authentication in the SetStudentNotes method in IDAttend's IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26571 MISC |
idattend -- idweb | Missing authentication in the SearchStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26574 MISC |
idattend -- idweb | Missing authentication in the SearchStudentsStaff method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26575 MISC |
idattend -- idweb | Missing authentication in the SearchStudentsRFID method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26576 MISC |
idattend -- idweb | Unauthenticated arbitrary file read in the IDAttend's IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26580 MISC |
idattend -- idweb | Missing authentication in the GetActiveToiletPasses method in IDAttend's IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27257 MISC |
idattend -- idweb | Missing authentication in the GetStudentGroupStudents method in IDAttend's IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27258 MISC |
idattend -- idweb | Missing authentication in the GetAssignmentsDue method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27259 MISC |
idattend -- idweb | Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27375 MISC |
idattend -- idweb | Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27376 MISC |
idattend -- idweb | Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend's IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27377 MISC |
inohom -- home_manager_gateway | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting. This issue affects Home Manager Gateway: before v.1.27.12. | 2023-10-27 | 7.5 | CVE-2023-5570 MISC |
langchain -- langchain | In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain. | 2023-10-20 | 9.8 | CVE-2023-32785 MISC |
langchain -- langchain | In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | 2023-10-20 | 7.5 | CVE-2023-32786 MISC |
m-files -- web_companion | Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution | 2023-10-20 | 7.8 | CVE-2023-5523 MISC |
modoboa -- modoboa | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. | 2023-10-20 | 8.8 | CVE-2023-5690 MISC MISC |
mosparo -- mosparo | Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. | 2023-10-20 | 8.8 | CVE-2023-5687 MISC MISC |
netentsec -- application_security_gateway | A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability. | 2023-10-23 | 9.8 | CVE-2023-5700 MISC MISC MISC |
netentsec -- application_security_gateway | A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-20 | 7.2 | CVE-2023-5681 MISC MISC MISC |
openimageio -- openimageio | An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | 2023-10-23 | 8.8 | CVE-2023-42295 MISC |
pleaser -- pleaser | please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.) | 2023-10-20 | 7.8 | CVE-2023-46277 MISC MISC MISC MISC |
projectworlds_pvt._limited -- leave_management_system_project | Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44480 MISC MISC |
qnap -- qusbcam2 | An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later | 2023-10-20 | 8.8 | CVE-2023-23373 MISC |
radare -- radare2 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | 2023-10-20 | 8.8 | CVE-2023-5686 MISC MISC |
reconftw -- reconftw | reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it's own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-10-20 | 8.8 | CVE-2023-46117 MISC MISC |
secudos -- qiata | SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user. | 2023-10-20 | 7.8 | CVE-2023-40361 MISC |
silabs -- gecko_bootloader | An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | 2023-10-20 | 7.8 | CVE-2023-3487 MISC MISC |
sitolog -- sitolog_application_connect | Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | 2023-10-20 | 9.8 | CVE-2023-37824 MISC |
sollace -- unicopia | Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. | 2023-10-20 | 9.8 | CVE-2023-39680 MISC |
stb_image.h -- stb_image.h | stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn't give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn't do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. It would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non-null value. However, at the same time the function may return null value but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. The issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn't fail or to a double-free if the `delays` is always freed | 2023-10-21 | 9.8 | CVE-2023-45666 MISC MISC MISC |
stb_image.h -- stb_image.h | stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first "free", the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. | 2023-10-21 | 8.8 | CVE-2023-45664 MISC MISC |
stb_image.h -- stb_image.h | stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn't match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn't match the real image array dimensions. | 2023-10-21 | 8.1 | CVE-2023-45662 MISC MISC |
stb_image.h -- stb_image.h | stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails, it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. | 2023-10-21 | 7.5 | CVE-2023-45667 MISC MISC MISC |
stb_image.h -- stb_image.h | stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information. | 2023-10-21 | 7.1 | CVE-2023-45661 MISC MISC MISC |
stb_image.h -- stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45676 MISC MISC MISC |
stb_image.h -- stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45677 MISC MISC MISC MISC MISC MISC |
stb_image.h -- stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45678 MISC MISC MISC |
stb_image.h -- stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45679 MISC MISC MISC |
stb_image.h -- stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45681 MISC MISC |
stb_image.h -- stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information. | 2023-10-21 | 7.1 | CVE-2023-45682 MISC MISC MISC MISC |
stb_image.h -- stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)'\0';`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45675 MISC MISC MISC MISC |
superwebmailer -- superwebmailer | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | 2023-10-21 | 8.8 | CVE-2023-38190 MISC MISC |
superwebmailer -- superwebmailer | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line. | 2023-10-21 | 8.8 | CVE-2023-38193 MISC MISC |
thingnario -- photon | An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage" endpoint. | 2023-10-21 | 8.8 | CVE-2023-46055 MISC |
tongda -- oa | A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-20 | 9.8 | CVE-2023-5682 MISC MISC MISC |
totolink -- a3700r_firmware | An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | 2023-10-25 | 9.8 | CVE-2023-46574 MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel. | 2023-10-25 | 9.8 | CVE-2023-46554 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. | 2023-10-25 | 9.8 | CVE-2023-46555 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. | 2023-10-25 | 9.8 | CVE-2023-46556 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. | 2023-10-25 | 9.8 | CVE-2023-46557 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. | 2023-10-25 | 9.8 | CVE-2023-46558 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr. | 2023-10-25 | 9.8 | CVE-2023-46559 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. | 2023-10-25 | 9.8 | CVE-2023-46560 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. | 2023-10-25 | 9.8 | CVE-2023-46562 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. | 2023-10-25 | 9.8 | CVE-2023-46563 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. | 2023-10-25 | 9.8 | CVE-2023-46564 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. | 2023-10-25 | 9.8 | CVE-2023-46520 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. | 2023-10-25 | 9.8 | CVE-2023-46521 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister. | 2023-10-25 | 9.8 | CVE-2023-46522 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. | 2023-10-25 | 9.8 | CVE-2023-46523 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. | 2023-10-25 | 9.8 | CVE-2023-46525 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. | 2023-10-25 | 9.8 | CVE-2023-46526 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle. | 2023-10-25 | 9.8 | CVE-2023-46527 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. | 2023-10-25 | 9.8 | CVE-2023-46534 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. | 2023-10-25 | 9.8 | CVE-2023-46535 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. | 2023-10-25 | 9.8 | CVE-2023-46536 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. | 2023-10-25 | 9.8 | CVE-2023-46537 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. | 2023-10-25 | 9.8 | CVE-2023-46538 MISC MISC |
tp-link -- tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. | 2023-10-25 | 9.8 | CVE-2023-46539 MISC MISC |
trtek_software -- education_portal | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29. | 2023-10-27 | 9.8 | CVE-2023-5807 MISC |
vercel -- next.js | Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. | 2023-10-22 | 7.5 | CVE-2023-46298 MISC MISC MISC |
vmware -- fusion | VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | 2023-10-20 | 7.8 | CVE-2023-34045 MISC |
vmware -- fusion | VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | 2023-10-20 | 7 | CVE-2023-34046 MISC |
wallix -- bastion | WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. | 2023-10-23 | 7.5 | CVE-2023-46319 MISC |
wordpress -- wordpress | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths. | 2023-10-20 | 7.5 | CVE-2023-4668 MISC MISC |
wordpress -- wordpress | The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the 'zbscrmcsvimpf' parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a 'file_exists' check on the value of 'zbscrmcsvimpf'. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link. | 2023-10-20 | 8.8 | CVE-2022-3342 MISC MISC MISC |
wordpress -- wordpress | The Brizy plugin for WordPress is vulnerable to authorization bypass due to an incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions. | 2023-10-20 | 8.1 | CVE-2020-36714 MISC MISC |
wordpress -- wordpress | The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. | 2023-10-20 | 8.8 | CVE-2020-36698 MISC MISC MISC |
wordpress -- wordpress | The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7. | 2023-10-20 | 8.8 | CVE-2022-4290 MISC MISC |
wordpress -- wordpress | The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-20 | 8.8 | CVE-2023-4999 MISC MISC |
wordpress -- wordpress | The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2023-10-20 | 9.8 | CVE-2023-4488 MISC MISC |
wordpress -- wordpress | The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. | 2023-10-20 | 7.2 | CVE-2023-5414 MISC MISC MISC |
wordpress -- wordpress | The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server. | 2023-10-20 | 8.8 | CVE-2022-2441 MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions. | 2023-10-21 | 8.8 | CVE-2023-46078 MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection. | 2023-10-20 | 8.8 | CVE-2023-4920 MISC MISC MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions. | 2023-10-21 | 8.8 | CVE-2023-46067 MISC |
wordpress -- wordpress | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. | 2023-10-20 | 8.8 | CVE-2021-4334 MISC MISC |
wordpress -- wordpress | The Simple:Press - WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-10-20 | 9.8 | CVE-2020-36706 MISC MISC MISC MISC |
wordpress -- wordpress | The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata). | 2023-10-21 | 7.5 | CVE-2023-5132 MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2023-10-20 | 8.1 | CVE-2023-4386 MISC MISC |
wordpress -- wordpress | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2023-10-20 | 9.8 | CVE-2023-4402 MISC MISC |
wordpress -- wordpress | The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering. | 2023-10-20 | 9.3 | CVE-2023-5576 MISC MISC MISC |
zscaler -- client_connector | An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 | 2023-10-23 | 9.8 | CVE-2023-28805 MISC |
zscaler -- client_connector | The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. | 2023-10-23 | 7.8 | CVE-2021-26735 MISC |
zscaler -- client_connector | Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. | 2023-10-23 | 7.8 | CVE-2021-26736 MISC |
zscaler -- client_connector | Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. | 2023-10-23 | 7.8 | CVE-2021-26738 MISC |
zscaler -- client_connector | Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 2023-10-23 | 7.8 | CVE-2023-28793 MISC |
zscaler -- client_connector | Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 2023-10-23 | 7.8 | CVE-2023-28795 MISC |
zscaler -- client_connector | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 2023-10-23 | 7.8 | CVE-2023-28796 MISC |
zscaler -- client_connector | Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. | 2023-10-23 | 7.3 | CVE-2023-28797 MISC |
zzzcms -- zzzcms | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. | 2023-10-25 | 9.8 | CVE-2023-45554 MISC |
zzzcms -- zzzcms | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | 2023-10-25 | 7.8 | CVE-2023-45555 MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
apache -- airflow | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348. | 2023-10-23 | 4.3 | CVE-2023-46288 MISC MISC |
apache -- santuario_xml_security_for_java | All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. | 2023-10-20 | 6.5 | CVE-2023-44483 MISC MISC |
cmsmadesimple -- cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. | 2023-10-20 | 5.4 | CVE-2023-43353 MISC |
cmsmadesimple -- cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. | 2023-10-20 | 5.4 | CVE-2023-43354 MISC |
cmsmadesimple -- cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component. | 2023-10-20 | 5.4 | CVE-2023-43355 MISC MISC |
cmsmadesimple -- cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. | 2023-10-20 | 5.4 | CVE-2023-43356 MISC |
cmsmadesimple -- cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. | 2023-10-20 | 5.4 | CVE-2023-43357 MISC |
codeastro -- internet_banking_system | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input <ScRiPt >alert(991)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132. | 2023-10-22 | 6.1 | CVE-2023-5694 MISC MISC MISC |
codeastro -- internet_banking_system | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com'%26%25<ScRiPt%20>alert(9860)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability. | 2023-10-22 | 6.1 | CVE-2023-5695 MISC MISC MISC |
codeastro -- internet_banking_system | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928--><ScRiPt%20>alert(9206)</ScRiPt><!-- leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243134 is the identifier assigned to this vulnerability. | 2023-10-22 | 6.1 | CVE-2023-5696 MISC MISC MISC |
codeastro -- internet_banking_system | A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614--><ScRiPt%20>alert(1234)</ScRiPt><!-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243135. | 2023-10-23 | 6.1 | CVE-2023-5697 MISC MISC MISC |
codeastro -- internet_banking_system | A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. This vulnerability affects unknown code of the file pages_deposit_money.php. The manipulation of the argument account_number with the input 421873905--><ScRiPt%20>alert(9523)</ScRiPt><!-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243136. | 2023-10-23 | 6.1 | CVE-2023-5698 MISC MISC MISC |
codeastro -- internet_banking_system | A vulnerability, which was classified as problematic, has been found in CodeAstro Internet Banking System 1.0. This issue affects some unknown processing of the file pages_view_client.php. The manipulation of the argument acc_name with the input Johnnie Reyes'"()&%<zzz><ScRiPt >alert(5646)</ScRiPt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243137 was assigned to this vulnerability. | 2023-10-23 | 6.1 | CVE-2023-5699 MISC MISC MISC |
dell -- unity_operating_environment | Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system. | 2023-10-23 | 6.5 | CVE-2023-43067 MISC |
dell -- unity_operating_environment | Dell Unity prior to 5.3 contains a Cross-site scripting vulnerability. A low-privileged authenticated attacker can exploit these issues to obtain escalated privileges. | 2023-10-23 | 5.4 | CVE-2023-43065 MISC |
enhancesoft -- osticket | A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter. | 2023-10-23 | 4.8 | CVE-2023-27148 MISC |
enhancesoft -- osticket | A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list. | 2023-10-23 | 4.8 | CVE-2023-27149 MISC |
home-assistant -- home-assistant | Home assistant is an open source home automation. The audit team's analyses confirmed that the `redirect_uri` and `client_id` are alterable when logging in. Consequently, the code parameter utilized to fetch the `access_token` post-authentication will be sent to the URL specified in the aforementioned parameters. Since an arbitrary URL is permitted and `homeassistant.local` represents the preferred, default domain likely used and trusted by many users, an attacker could leverage this weakness to manipulate a user and retrieve account access. Notably, this attack strategy is plausible if the victim has exposed their Home Assistant to the Internet, since after acquiring the victim's `access_token` the adversary would need to utilize it directly towards the instance to achieve any pertinent malicious actions. To achieve this compromise attempt, the attacker must send a link with a `redirect_uri` that they control to the victim's own Home Assistant instance. In the eventuality the victim authenticates via said link, the attacker would obtain code sent to the specified URL in `redirect_uri`, which can then be leveraged to fetch an `access_token`. Pertinently, an attacker could increase the efficacy of this strategy by registering a near identical domain to `homeassistant.local`, which at first glance may appear legitimate and thereby obfuscate any malicious intentions. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-10-20 | 5.4 | CVE-2023-41893 MISC MISC |
home-assistant -- home-assistant | Home assistant is an open source home automation. The assessment verified that webhooks available in the webhook component are triggerable via the `*.ui.nabu.casa` URL without authentication, even when the webhook is marked as Only accessible from the local network. This issue is facilitated by the SniTun proxy, which sets the source address to 127.0.0.1 on all requests sent to the public URL and forwarded to the local Home Assistant. This issue has been addressed in version 2023.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-10-20 | 5.3 | CVE-2023-41894 MISC MISC |
i-doit -- i-doit | I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. | 2023-10-21 | 5.4 | CVE-2023-46003 MISC MISC MISC |
ibm -- cognos_dashboards_on_cloud_pak_for_data | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482. | 2023-10-22 | 6.5 | CVE-2023-38735 MISC MISC |
ibm -- security_verify_governance | IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037. | 2023-10-23 | 4.8 | CVE-2023-33840 MISC MISC |
ibm -- sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174. | 2023-10-23 | 5.4 | CVE-2023-38722 MISC MISC |
idattend -- idweb | Missing authentication in the DeleteAssignments method in IDAttend's IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. | 2023-10-25 | 6.5 | CVE-2023-27261 MISC |
idattend -- idweb | Stored cross-site scripting in the IDAttend's IDWeb application 3.1.052 and earlier allows attackers to hijack the browsing session of the logged in user. | 2023-10-25 | 5.4 | CVE-2023-26577 MISC |
idattend -- idweb | Missing authentication in the DeleteStaff method in IDAttend's IDWeb application 3.1.013 allows deletion of staff information by unauthenticated attackers. | 2023-10-25 | 5.3 | CVE-2023-26579 MISC |
idattend -- idweb | Missing authentication in the GetLogFiles method in IDAttend's IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. | 2023-10-25 | 5.3 | CVE-2023-27256 MISC |
kaibutsunosato -- kaibutsunosato | The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 2023-10-20 | 5.3 | CVE-2023-39731 MISC MISC |
m-files -- classic_web | Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document. | 2023-10-20 | 5.4 | CVE-2023-2325 MISC |
modoboa -- modoboa | Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | 2023-10-20 | 5.4 | CVE-2023-5688 MISC MISC |
modoboa -- modoboa | Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | 2023-10-20 | 5.4 | CVE-2023-5689 MISC MISC |
nagvis -- nagvis | XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. | 2023-10-20 | 6.1 | CVE-2023-46287 MISC MISC MISC |
opensolution -- quick_cms | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component. | 2023-10-20 | 5.4 | CVE-2023-43346 MISC MISC |
stb_image.h -- stb_image.h | stb_image is a single file MIT licensed library for processing images. The stbi__getn function reads a specified number of bytes from context (typically a file) into the specified buffer. In case the file stream points to the end, it returns zero. There are two places where its return value is not checked: In the `stbi__hdr_load` function and in the `stbi__tga_load` function. The latter of the two is likely more exploitable as an attacker may also control the size of an uninitialized buffer. | 2023-10-21 | 5.5 | CVE-2023-45663 MISC MISC MISC MISC |
stb_vorbis.c -- stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, the `f->comment_list` is set to `NULL`, but `f->comment_list_length` is not reset. Later in `vorbis_deinit` it tries to dereference the `NULL` pointer. This issue may lead to denial of service. | 2023-10-21 | 5.5 | CVE-2023-45680 MISC MISC MISC |
superwebmailer -- superwebmailer | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename. | 2023-10-20 | 6.1 | CVE-2023-38191 MISC MISC |
superwebmailer -- superwebmailer | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows superadmincreate.php XSS via crafted incorrect passwords. | 2023-10-21 | 6.1 | CVE-2023-38192 MISC MISC |
superwebmailer -- superwebmailer | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter. | 2023-10-21 | 6.1 | CVE-2023-38194 MISC MISC |
tauri -- tauri | Tauri is a framework for building binaries for all major desktop platforms. This advisory is not describing a vulnerability in the Tauri code base itself but a commonly used misconfiguration which could lead to leaking of the private key and updater key password into bundled Tauri applications using the Vite frontend in a specific configuration. The Tauri documentation used an insecure example configuration in the `Vite guide` to showcase how to use Tauri together with Vite. Copying the following snippet `envPrefix: ['VITE_', 'TAURI_'],` from this guide into the `vite.config.ts` of a Tauri project leads to bundling the `TAURI_PRIVATE_KEY` and `TAURI_KEY_PASSWORD` into the Vite frontend code and therefore leaking this value to the released Tauri application. Using the `envPrefix: ['VITE_'],` or any other framework than Vite means you are not impacted by this advisory. Users are advised to rotate their updater private key if they are affected by this (requires Tauri CLI >=1.5.5). After updating the envPrefix configuration, generate a new private key with `tauri signer generate`, saving the new private key and updating the updater's `pubkey` value on `tauri.conf.json` with the new public key. To update your existing application, the next application build must be signed with the older private key in order to be accepted by the existing application. | 2023-10-20 | 5.5 | CVE-2023-46115 MISC MISC |
vmware -- workstation | VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. | 2023-10-20 | 6 | CVE-2023-34044 MISC |
vnote_project -- vnote | A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input <xss onclick="alert(1)" style=display:block>Click here</xss> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-23 | 6.1 | CVE-2023-5701 MISC MISC MISC |
wbce -- wbce_cms | Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | 2023-10-21 | 5.4 | CVE-2023-46054 MISC |
wordpress -- wordpress | The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only. | 2023-10-20 | 4.3 | CVE-2022-3622 MISC MISC MISC MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions. | 2023-10-25 | 6.1 | CVE-2023-45769 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Amministrazione Trasparente plugin <= 8.0.2 versions. | 2023-10-25 | 4.8 | CVE-2023-45758 MISC |
wordpress -- wordpress | The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-21 | 5.4 | CVE-2023-5205 MISC MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions. | 2023-10-25 | 4.8 | CVE-2023-45644 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Biztechc Copy or Move Comments plugin <= 5.0.4 versions. | 2023-10-25 | 6.1 | CVE-2023-45634 MISC |
wordpress -- wordpress | The ARMember Lite - Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-10-20 | 4.8 | CVE-2023-3996 MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive site options. | 2023-10-20 | 4.3 | CVE-2023-4796 MISC MISC MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BuddyBoss BuddyPress Global Search plugin <= 1.2.1 versions. | 2023-10-25 | 4.8 | CVE-2023-45755 MISC |
wordpress -- wordpress | The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 6.1 | CVE-2022-4712 MISC MISC |
wordpress -- wordpress | The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions() function. This makes it possible for unauthenticated attackers to activate and deactivate snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2020-36759 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'psres_button_size' parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-10-20 | 4.8 | CVE-2023-4271 MISC MISC MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fastwpspeed Fast WP Speed plugin <= 1.0.0 versions. | 2023-10-25 | 6.1 | CVE-2023-45770 MISC |
wordpress -- wordpress | The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-5668 MISC MISC |
wordpress -- wordpress | The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-5200 MISC MISC MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Scroll post excerpt plugin <= 8.0 versions. | 2023-10-25 | 4.8 | CVE-2023-45764 MISC |
wordpress -- wordpress | The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-10-20 | 4.8 | CVE-2023-4648 MISC MISC |
wordpress -- wordpress | The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a comment. | 2023-10-20 | 5.3 | CVE-2023-3869 MISC MISC |
wordpress -- wordpress | The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post. | 2023-10-20 | 5.3 | CVE-2023-3998 MISC MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in HappyBox Newsletter & Bulk Email Sender - Email Newsletter Plugin for WordPress plugin <= 2.0.1 versions. | 2023-10-25 | 5.4 | CVE-2023-45829 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Henryholtgeerts PDF Block plugin <= 1.1.0 versions. | 2023-10-25 | 5.4 | CVE-2023-45646 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.18 versions. | 2023-10-25 | 4.8 | CVE-2023-45754 MISC |
wordpress -- wordpress | The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permission and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 4.6 and fully patched in version 4.7. | 2023-10-20 | 5.4 | CVE-2023-4919 MISC MISC MISC MISC |
wordpress -- wordpress | The WP Mailto Links - Protect Email Addresses plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wpml_mailto' shortcode in versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This was partially patched in version 3.1.3 and fully patched in version 3.1.4. | 2023-10-20 | 5.4 | CVE-2023-5109 MISC MISC |
wordpress -- wordpress | The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2020-36751 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Joovii Sendle Shipping Plugin plugin <= 5.13 versions. | 2023-10-25 | 6.1 | CVE-2023-45761 MISC |
wordpress -- wordpress | The Copy Anything to Clipboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'copy' shortcode in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-5086 MISC MISC MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions. | 2023-10-25 | 6.1 | CVE-2023-45637 MISC |
wordpress -- wordpress | The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-4482 MISC MISC |
wordpress -- wordpress | The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings. | 2023-10-20 | 5.3 | CVE-2022-4943 MISC MISC |
wordpress -- wordpress | The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-10-21 | 6.1 | CVE-2023-4635 MISC MISC |
wordpress -- wordpress | The Winters theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-10-20 | 6.1 | CVE-2023-3962 MISC MISC |
wordpress -- wordpress | The Paid Memberships Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.2. This is due to missing or incorrect nonce validation on the pmpro_page_save() function. This makes it possible for unauthenticated attackers to save pages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2020-36754 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 4.8 | CVE-2022-4954 MISC MISC |
wordpress -- wordpress | The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-5614 MISC MISC MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2023-4923 MISC MISC MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it possible for authenticated attackers, with subscriber access or higher, to delete products. | 2023-10-20 | 4.3 | CVE-2023-4924 MISC MISC MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function. This makes it possible for unauthenticated attackers to delete products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2023-4926 MISC MISC MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function. This makes it possible for unauthenticated attackers to create profiles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2023-4935 MISC MISC MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2023-4937 MISC MISC MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2023-4940 MISC MISC MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. | 2023-10-20 | 4.3 | CVE-2023-4941 MISC MISC MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function. This makes it possible for unauthenticated attackers to manipulate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2023-4942 MISC MISC MISC |
wordpress -- wordpress | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes it possible for authenticated attackers (subscriber or higher) to manipulate products. | 2023-10-20 | 4.3 | CVE-2023-4943 MISC MISC MISC |
wordpress -- wordpress | The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-4961 MISC MISC MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in POSIMYTH Nexter Extension plugin <= 2.0.3 versions. | 2023-10-25 | 6.1 | CVE-2023-45750 MISC |
wordpress -- wordpress | The Customizr theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the czr_fn_post_fields_save() function. This makes it possible for unauthenticated attackers to post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2020-36755 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save metabox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2020-36753 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Modern Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in versions up to, and including, 1.4.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-5618 MISC MISC |
wordpress -- wordpress | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify plugin settings, including retrieving arbitrary order information or creating/updating/deleting products, orders, or other sensitive information not associated with their own account. | 2023-10-20 | 6.3 | CVE-2021-4335 MISC MISC |
wordpress -- wordpress | The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-5615 MISC MISC |
wordpress -- wordpress | The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the export() function which makes makes it possible for unauthenticated attackers to export the plugin's settings. | 2023-10-20 | 5.3 | CVE-2021-4353 MISC MISC |
wordpress -- wordpress | The nsc theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-10-20 | 6.1 | CVE-2023-3965 MISC MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Proofreading plugin <= 1.0.11 versions. | 2023-10-25 | 6.1 | CVE-2023-45772 MISC |
wordpress -- wordpress | The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-5308 MISC MISC MISC |
wordpress -- wordpress | The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation on functionality in the builder.php file. This makes it possible for unauthenticated attackers to change the stripe connect token via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2023-4975 MISC MISC MISC |
wordpress -- wordpress | The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-5071 MISC MISC MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline - Application Form Builder and Manager plugin <= 2.5.2 versions. | 2023-10-25 | 6.1 | CVE-2023-45756 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephanie Leary Next Page plugin <= 1.5.2 versions. | 2023-10-25 | 4.8 | CVE-2023-45768 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Syed Balkhi WP Lightbox 2 plugin <= 3.0.6.5 versions. | 2023-10-25 | 4.8 | CVE-2023-45747 MISC |
wordpress -- wordpress | The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the save_feedzy_post_type_meta() function. This makes it possible for unauthenticated attackers to update post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2020-36758 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 5.4 | CVE-2023-5613 MISC MISC MISC |
wordpress -- wordpress | The Social Media Share Buttons & Social Sharing Icons plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.5 via the sfsi_save_export function. This can allow subscribers to export plugin settings that include social media authentication tokens and secrets as well as app passwords. | 2023-10-20 | 6.5 | CVE-2023-5070 MISC MISC |
wordpress -- wordpress | The Modern Events Calendar lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Google API key and Calendar ID in versions up to, but not including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-10-20 | 4.8 | CVE-2023-4021 MISC MISC |
wordpress -- wordpress | The Your Journey theme for WordPress is vulnerable to Reflected Cross-Site Scripting via prototype pollution in versions up to, and including, 1.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-10-20 | 6.1 | CVE-2023-3933 MISC MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wokamoto Simple Tweet plugin <= 1.4.0.2 versions. | 2023-10-25 | 4.8 | CVE-2023-45767 MISC |
wordpress -- wordpress | The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-20 | 6.5 | CVE-2023-4598 MISC MISC MISC |
wordpress -- wordpress | The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 4.8 | CVE-2023-4968 MISC MISC MISC |
wordpress -- wordpress | The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | 4.3 | CVE-2021-4418 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update EAN numbers for orders. | 2023-10-20 | 4.3 | CVE-2023-4947 MISC MISC |
wordpress -- wordpress | The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete the contents of arbitrary directories on the server, which can be a critical issue in a shared environments. | 2023-10-20 | 6.5 | CVE-2023-4274 MISC MISC MISC |
wordpress -- wordpress | The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-20 | 4.8 | CVE-2023-5120 MISC MISC |
zscaler -- client_connector | An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. This issue affects Client Connector: before 3.9. | 2023-10-23 | 6.5 | CVE-2023-28803 MISC |
zscaler -- client_connector | Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. A local adversary may be able to delete folders in an elevated context. | 2023-10-23 | 5.5 | CVE-2021-26734 MISC |
zscaler -- client_connector | An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 | 2023-10-23 | 5.3 | CVE-2023-28804 MISC |
zscaler -- client_connector | The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. A local adversary without sufficient privileges may be able to shutdown the Zscaler tunnel by exploiting a race condition. | 2023-10-23 | 4.7 | CVE-2021-26737 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abus_group -- tvip | An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges. | 2023-10-26 | not yet calculated | CVE-2018-16739 MISC MISC |
abus_group -- tvip | Hardcoded manufacturer credentials and an OS command injection vulnerability in the /cgi-bin/mft/ directory on ABUS TVIP TVIP20050 LM.1.6.18, TVIP10051 LM.1.6.18, TVIP11050 MG.1.6.03.05, TVIP20550 LM.1.6.18, TVIP10050 LM.1.6.18, TVIP11550 MG.1.6.03, TVIP21050 MG.1.6.03, and TVIP51550 MG.1.6.03 cameras allow remote attackers to execute code as root. | 2023-10-26 | not yet calculated | CVE-2018-17558 MISC MISC |
abus_group -- tvip | Due to incorrect access control, unauthenticated remote attackers can view the /video.mjpg video stream of certain ABUS TVIP cameras. | 2023-10-26 | not yet calculated | CVE-2018-17559 MISC MISC |
abus_group -- tvip | Buffer Overflow vulnerability in certain ABUS TVIP cameras allows attackers to gain control of the program via crafted string sent to sprintf() function. | 2023-10-26 | not yet calculated | CVE-2018-17878 MISC MISC |
abus_group -- tvip | An issue was discovered on certain ABUS TVIP cameras. The CGI scripts allow remote attackers to execute code via system() as root. There are several injection points in various scripts. | 2023-10-26 | not yet calculated | CVE-2018-17879 MISC MISC |
agevolt_slovakia_s.r.o. -- agevolt_portal | An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges. | 2023-10-25 | not yet calculated | CVE-2022-38484 MISC |
agevolt_slovakia_s.r.o. -- agevolt_portal | A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges. | 2023-10-25 | not yet calculated | CVE-2022-38485 MISC |
alexander_maier_gmbh -- eisbaer_scada | EisBaer Scada - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 2023-10-25 | not yet calculated | CVE-2023-42488 MISC |
alexander_maier_gmbh -- eisbaer_scada | EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource | 2023-10-25 | not yet calculated | CVE-2023-42489 MISC |
alexander_maier_gmbh -- eisbaer_scada | EisBaer Scada - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 2023-10-25 | not yet calculated | CVE-2023-42490 MISC |
alexander_maier_gmbh -- eisbaer_scada | EisBaer Scada - CWE-285: Improper Authorization | 2023-10-25 | not yet calculated | CVE-2023-42491 MISC |
alexander_maier_gmbh -- eisbaer_scada | EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key | 2023-10-25 | not yet calculated | CVE-2023-42492 MISC |
alexander_maier_gmbh -- eisbaer_scada | EisBaer Scada - CWE-256: Plaintext Storage of a Password | 2023-10-25 | not yet calculated | CVE-2023-42493 MISC |
alexander_maier_gmbh -- eisbaer_scada | EisBaer Scada - CWE-749: Exposed Dangerous Method or Function | 2023-10-25 | not yet calculated | CVE-2023-42494 MISC |
anglaise.company -- anglaise.company | An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | 2023-10-25 | not yet calculated | CVE-2023-38845 MISC MISC |
apache -- activemq | Apache ActiveMQ is vulnerable to Remote Code Execution. The vulnerability may allow a remote attacker with network access to a broker to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. Users are recommended to upgrade to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3, which fixes this issue. | 2023-10-27 | not yet calculated | CVE-2023-46604 MISC MISC |
apache -- airflow_celery | Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not about accessing the logs. This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3. Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue. | 2023-10-28 | not yet calculated | CVE-2023-46215 MISC MISC MISC |
apache -- http_server | An attacker, opening a HTTP/2 connection with an initial window size of 0 was able to block handling of that connection indefinitely in Apache HTTP Server. This could be used to exhaust worker resources in the server, similar to the well-known "slow loris" attack pattern. This has been fixed in version 2.4.58 so that such connections are terminated properly after the configured connection timeout. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.57. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | 2023-10-23 | not yet calculated | CVE-2023-43622 MISC MISC |
apache -- http_server | When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that. This was found by the reporter during testing of CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During "normal" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out. Users are recommended to upgrade to version 2.4.58, which fixes the issue. | 2023-10-23 | not yet calculated | CVE-2023-45802 MISC MISC MISC |
apple -- ios/ipados | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2. A user's password may be read aloud by VoiceOver. | 2023-10-25 | not yet calculated | CVE-2023-32359 MISC MISC |
apple -- ios/ipados | The issue was addressed with improved UI handling. This issue is fixed in iOS 17.1 and iPadOS 17.1. A device may persistently fail to lock. | 2023-10-25 | not yet calculated | CVE-2023-40445 MISC MISC MISC |
apple -- macos | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.6.1. An attacker may be able to access passkeys without authentication. | 2023-10-25 | not yet calculated | CVE-2023-40401 MISC MISC MISC |
apple -- macos | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges. | 2023-10-25 | not yet calculated | CVE-2023-40404 MISC MISC MISC |
apple -- macos | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1. An app may be able to read sensitive location information. | 2023-10-25 | not yet calculated | CVE-2023-40405 MISC MISC MISC |
apple -- macos | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to access sensitive user data. | 2023-10-25 | not yet calculated | CVE-2023-40421 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- macos | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.7.1. An app with root privileges may be able to access private information. | 2023-10-25 | not yet calculated | CVE-2023-40425 MISC MISC MISC |
apple -- macos | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.1. An app may be able to access user-sensitive data. | 2023-10-25 | not yet calculated | CVE-2023-40444 MISC MISC MISC |
apple -- macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.1. An app may be able to access protected user data. | 2023-10-25 | not yet calculated | CVE-2023-41077 MISC MISC MISC |
apple -- macos | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access the microphone without the microphone use indicator being shown. | 2023-10-25 | not yet calculated | CVE-2023-41975 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- macos | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14.1, iOS 16.7.2 and iPadOS 16.7.2. Visiting a malicious website may reveal browsing history. | 2023-10-25 | not yet calculated | CVE-2023-41977 MISC MISC MISC MISC MISC MISC |
apple -- macos | The issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1. An attacker may be able to execute arbitrary code as root from the Lock Screen. | 2023-10-25 | not yet calculated | CVE-2023-41989 MISC MISC MISC |
apple -- macos | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. Visiting a malicious website may lead to user interface spoofing. | 2023-10-25 | not yet calculated | CVE-2023-42438 MISC MISC MISC |
apple -- macos | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data. | 2023-10-25 | not yet calculated | CVE-2023-42842 MISC MISC MISC |
apple -- macos | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14.1. An app may be able to access sensitive user data. | 2023-10-25 | not yet calculated | CVE-2023-42850 MISC MISC MISC |
apple -- macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1. An attacker with knowledge of a standard user's credentials can unlock another standard user's locked screen on the same Mac. | 2023-10-25 | not yet calculated | CVE-2023-42861 MISC MISC MISC |
apple -- multiple_products | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Hide My Email may be deactivated unexpectedly. | 2023-10-25 | not yet calculated | CVE-2023-40408 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved handling of caches. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to read sensitive location information. | 2023-10-25 | not yet calculated | CVE-2023-40413 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. Processing an image may result in disclosure of process memory. | 2023-10-25 | not yet calculated | CVE-2023-40416 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to execute arbitrary code with kernel privileges. | 2023-10-25 | not yet calculated | CVE-2023-40423 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. | 2023-10-25 | not yet calculated | CVE-2023-40447 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to cause a denial-of-service. | 2023-10-25 | not yet calculated | CVE-2023-40449 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | 2023-10-25 | not yet calculated | CVE-2023-41072 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An app may be able to access sensitive user data. | 2023-10-25 | not yet calculated | CVE-2023-41254 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. | 2023-10-25 | not yet calculated | CVE-2023-41976 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data. | 2023-10-25 | not yet calculated | CVE-2023-41982 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service. | 2023-10-25 | not yet calculated | CVE-2023-41983 MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data. | 2023-10-25 | not yet calculated | CVE-2023-41988 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed by restricting options offered on a locked device. This issue is fixed in macOS Sonoma 14.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to use Siri to access sensitive user data. | 2023-10-25 | not yet calculated | CVE-2023-41997 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1. An app may be able to execute arbitrary code with kernel privileges. | 2023-10-25 | not yet calculated | CVE-2023-42841 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. A website may be able to access sensitive user data when resolving symlinks. | 2023-10-25 | not yet calculated | CVE-2023-42844 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication. | 2023-10-25 | not yet calculated | CVE-2023-42845 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed by removing the vulnerable code. This issue is fixed in watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, tvOS 17.1, iOS 17.1 and iPadOS 17.1. A device may be passively tracked by its Wi-Fi MAC address. | 2023-10-25 | not yet calculated | CVE-2023-42846 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An attacker may be able to access passkeys without authentication. | 2023-10-25 | not yet calculated | CVE-2023-42847 MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 17.1 and iPadOS 17.1, macOS Monterey 12.7.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Ventura 13.6.1, macOS Sonoma 14.1. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | 2023-10-25 | not yet calculated | CVE-2023-42849 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution. | 2023-10-25 | not yet calculated | CVE-2023-42852 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. An app may be able to cause a denial-of-service to Endpoint Security clients. | 2023-10-25 | not yet calculated | CVE-2023-42854 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Processing a file may lead to unexpected app termination or arbitrary code execution. | 2023-10-25 | not yet calculated | CVE-2023-42856 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
apple -- multiple_products | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. An app may be able to access sensitive user data. | 2023-10-25 | not yet calculated | CVE-2023-42857 MISC MISC MISC MISC MISC MISC |
ashlar-vellum -- graphite | In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-10-26 | not yet calculated | CVE-2023-39936 MISC |
ashlar-vellum -- multiple_products | In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | 2023-10-26 | not yet calculated | CVE-2023-39427 MISC |
audimex -- audimex | Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters. | 2023-10-25 | not yet calculated | CVE-2023-46396 MISC |
basercms -- basercms | baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. There is a XSS Vulnerability in Favorites Feature to baserCMS. This issue has been patched in version 4.8.0. | 2023-10-27 | not yet calculated | CVE-2023-29009 MISC MISC MISC |
bosch_rexroth_ag -- ctrlx_hmi_web_pane | The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI device | 2023-10-25 | not yet calculated | CVE-2023-45851 MISC |
bosch_rexroth_ag -- ctrlx_hmi_web_panel | The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. Due to the lack of encryption of HTTP,this issue allows an attacker placed in the same subnet network of the HMI device to intercept username and password necessary to authenticate to the MQTT server responsible to implement the remote management protocol. | 2023-10-25 | not yet calculated | CVE-2023-45321 MISC |
bosch_rexroth_ag -- ctrlx_hmi_web_panel | The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. The protocol builds on top of MQTT to implement the remote management of the device is encrypted with a hard-coded DES symmetric key, that can be retrieved reversing both the Android Client application and the server-side web application. This issue allows an attacker able to control a malicious MQTT broker on the same subnet network of the device, to craft malicious messages and send them to the HMI device, executing arbitrary commands on the device itself. | 2023-10-25 | not yet calculated | CVE-2023-46102 MISC |
browserify -- browserify | browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2. | 2023-10-26 | not yet calculated | CVE-2023-46234 MISC MISC MISC |
cacti -- cacti | SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. | 2023-10-27 | not yet calculated | CVE-2023-46490 MISC MISC |
carrental -- carrental | carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end System). | 2023-10-23 | not yet calculated | CVE-2023-33517 MISC |
cassia_networks -- access_controller | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console. | 2023-10-27 | not yet calculated | CVE-2023-35794 MISC MISC |
catdoc -- catdoc | Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c. | 2023-10-26 | not yet calculated | CVE-2023-46345 MISC |
christina_japan_line -- christina_japan_line | An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | 2023-10-25 | not yet calculated | CVE-2023-38847 MISC MISC |
cisco -- cisco_ios_xe_software | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges. | 2023-10-25 | not yet calculated | CVE-2023-20273 MISC |
cloud_software_group -- netscaler_adc/gateway | Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server | 2023-10-27 | not yet calculated | CVE-2023-4967 MISC |
cmsmadesimple -- cmsmadesimple | An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. | 2023-10-26 | not yet calculated | CVE-2023-43352 MISC MISC |
cmsmadesimple -- cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component. | 2023-10-23 | not yet calculated | CVE-2023-43358 MISC MISC |
cmsmadesimple -- cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. | 2023-10-25 | not yet calculated | CVE-2023-43360 MISC MISC |
code-projects -- admission_management_system | A vulnerability was found in code-projects Admission Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file student_avatar.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243728. | 2023-10-27 | not yet calculated | CVE-2023-5829 MISC MISC MISC |
codeastro -- pos_system | A vulnerability was found in CodeAstro POS System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profil of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243601 was assigned to this vulnerability. | 2023-10-26 | not yet calculated | CVE-2023-5795 MISC MISC MISC |
codeastro -- pos_system | A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-243602 is the identifier assigned to this vulnerability. | 2023-10-26 | not yet calculated | CVE-2023-5796 MISC MISC MISC |
coderedcorp -- wagtail_crx | views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.22.3 allows upward protected/..%2f..%2f path traversal when serving protected media. | 2023-10-22 | not yet calculated | CVE-2021-46897 MISC MISC MISC |
columbiasoft -- document_locator | A vulnerability classified as critical has been found in ColumbiaSoft Document Locator. This affects an unknown part of the file /api/authentication/login of the component WebTools. The manipulation of the argument Server leads to improper authentication. It is possible to initiate the attack remotely. Upgrading to version 7.2 SP4 and 2021.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243729 was assigned to this vulnerability. | 2023-10-27 | not yet calculated | CVE-2023-5830 MISC MISC |
concrete_cms -- concrete_cms | Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics. | 2023-10-23 | not yet calculated | CVE-2023-44760 MISC |
contec_co._ltd. -- solarview_compact | An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | 2023-10-27 | not yet calculated | CVE-2023-46509 MISC |
crypto-es -- crypto-es | CryptoES is a cryptography algorithms library compatible with ES6 and TypeScript. Prior to version 2.1.0, CryptoES PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 2.1.0 contains a patch for this issue. As a workaround, configure CryptoES to use SHA256 with at least 250,000 iterations. | 2023-10-25 | not yet calculated | CVE-2023-46133 MISC MISC |
crypto-js -- crypto-js | crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic hash algorithm considered insecure since at least 2005, and defaults to one single iteration, a 'strength' or 'difficulty' value specified at 1,000 when specified in 1993. PBKDF2 relies on iteration count as a countermeasure to preimage and collision attacks. If used to protect passwords, the impact is high. If used to generate signatures, the impact is high. Version 4.2.0 contains a patch for this issue. As a workaround, configure crypto-js to use SHA256 with at least 250,000 iterations. | 2023-10-25 | not yet calculated | CVE-2023-46233 MISC MISC |
d-link -- dar-7000 | SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php component. | 2023-10-26 | not yet calculated | CVE-2023-42406 MISC MISC |
deciso_b.v. -- opnsense | DECISO OPNsense 23.1 does not impose rate limits for authentication, allowing attackers to perform a brute-force attack to bypass authentication. | 2023-10-23 | not yet calculated | CVE-2023-27152 MISC |
django_grappelli -- django_grappelli | views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prevent external redirection with startswith("/") but this does not consider a protocol-relative URL (e.g., //example.com) attack. | 2023-10-22 | not yet calculated | CVE-2021-46898 MISC MISC MISC MISC |
dragon_path -- 707gr1 | A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Affected is an unknown function of the component Ping Diagnostics. The manipulation of the argument Host Address with the input >><img/src/onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243594 is the identifier assigned to this vulnerability. | 2023-10-26 | not yet calculated | CVE-2023-5789 MISC MISC MISC |
dromara_sureness -- dromara_sureness | Dromara Sureness before v1.0.8 was discovered to use a hardcoded key. | 2023-10-25 | not yet calculated | CVE-2023-31581 MISC MISC |
egroupware -- egroupware | An issue was discovered in eGroupWare 17.1.20190111. An Improper Password Storage vulnerability affects the setup panel of under setup/manageheader.php, which allows authenticated remote attackers with administrator credentials to read a cleartext database password. | 2023-10-26 | not yet calculated | CVE-2023-38328 MISC |
elastic -- beats | It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected. | 2023-10-26 | not yet calculated | CVE-2023-31421 MISC MISC |
elastic -- elastic_cloud_on_kubernetes | Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment. | 2023-10-26 | not yet calculated | CVE-2023-31416 MISC MISC |
elastic -- elastic_sharepoint_online_python_connector | An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a SharePoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch. | 2023-10-26 | not yet calculated | CVE-2023-46666 MISC MISC |
elastic -- elasticsearch | Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords and tokens might be printed in cleartext in Elasticsearch audit logs. Note that audit logging is disabled by default and needs to be explicitly enabled and even when audit logging is enabled, request bodies that could contain sensitive information are not printed to the audit log unless explicitly configured. | 2023-10-26 | not yet calculated | CVE-2023-31417 MISC MISC |
elastic -- elasticsearch | An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild. | 2023-10-26 | not yet calculated | CVE-2023-31418 MISC MISC |
elastic -- elasticsearch | A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. | 2023-10-26 | not yet calculated | CVE-2023-31419 MISC MISC |
elastic -- endpoint | If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in plaintext. These API keys could be used to write arbitrary data and read Elastic Endpoint user artifacts. | 2023-10-26 | not yet calculated | CVE-2023-46668 MISC MISC |
elastic -- fleet_server | An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server's log file in plain text. These enrolment tokens could allow someone to enroll an agent into an agent policy, and potentially use that to retrieve other secrets in the policy including for Elasticsearch and third-party services. Alternatively a threat actor could potentially enrol agents to the clusters and send arbitrary events to Elasticsearch. | 2023-10-26 | not yet calculated | CVE-2023-46667 MISC MISC |
elastic -- kibana | An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users. | 2023-10-26 | not yet calculated | CVE-2023-31422 MISC MISC |
exfatprogs -- exfatprogs | exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. | 2023-10-28 | not yet calculated | CVE-2023-45897 MISC MISC MISC MISC |
fancms -- fancms | Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file. | 2023-10-27 | not yet calculated | CVE-2023-46505 MISC |
ffmpeg -- ffmpeg | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. | 2023-10-27 | not yet calculated | CVE-2023-46407 MISC MISC MISC |
fides -- fides | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. The Fides web application allows a custom integration to be uploaded as a ZIP file containing configuration and dataset definitions in YAML format. It was discovered that specially crafted YAML dataset and config files allow a malicious user to perform arbitrary requests to internal systems and exfiltrate data outside the environment (also known as a Server-Side Request Forgery). The application does not perform proper validation to block attempts to connect to internal (including localhost) resources. The vulnerability has been patched in Fides version `2.22.1`. | 2023-10-25 | not yet calculated | CVE-2023-46124 MISC MISC MISC |
fides -- fides | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the `GET api/v1/config` endpoint. The configuration data is filtered to suppress most sensitive configuration information before it is returned to the user, but even the filtered data contains information about the internals and the backend infrastructure, such as various settings, servers' addresses and ports and database username. This information is useful for administrative users as well as attackers, thus it should not be revealed to low-privileged users. This vulnerability allows Admin UI users with roles lower than the owner role e.g. the viewer role to retrieve the config information using the API. The vulnerability has been patched in Fides version `2.22.1`. | 2023-10-25 | not yet calculated | CVE-2023-46125 MISC MISC MISC |
fides -- fides | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, helping enforce privacy regulations in code. The Fides web application allows users to edit consent and privacy notices such as cookie banners. The vulnerability makes it possible to craft a payload in the privacy policy URL which triggers JavaScript execution when the privacy notice is served by an integrated website. The domain scope of the executed JavaScript is that of the integrated website. Exploitation is limited to Admin UI users with the contributor role or higher. The vulnerability has been patched in Fides version `2.22.1`. | 2023-10-25 | not yet calculated | CVE-2023-46126 MISC MISC MISC |
flusity_cms -- flusity_cms | A vulnerability was found in flusity CMS and classified as problematic. This issue affects the function loadCustomBlocCreateForm of the file /core/tools/customblock.php of the component Dashboard. The manipulation of the argument customblock_place leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 81252bc764e1de2422e79e36194bba1289e7a0a5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243599. | 2023-10-26 | not yet calculated | CVE-2023-5793 MISC MISC MISC MISC |
flusity_cms -- flusity_cms | A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability. | 2023-10-27 | not yet calculated | CVE-2023-5810 MISC MISC MISC MISC |
flusity_cms -- flusity_cms | A vulnerability, which was classified as problematic, was found in flusity CMS. Affected is the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument menu_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. VDB-243642 is the identifier assigned to this vulnerability. | 2023-10-27 | not yet calculated | CVE-2023-5811 MISC MISC MISC MISC |
flusity_cms -- flusity_cms | A vulnerability has been found in flusity CMS and classified as critical. Affected by this vulnerability is the function handleFileUpload of the file core/tools/upload.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-243643. | 2023-10-27 | not yet calculated | CVE-2023-5812 MISC MISC MISC |
fotoscms2 -- fotoscms2 | A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability. | 2023-10-28 | not yet calculated | CVE-2023-5837 MISC MISC MISC |
frappe -- frappe | Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0. | 2023-10-23 | not yet calculated | CVE-2023-46127 MISC MISC MISC |
free5gc -- free5gc | pkg/suci/suci.go in free5GC udm before 1.2.0, when Go before 1.19 is used, allows an Invalid Curve Attack because it may compute a shared secret via an uncompressed public key that has not been validated. An attacker can send arbitrary SUCIs to the UDM, which tries to decrypt them via both its private key and the attacker's public key. | 2023-10-23 | not yet calculated | CVE-2023-46324 MISC MISC |
frrouting_frr -- frrouting_frr | An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. | 2023-10-26 | not yet calculated | CVE-2023-46752 MISC |
frrouting_frr -- frrouting_frr | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. | 2023-10-26 | not yet calculated | CVE-2023-46753 MISC |
fukunaga_memberscard_line -- fukunaga_memberscard_line | The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 2023-10-25 | not yet calculated | CVE-2023-39736 MISC MISC |
geeklog -- geeklog | Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component. | 2023-10-24 | not yet calculated | CVE-2023-46058 MISC |
geeklog -- geeklog | Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component. | 2023-10-24 | not yet calculated | CVE-2023-46059 MISC |
geoserver -- geoserver | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=<url>`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2. | 2023-10-25 | not yet calculated | CVE-2023-41339 MISC MISC MISC |
geoserver -- geoserver | GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2. | 2023-10-25 | not yet calculated | CVE-2023-43795 MISC |
geoserver -- geowebcache | A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. It has been declared as problematic. This vulnerability affects unknown code of the file /geoserver/gwc/rest.html. The manipulation leads to direct request. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243592. | 2023-10-26 | not yet calculated | CVE-2023-5786 MISC MISC MISC |
github -- enterprise_server | Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3. | 2023-10-25 | not yet calculated | CVE-2023-23767 MISC MISC MISC MISC |
google -- android | In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40116 MISC MISC |
google -- android | In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40117 MISC MISC MISC |
google -- android | In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40120 MISC MISC |
google -- android | In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40121 MISC MISC |
google -- android | In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40123 MISC MISC |
google -- android | In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40125 MISC MISC |
google -- android | In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40127 MISC MISC |
google -- android | In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40128 MISC MISC |
google -- android | In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40129 MISC MISC |
google -- android | In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40130 MISC MISC |
google -- android | In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40131 MISC MISC |
google -- android | In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40133 MISC MISC |
google -- android | In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40134 MISC MISC |
google -- android | In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40135 MISC MISC |
google -- android | In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40136 MISC MISC |
google -- android | In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40137 MISC MISC |
google -- android | In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40138 MISC MISC |
google -- android | In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40139 MISC MISC |
google -- android | In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | not yet calculated | CVE-2023-40140 MISC MISC |
google -- chrome | Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-10-25 | not yet calculated | CVE-2023-5472 MISC MISC MISC MISC |
gougucms -- gougucms | gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet. | 2023-10-27 | not yet calculated | CVE-2023-46393 MISC |
gougucms -- gougucms | A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter. | 2023-10-27 | not yet calculated | CVE-2023-46394 MISC |
grafana -- grafana | Grafana is an open-source platform for monitoring and observability. The WorldMap panel plugin, versions before 1.0.4 contains a DOM XSS vulnerability. | 2023-10-25 | not yet calculated | CVE-2023-3010 MISC |
hashicorp -- vagrant | HashiCorp Vagrant's Windows installer targeted a custom location with a non-protected path that could be junctioned, introducing potential for unauthorized file system writes. Fixed in Vagrant 2.4.0. | 2023-10-27 | not yet calculated | CVE-2023-5834 MISC |
hcl_software -- hcl_commerce | HCL Commerce Remote Store server could allow a remote attacker, using a specially-crafted URL, to read arbitrary files on the system. | 2023-10-23 | not yet calculated | CVE-2023-37532 MISC |
hewlett_packard_enterprise -- aruba_clearpass_policy_manager | A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. | 2023-10-25 | not yet calculated | CVE-2023-43506 MISC |
hewlett_packard_enterprise -- aruba_clearpass_policy_manager | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | 2023-10-25 | not yet calculated | CVE-2023-43507 MISC |
hewlett_packard_enterprise -- aruba_clearpass_policy_manager | Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform. | 2023-10-25 | not yet calculated | CVE-2023-43508 MISC |
hewlett_packard_enterprise -- aruba_clearpass_policy_manager | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software. | 2023-10-25 | not yet calculated | CVE-2023-43509 MISC |
hewlett_packard_enterprise -- aruba_clearpass_policy_manager | A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise. | 2023-10-25 | not yet calculated | CVE-2023-43510 MISC |
hewlett_packard_enterprise -- hpe_oneview | A remote code execution issue exists in HPE OneView. | 2023-10-25 | not yet calculated | CVE-2023-30912 MISC |
hp_inc. -- hp_print_and_scan_doctor_for_windows | HP Print and Scan Doctor for Windows may potentially be vulnerable to escalation of privilege. HP is releasing software updates to mitigate the potential vulnerability. | 2023-10-25 | not yet calculated | CVE-2023-5671 MISC |
hu60wap6 -- hu60wap6 | A vulnerability classified as problematic was found in hu60t hu60wap6. Affected by this vulnerability is the function markdown of the file src/class/ubbparser.php. The manipulation leads to cross site scripting. The attack can be launched remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named a1cd9f12d7687243bfcb7ce295665acb83b9174e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-243775. | 2023-10-28 | not yet calculated | CVE-2023-5835 MISC MISC MISC |
ibm -- txseries_for_multiplatforms | IBM TXSeries for Multiplatforms, 8.1, 8.2, and 9.1, CICS TX Standard CICS TX Advanced 10.1 and 11.1 could allow a privileged user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 266016. | 2023-10-25 | not yet calculated | CVE-2023-42031 MISC MISC MISC |
ibm -- websphere_application_server_liberty | IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. IBM X-Force ID: 268775. | 2023-10-25 | not yet calculated | CVE-2023-46158 MISC MISC |
icecms -- icecms | IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | 2023-10-27 | not yet calculated | CVE-2023-42188 MISC MISC |
idattend_pty_ltd -- idweb | Reflected cross-site scripting in the StudentSearch component in IDAttend's IDWeb application 3.1.052 and earlier allows hijacking of a user's browsing session by attackers who have convinced the said user to click on a malicious link. | 2023-10-25 | not yet calculated | CVE-2023-1356 MISC |
ilias -- ilias | ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. An attacker with a privileged account, typically holding the tutor role, can exploit this to gain unauthorized access to and potentially retrieve confidential files stored on the web server. The attacker can access files that are readable by the web server user www-data; this may include sensitive configuration files and documents located outside the documentRoot. The vulnerability is exploited by an attacker who manipulates the file parameter in a URL, inserting directory traversal sequences in order to access unauthorized files. This manipulation allows the attacker to retrieve sensitive files, such as /etc/passwd, potentially compromising the system's security. This issue poses a significant risk to confidentiality and is remotely exploitable over the internet. | 2023-10-26 | not yet calculated | CVE-2023-45867 MISC MISC |
ilias -- ilias | The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. By exploiting this network-based vulnerability, the attacker can move specified directories, normally outside the documentRoot, to a publicly accessible location via the PHP function rename(). This results in a total loss of confidentiality, exposing sensitive resources, and potentially denying access to the affected component and the operating system's components. To exploit this, an attacker must manipulate a POST request during the creation of an exercise unit, by modifying the old_name and new_name parameters via directory traversal. However, it's essential to note that, when exploiting this vulnerability, the specified directory will be relocated from its original location, rendering all files obtained from there unavailable. | 2023-10-26 | not yet calculated | CVE-2023-45868 MISC MISC |
ilias -- ilias | ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. The injected commands are executed via the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) This allows attackers to inject malicious commands into the system, potentially compromising the integrity, confidentiality, and availability of the ILIAS installation and the underlying operating system. | 2023-10-26 | not yet calculated | CVE-2023-45869 MISC MISC |
ispconfig -- ispconfig | An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. | 2023-10-27 | not yet calculated | CVE-2023-46818 MISC |
iterm2 -- iterm2 | iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration. | 2023-10-22 | not yet calculated | CVE-2023-46300 MISC MISC MISC MISC |
iterm2 -- iterm2 | iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload. | 2023-10-22 | not yet calculated | CVE-2023-46301 MISC MISC MISC MISC |
iterm2 -- iterm2 | iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line. | 2023-10-23 | not yet calculated | CVE-2023-46321 MISC MISC |
iterm2 -- iterm2 | iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period. | 2023-10-23 | not yet calculated | CVE-2023-46322 MISC MISC |
itop -- itop | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, when displaying `pages/preferences.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | 2023-10-25 | not yet calculated | CVE-2023-34446 MISC MISC |
itop -- itop | iTop is an open source, web-based IT service management platform. Prior to versions 3.0.4 and 3.1.0, on `pages/UI.php`, cross site scripting is possible. This issue is fixed in versions 3.0.4 and 3.1.0. | 2023-10-25 | not yet calculated | CVE-2023-34447 MISC MISC MISC |
ivanti -- secure_access_client | A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. When a particular process flow is initiated, an attacker can exploit this condition to gain unauthorized elevated privileges on the affected system. | 2023-10-25 | not yet calculated | CVE-2023-38041 MISC |
jenkins -- jenkins | Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2023-10-25 | not yet calculated | CVE-2023-46650 MISC MISC |
jenkins -- jenkins | Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1. | 2023-10-25 | not yet calculated | CVE-2023-46651 MISC MISC |
jenkins -- jenkins | A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins. | 2023-10-25 | not yet calculated | CVE-2023-46652 MISC MISC |
jenkins -- jenkins | Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. | 2023-10-25 | not yet calculated | CVE-2023-46653 MISC MISC |
jenkins -- jenkins | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system. | 2023-10-25 | not yet calculated | CVE-2023-46654 MISC MISC |
jenkins -- jenkins | Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server. | 2023-10-25 | not yet calculated | CVE-2023-46655 MISC MISC |
jenkins -- jenkins | Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 2023-10-25 | not yet calculated | CVE-2023-46656 MISC MISC |
jenkins -- jenkins | Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 2023-10-25 | not yet calculated | CVE-2023-46657 MISC MISC |
jenkins -- jenkins | Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 2023-10-25 | not yet calculated | CVE-2023-46658 MISC MISC |
jenkins -- jenkins | Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2023-10-25 | not yet calculated | CVE-2023-46659 MISC MISC |
jenkins -- jenkins | Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 2023-10-25 | not yet calculated | CVE-2023-46660 MISC MISC |
jose4j -- jose4j | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. | 2023-10-25 | not yet calculated | CVE-2023-31582 MISC MISC |
jumpserver -- jumpserver | jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. A flaw in the Core API allows attackers to bypass password brute-force protections by spoofing arbitrary IP addresses. By exploiting this vulnerability, attackers can effectively make unlimited password attempts by altering their apparent IP address for each request. This vulnerability has been patched in version 3.8.0. | 2023-10-25 | not yet calculated | CVE-2023-46123 MISC MISC |
juzawebcms -- juzawebcms | Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page. | 2023-10-28 | not yet calculated | CVE-2023-46467 MISC |
juzawebcms -- juzawebcms | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 2023-10-28 | not yet calculated | CVE-2023-46468 MISC |
knot_resolver -- knot_resolver | Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. | 2023-10-22 | not yet calculated | CVE-2023-46317 MISC MISC |
kodbox -- kodbox | kodbox 1.44 is vulnerable to Cross Site Scripting (XSS). Customizing global HTML results in storing XSS. | 2023-10-23 | not yet calculated | CVE-2023-45998 MISC |
kubernetes -- ingress-nginx | Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. | 2023-10-25 | not yet calculated | CVE-2022-4886 MISC MISC MISC |
kubernetes -- ingress-nginx | Ingress nginx annotation injection causes arbitrary command execution. | 2023-10-25 | not yet calculated | CVE-2023-5043 MISC MISC MISC |
kubernetes -- ingress-nginx | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. | 2023-10-25 | not yet calculated | CVE-2023-5044 MISC MISC MISC |
lenovo -- app_store | An information disclosure vulnerability has been identified in the Lenovo App Store which may allow some applications to gain unauthorized access to sensitive user data used by other unrelated applications. | 2023-10-27 | not yet calculated | CVE-2022-3611 MISC |
lenovo -- elliptic_labs_virtual_lock_sensor | A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges. | 2023-10-25 | not yet calculated | CVE-2023-3112 MISC |
lenovo -- hardwarescanplugin | A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | 2023-10-25 | not yet calculated | CVE-2022-0353 MISC MISC |
lenovo -- hardwarescanplugin | A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | 2023-10-25 | not yet calculated | CVE-2022-3698 MISC MISC |
lenovo -- hardwarescanplugin | A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges. | 2023-10-25 | not yet calculated | CVE-2022-3699 MISC MISC |
lenovo -- hardwarescanplugin | A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions. | 2023-10-27 | not yet calculated | CVE-2022-3702 MISC |
lenovo -- printer_gm265dn | A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly. | 2023-10-27 | not yet calculated | CVE-2022-3429 MISC |
lenovo -- printer_gm265dn | A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow. | 2023-10-27 | not yet calculated | CVE-2022-34886 MISC |
lenovo -- printer_gm265dn | Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. | 2023-10-27 | not yet calculated | CVE-2022-34887 MISC |
lenovo -- thinksystem | An authenticated XCC user with Read-Only permission can change a different user's password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | 2023-10-25 | not yet calculated | CVE-2023-4606 MISC |
lenovo -- thinksystem | An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers are not affected. | 2023-10-25 | not yet calculated | CVE-2023-4608 MISC |
lenovo -- vantage_systemupdate_plugin | A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files. | 2023-10-27 | not yet calculated | CVE-2022-3700 MISC |
lenovo -- vantage_systemupdate_plugin | A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges. | 2023-10-27 | not yet calculated | CVE-2022-3701 MISC |
light-oauth2 -- light-oauth2 | light-oauth2 before version 2.1.27 obtains the public key without any verification. This could allow attackers to authenticate to the application with a crafted JWT token. | 2023-10-25 | not yet calculated | CVE-2023-31580 MISC MISC |
linux -- kernel | The reference count changes made as part of the CVE-2023-33951 and CVE-2023-33952 fixes exposed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface. When running inside a VMware guest with 3D acceleration enabled, a local, unprivileged user could potentially use this flaw to escalate their privileges. | 2023-10-23 | not yet calculated | CVE-2023-5633 MISC MISC |
linux -- kernel | An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. | 2023-10-27 | not yet calculated | CVE-2023-46813 MISC MISC MISC MISC MISC |
linux -- kernel | A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer. We recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06. | 2023-10-25 | not yet calculated | CVE-2023-5717 MISC MISC |
man-group -- dtale | D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in version 3.7.0 by turning off "Custom Filter" input by default. The only workaround for versions earlier than 3.7.0 is to only host D-Tale to trusted users. | 2023-10-25 | not yet calculated | CVE-2023-46134 MISC MISC |
marbre_lapin_line -- marbre_lapin_line | An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | 2023-10-25 | not yet calculated | CVE-2023-38846 MISC MISC |
matsuya_line -- matsuya_line | The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 2023-10-25 | not yet calculated | CVE-2023-39737 MISC MISC |
matter-labs -- era-compiler-vyper | era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to era-compiler-vype version 1.3.10, a bug prevented the initialization of the first immutable variable for Vyper contracts meeting certain criteria. The problem arises when there is a String or Array with more 256-bit words allocated than initialized. It results in the second word's index unset, that is effectively set to 0, so the first immutable value with the actual 0 index is overwritten in the ImmutableSimulator. Version 1.3.10 fixes this issue by setting all indexes in advance. The problem will go away, but it will get more expensive if the user allocates a lot of uninitialized space, e.g. `String[4096]`. Upgrading and redeploying affected contracts is the only way of working around the issue. | 2023-10-25 | not yet calculated | CVE-2023-46232 MISC MISC MISC |
memcached -- memcached | In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. | 2023-10-27 | not yet calculated | CVE-2023-46852 MISC MISC |
memcached -- memcached | In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. | 2023-10-27 | not yet calculated | CVE-2023-46853 MISC MISC |
mercury_a15 -- mercury_a15 | Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB. | 2023-10-25 | not yet calculated | CVE-2023-46518 MISC MISC MISC |
mintty -- mintty | An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal. | 2023-10-26 | not yet calculated | CVE-2023-39726 MISC |
motorola -- mr2600_router | A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network. | 2023-10-27 | not yet calculated | CVE-2022-3681 MISC |
mozilla -- firefox | Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox < 119. | 2023-10-25 | not yet calculated | CVE-2023-5722 MISC MISC |
mozilla -- firefox | An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox < 119. | 2023-10-25 | not yet calculated | CVE-2023-5723 MISC MISC |
mozilla -- firefox | A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack. This vulnerability affects Firefox < 119. | 2023-10-25 | not yet calculated | CVE-2023-5729 MISC MISC |
mozilla -- firefox | Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119. | 2023-10-25 | not yet calculated | CVE-2023-5731 MISC MISC |
mozilla -- firefox_for_ios | When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS < 119. | 2023-10-25 | not yet calculated | CVE-2023-5758 MISC MISC |
mozilla -- multiple_products | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | 2023-10-25 | not yet calculated | CVE-2023-5721 MISC MISC MISC MISC MISC MISC MISC MISC |
mozilla -- multiple_products | Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | 2023-10-25 | not yet calculated | CVE-2023-5724 MISC MISC MISC MISC MISC MISC MISC MISC |
mozilla -- multiple_products | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | 2023-10-25 | not yet calculated | CVE-2023-5725 MISC MISC MISC MISC MISC MISC MISC MISC |
mozilla -- multiple_products | A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | 2023-10-25 | not yet calculated | CVE-2023-5726 MISC MISC MISC MISC |
mozilla -- multiple_products | The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | 2023-10-25 | not yet calculated | CVE-2023-5727 MISC MISC MISC MISC |
mozilla -- multiple_products | During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | 2023-10-25 | not yet calculated | CVE-2023-5728 MISC MISC MISC MISC MISC MISC MISC MISC |
mozilla -- multiple_products | Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | 2023-10-25 | not yet calculated | CVE-2023-5730 MISC MISC MISC MISC MISC MISC MISC MISC |
mozilla -- multiple_products | An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. | 2023-10-25 | not yet calculated | CVE-2023-5732 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
nanning_ontall_software_co._ltd. -- longxing_industrial_development_zone_project_construction_and_installation_management_system | A vulnerability was found in Nanning Ontall Longxing Industrial Development Zone Project Construction and Installation Management System up to 20231026. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.aspx. The manipulation of the argument tbxUserName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243727. | 2023-10-27 | not yet calculated | CVE-2023-5828 MISC MISC MISC |
nautobot -- nautobot | Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. In Nautobot 2.0.x, certain REST API endpoints, in combination with the `?depth=<N>` query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. This vulnerability has been patched in version 2.0.3. | 2023-10-25 | not yet calculated | CVE-2023-46128 MISC MISC MISC |
netentsec -- ns-asg_application_security_gateway | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/uploadfirewall.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243590 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-26 | not yet calculated | CVE-2023-5784 MISC MISC MISC |
netentsec -- ns-asg_application_security_gateway | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/firewall/addaddress_interpret.php. The manipulation of the argument messagecontent leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243591. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-26 | not yet calculated | CVE-2023-5785 MISC MISC MISC |
netentsec -- ns-asg_application_security_gateway | A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_onlineuser.php. The manipulation of the argument SessionId leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243716. NOTE: We tried to contact the vendor early about the disclosure, but the official mail address was not working properly. | 2023-10-27 | not yet calculated | CVE-2023-5826 MISC MISC MISC |
netmodule -- router_software | The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters in the /admin/gnssAutoAlign.php device_id parameter. This occurs because another thread can be started before the trap that triggers the cleanup function. A successful exploit could allow an authenticated user to execute arbitrary commands with elevated privileges. NOTE: this is different from CVE-2023-0861 and CVE-2023-0862, which were fixed in version 4.6.0.105. | 2023-10-22 | not yet calculated | CVE-2023-46306 MISC MISC MISC |
nextgen_healthcare -- mirth_connect | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. | 2023-10-26 | not yet calculated | CVE-2023-43208 MISC |
npmjs -- npmjs_node_email_check | ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component. | 2023-10-25 | not yet calculated | CVE-2023-39619 MISC MISC MISC |
obl.ong -- obl.ong | The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values. | 2023-10-26 | not yet calculated | CVE-2023-46754 MISC |
ocomon -- ocomon | An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. | 2023-10-26 | not yet calculated | CVE-2023-33558 MISC MISC |
ocomon -- ocomon | A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. | 2023-10-26 | not yet calculated | CVE-2023-33559 MISC MISC |
omron_corporation -- cx-designer | CX-Designer Ver.3.740 and earlier (included in CX-One CXONE-AL[][]D-V4) contains an improper restriction of XML external entity reference (XXE) vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed may be disclosed. | 2023-10-23 | not yet calculated | CVE-2023-43624 MISC MISC |
onigiriya-musubee_line -- onigiriya-musubee_line | The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 2023-10-25 | not yet calculated | CVE-2023-39740 MISC MISC |
openssl -- openssl | Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. It is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However, if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue. | 2023-10-25 | not yet calculated | CVE-2023-5363 MISC MISC MISC MISC MISC MISC |
palantir -- palantir | Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. | 2023-10-26 | not yet calculated | CVE-2023-30967 MISC |
pallets -- werkzeug | Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal bytearray and lookup for boundary is performed on growing buffer. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. This vulnerability has been patched in version 3.0.1. | 2023-10-25 | not yet calculated | CVE-2023-46136 MISC MISC |
parse_server -- parse_server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1. | 2023-10-25 | not yet calculated | CVE-2023-46119 MISC MISC MISC MISC MISC |
pfsense_ce -- pfsense_ce | Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. | 2023-10-25 | not yet calculated | CVE-2023-29973 MISC |
phpgurukul -- nipah_virus_testing_management_system | Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State field. | 2023-10-25 | not yet calculated | CVE-2023-46583 MISC |
phpgurukul -- nipah_virus_testing_management_system | SQL Injection vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows a remote attacker to escalate privileges via a crafted request to the new-user-testing.php endpoint. | 2023-10-25 | not yet calculated | CVE-2023-46584 MISC |
phpgurukul -- nipah_virus_testing_management_system | A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical. This issue affects some unknown processing of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The identifier VDB-243617 was assigned to this vulnerability. | 2023-10-26 | not yet calculated | CVE-2023-5804 MISC MISC MISC |
phpgurukul -- online_railway_catering_system | A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-243600. | 2023-10-26 | not yet calculated | CVE-2023-5794 MISC MISC MISC |
ping_identity -- pingfederate | When an AWS DynamoDB table is used for user attribute storage, it is possible to retrieve the attributes of another user using a maliciously crafted request. | 2023-10-25 | not yet calculated | CVE-2023-34085 MISC MISC |
ping_identity -- pingfederate | Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter | 2023-10-25 | not yet calculated | CVE-2023-37283 MISC MISC |
ping_identity -- pingfederate | PingFederate Administrative Console dependency contains a weakness where console becomes unresponsive with crafted Java class loading enumeration requests | 2023-10-25 | not yet calculated | CVE-2023-39219 MISC MISC |
ping_identity -- pingfederate | PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user's first factor credentials. | 2023-10-25 | not yet calculated | CVE-2023-39231 MISC MISC |
ping_identity -- pingfederate | A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. | 2023-10-25 | not yet calculated | CVE-2023-39930 MISC MISC |
pip -- pip | When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip prior to v23.3, the specified Mercurial revision could be used to inject arbitrary configuration options to the "hg clone" call (ie "--config"). Controlling the Mercurial configuration can modify how and which repository is installed. This vulnerability does not affect users who aren't installing from Mercurial. | 2023-10-25 | not yet calculated | CVE-2023-5752 MISC MISC |
prestashop -- prestashop | In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | 2023-10-25 | not yet calculated | CVE-2023-46346 MISC |
prestashop -- prestashop | In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | 2023-10-25 | not yet calculated | CVE-2023-46347 MISC |
prestashop -- prestashop | In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | 2023-10-25 | not yet calculated | CVE-2023-46358 MISC |
proxmox -- proxmox | Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature. | 2023-10-28 | not yet calculated | CVE-2023-46854 MISC MISC MISC |
rabbitmq -- rabbitmq | RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulnerable for denial of service (DoS) attacks with very large messages. An authenticated user with sufficient credentials can publish a very large messages over the HTTP API and cause target node to be terminated by an "out-of-memory killer"-like mechanism. This vulnerability has been patched in versions 3.11.24 and 3.12.7. | 2023-10-25 | not yet calculated | CVE-2023-46118 MISC |
rabbitmq -- rabbitmq | The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. `maxBodyLebgth` was not used when receiving Message objects. Attackers could send a very large Message causing a memory overflow and triggering an OOM Error. Users of RabbitMQ may suffer from DoS attacks from RabbitMQ Java client which will ultimately exhaust the memory of the consumer. This vulnerability was patched in version 5.18.0. | 2023-10-25 | not yet calculated | CVE-2023-46120 MISC MISC MISC MISC |
radare2 -- radare2 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. | 2023-10-28 | not yet calculated | CVE-2023-46569 MISC MISC |
radare2 -- radare2 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. | 2023-10-28 | not yet calculated | CVE-2023-46570 MISC MISC |
regina_sweets&bakery_line -- regina_sweets&bakery_line | The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 2023-10-25 | not yet calculated | CVE-2023-39739 MISC MISC |
remark42 -- remark42 | umputun remark42 version 1.12.1 and before has a Blind Server-Side Request Forgery (SSRF) vulnerability. | 2023-10-23 | not yet calculated | CVE-2023-45966 MISC MISC |
rexroth -- ctrlx_hmi_web_panel | The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the 'su' binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network. | 2023-10-25 | not yet calculated | CVE-2023-41255 MISC |
rexroth -- ctrlx_hmi_web_panel | The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself. | 2023-10-25 | not yet calculated | CVE-2023-41960 MISC |
rexroth -- ctrlx_hmi_web_panel | The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB. | 2023-10-25 | not yet calculated | CVE-2023-43488 MISC |
rexroth -- ctrlx_hmi_web_panel | The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user. | 2023-10-25 | not yet calculated | CVE-2023-45220 MISC |
rexroth -- ctrlx_hmi_web_panel | The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug). | 2023-10-25 | not yet calculated | CVE-2023-45844 MISC |
rexroth -- ctrlx_hmi_web_panel | The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair | 2023-10-25 | not yet calculated | CVE-2023-41372 MISC |
ritecms -- ritecms | A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content. | 2023-10-25 | not yet calculated | CVE-2023-44767 MISC |
rmc_r_beauty_clinic_line -- rmc_r_beauty_clinic_line | An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | 2023-10-25 | not yet calculated | CVE-2023-38848 MISC MISC |
rockwell_automation -- arena_simulation | An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. | 2023-10-27 | not yet calculated | CVE-2023-27854 MISC |
rockwell_automation -- arena_simulation | Rockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an uninitialized pointer in the application. The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. The user would need to open a malicious file provided to them by the attacker for the code to execute. | 2023-10-27 | not yet calculated | CVE-2023-27858 MISC |
rockwell_automation -- factorytalk | Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition. | 2023-10-27 | not yet calculated | CVE-2023-46289 MISC |
rockwell_automation -- factorytalk | Due to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk® Services Platform web service and then use the token to log in into FactoryTalk® Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk® Services Platform web service. | 2023-10-27 | not yet calculated | CVE-2023-46290 MISC |
samba -- samba | A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service. | 2023-10-25 | not yet calculated | CVE-2023-5568 MISC MISC MISC MISC |
satoken -- satoken | An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 2023-10-25 | not yet calculated | CVE-2023-43961 MISC |
satoken -- satoken | An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. | 2023-10-25 | not yet calculated | CVE-2023-44794 MISC |
sbt -- sbt | sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt's main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7. | 2023-10-23 | not yet calculated | CVE-2023-46122 MISC MISC MISC MISC |
sd-webui-infinite-image-browsing -- sd-webui-infinite-image-browsing | The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled without secret key configuration, allows remote attackers to read any local file via /file?path= in the URL, as demonstrated by reading /proc/self/environ to discover credentials. | 2023-10-22 | not yet calculated | CVE-2023-46315 MISC MISC |
seacms -- seacms | An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. | 2023-10-25 | not yet calculated | CVE-2023-46010 MISC MISC |
shaanxi_chanming_education_technology -- score_query_system | A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument stuIdCard leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243593 was assigned to this vulnerability. | 2023-10-26 | not yet calculated | CVE-2023-5787 MISC MISC MISC |
shanghai_cti_navigation -- cti_monitoring_and_early_warning_system | A vulnerability was found in Shanghai CTI Navigation CTI Monitoring and Early Warning System 2.2. It has been classified as critical. This affects an unknown part of the file /Web/SysManage/UserEdit.aspx. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-243717 was assigned to this vulnerability. | 2023-10-27 | not yet calculated | CVE-2023-5827 MISC MISC MISC |
sick_ag -- fx0-gmod00000 | Authentication Bypass by Capture-replay in SICK Flexi Soft Gateways with Partnumbers 1044073, 1127717, 1130282, 1044074, 1121597, 1099832, 1051432, 1127487, 1069070, 1112296, 1044072, 1121596, 1099830 allows an unauthenticated remote attacker to potentially impact the availability, integrity and confidentiality of the gateways via an authentication bypass by capture-replay. | 2023-10-23 | not yet calculated | CVE-2023-5246 MISC MISC MISC |
sielco -- analog_fm_transmitter | The application suffers from a privilege escalation vulnerability. A user with read permissions can elevate privileges by sending a HTTP POST to set a parameter. | 2023-10-26 | not yet calculated | CVE-2023-41966 MISC MISC |
sielco -- analog_fm_transmitter | The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. | 2023-10-26 | not yet calculated | CVE-2023-42769 MISC MISC |
sielco -- analog_fm_transmitter | The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters. | 2023-10-26 | not yet calculated | CVE-2023-45228 MISC MISC |
sielco -- analog_fm_transmitter | The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. | 2023-10-26 | not yet calculated | CVE-2023-45317 MISC MISC |
sielco_ -- polyeco1000 | Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. | 2023-10-26 | not yet calculated | CVE-2023-46661 MISC |
sielco_ -- polyeco1000 | Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information. | 2023-10-26 | not yet calculated | CVE-2023-46662 MISC |
sielco_ -- polyeco1000 | Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. | 2023-10-26 | not yet calculated | CVE-2023-46663 MISC |
sielco_ -- polyeco1000 | Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages. | 2023-10-26 | not yet calculated | CVE-2023-46664 MISC |
sielco_ -- polyeco1000 | Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. | 2023-10-26 | not yet calculated | CVE-2023-46665 MISC |
sielco_ -- polyeco1000 | Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. | 2023-10-26 | not yet calculated | CVE-2023-5754 MISC |
sielco_ -- polyeco1000 | Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. | 2023-10-26 | not yet calculated | CVE-2023-0897 MISC |
silicon_labs -- ember_znet_sdk | Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier. | 2023-10-26 | not yet calculated | CVE-2023-41096 MISC |
silicon_labs -- openthread_sdk | Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier. | 2023-10-26 | not yet calculated | CVE-2023-41095 MISC |
sisqualwfm -- sisqualwfm | The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources. | 2023-10-25 | not yet calculated | CVE-2023-36085 MISC |
sonicwall -- directory_services_connector | A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature. | 2023-10-27 | not yet calculated | CVE-2023-44219 MISC |
sonicwall -- netextender_windows | SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system. | 2023-10-27 | not yet calculated | CVE-2023-44220 MISC |
sourcecodester -- file_manager_app | A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-file.php. The manipulation of the argument uploadedFileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243595. | 2023-10-26 | not yet calculated | CVE-2023-5790 MISC MISC MISC |
sourcecodester -- free_and_open_source_inventory_management_system | Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. | 2023-10-26 | not yet calculated | CVE-2023-46449 MISC MISC |
sourcecodester -- free_and_open_source_inventory_management_system | Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. | 2023-10-26 | not yet calculated | CVE-2023-46450 MISC MISC |
sourcecodester -- simple_real_estate_portal_system | A vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. It has been classified as critical. Affected is an unknown function of the file view_estate.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-243618 is the identifier assigned to this vulnerability. | 2023-10-26 | not yet calculated | CVE-2023-5805 MISC MISC MISC |
sourcecodester -- sticky_notes_app | A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. This affects an unknown part of the file endpoint/add-note.php. The manipulation of the argument noteTitle/noteContent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243597 was assigned to this vulnerability. | 2023-10-26 | not yet calculated | CVE-2023-5791 MISC MISC MISC |
sourcecodester -- sticky_notes_app | A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. This vulnerability affects unknown code of the file endpoint/delete-note.php. The manipulation of the argument note leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243598 is the identifier assigned to this vulnerability. | 2023-10-26 | not yet calculated | CVE-2023-5792 MISC MISC MISC |
sourcecodester -- task_reminder_system | A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_reminder. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243644. | 2023-10-27 | not yet calculated | CVE-2023-5813 MISC MISC |
sourcecodester -- task_reminder_system | A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_reminder. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-243645 was assigned to this vulnerability. | 2023-10-27 | not yet calculated | CVE-2023-5814 MISC MISC |
sourcecodester -- task_reminder_system | A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-243800. | 2023-10-28 | not yet calculated | CVE-2023-5836 MISC MISC |
sourcecodester -- packers_and_movers_management_system | Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. | 2023-10-26 | not yet calculated | CVE-2023-46435 MISC |
stb_image.h -- stb_image.h | Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. | 2023-10-25 | not yet calculated | CVE-2023-43281 MISC MISC |
stellar -- rs-stellar-strkey | rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. A panic vulnerability occurs when a specially crafted payload is used.`inner_payload_len` should not above 64. This vulnerability has been patched in version 0.0.8. | 2023-10-25 | not yet calculated | CVE-2023-46135 MISC MISC |
sugarcrm -- sugarcrm | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with regular user privileges can exploit this. | 2023-10-27 | not yet calculated | CVE-2023-46815 MISC |
sugarcrm -- sugarcrm | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. An attacker with regular user privileges can exploit this. | 2023-10-27 | not yet calculated | CVE-2023-46816 MISC |
synology -- camera_firmware | A vulnerability regarding use of externally controlled format string is found in the cgi component. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.5-0185 may be affected: BC500 and TC500. | 2023-10-25 | not yet calculated | CVE-2023-5746 MISC |
tenable -- nessus_network_monitor | Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. | 2023-10-26 | not yet calculated | CVE-2023-5622 MISC |
tenable -- nessus_network_monitor | NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location | 2023-10-26 | not yet calculated | CVE-2023-5623 MISC |
tenable -- nessus_network_monitor | Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection. | 2023-10-26 | not yet calculated | CVE-2023-5624 MISC |
tenda -- w18e | Tenda W18E V16.01.0.8(1576) contains a stack overflow vulnerability via the portMirrorMirroredPorts parameter in the formSetNetCheckTools function. | 2023-10-25 | not yet calculated | CVE-2023-46369 MISC |
tenda -- w18e | Tenda W18E V16.01.0.8(1576) has a command injection vulnerability via the hostName parameter in the formSetNetCheckTools function. | 2023-10-25 | not yet calculated | CVE-2023-46370 MISC |
tibco_software_inc. -- tibco_hawk | The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console's and Agent's log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below. | 2023-10-25 | not yet calculated | CVE-2023-26219 MISC |
tire-sales_line -- tire-sales_line | An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | 2023-10-25 | not yet calculated | CVE-2023-38849 MISC MISC |
tokueimaru_waiting_line -- ztokueimaru_waiting_line | The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 2023-10-25 | not yet calculated | CVE-2023-39732 MISC MISC |
tongda -- oa | A vulnerability classified as critical was found in Tongda OA 2017 11.10. This vulnerability affects unknown code of the file general/system/approve_center/flow_guide/flow_type/set_print/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-26 | not yet calculated | CVE-2023-5780 MISC MISC MISC |
tongda -- oa | A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10. This issue affects the function DELETE_STR of the file general/system/res_manage/monitor/delete_webmail.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243587. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-26 | not yet calculated | CVE-2023-5781 MISC MISC MISC |
tongda -- oa | A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /manage/delete_query.php of the component General News. The manipulation of the argument NEWS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243588. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-26 | not yet calculated | CVE-2023-5782 MISC MISC MISC |
tongda -- oa | A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/system/approve_center/flow_sort/flow/delete.php. The manipulation of the argument id/sort_parent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-243589 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-26 | not yet calculated | CVE-2023-5783 MISC MISC MISC |
tonton-tei_line -- tonton-tei_line | The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 2023-10-25 | not yet calculated | CVE-2023-39733 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp. | 2023-10-25 | not yet calculated | CVE-2023-46540 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup. | 2023-10-25 | not yet calculated | CVE-2023-46541 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig. | 2023-10-25 | not yet calculated | CVE-2023-46542 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey. | 2023-10-25 | not yet calculated | CVE-2023-46543 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl. | 2023-10-25 | not yet calculated | CVE-2023-46544 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc. | 2023-10-25 | not yet calculated | CVE-2023-46545 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats. | 2023-10-25 | not yet calculated | CVE-2023-46546 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog. | 2023-10-25 | not yet calculated | CVE-2023-46547 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect. | 2023-10-25 | not yet calculated | CVE-2023-46548 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg. | 2023-10-25 | not yet calculated | CVE-2023-46549 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. | 2023-10-25 | not yet calculated | CVE-2023-46550 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl. | 2023-10-25 | not yet calculated | CVE-2023-46551 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP. | 2023-10-25 | not yet calculated | CVE-2023-46552 MISC MISC |
totolink -- x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl. | 2023-10-25 | not yet calculated | CVE-2023-46553 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. | 2023-10-25 | not yet calculated | CVE-2023-46408 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. | 2023-10-25 | not yet calculated | CVE-2023-46409 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. | 2023-10-25 | not yet calculated | CVE-2023-46410 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function. | 2023-10-25 | not yet calculated | CVE-2023-46411 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function. | 2023-10-25 | not yet calculated | CVE-2023-46412 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function. | 2023-10-25 | not yet calculated | CVE-2023-46413 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function. | 2023-10-25 | not yet calculated | CVE-2023-46414 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function. | 2023-10-25 | not yet calculated | CVE-2023-46415 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function. | 2023-10-25 | not yet calculated | CVE-2023-46416 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function. | 2023-10-25 | not yet calculated | CVE-2023-46417 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function. | 2023-10-25 | not yet calculated | CVE-2023-46418 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function. | 2023-10-25 | not yet calculated | CVE-2023-46419 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function. | 2023-10-25 | not yet calculated | CVE-2023-46420 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function. | 2023-10-25 | not yet calculated | CVE-2023-46421 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function. | 2023-10-25 | not yet calculated | CVE-2023-46422 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_417094 function. | 2023-10-25 | not yet calculated | CVE-2023-46423 MISC MISC |
totolink -- x6000r_firmware | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_422BD4 function. | 2023-10-25 | not yet calculated | CVE-2023-46424 MISC MISC |
tp-link -- tl-wdr7660 | TP-Link device TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function upgradeInfoJsonToBin. | 2023-10-25 | not yet calculated | CVE-2023-46371 MISC |
tp-link -- tl-wdr7660 | TP-Link TL-WDR7660 2.0.30 has a stack overflow vulnerability via the function deviceInfoJsonToBincauses. | 2023-10-25 | not yet calculated | CVE-2023-46373 MISC |
traceroute -- traceroute | In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. | 2023-10-25 | not yet calculated | CVE-2023-46316 MISC MISC |
twisted -- twisted | Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc1, when sending multiple HTTP requests in one TCP packet, twisted.web will process the requests asynchronously without guaranteeing the response order. If one of the endpoints is controlled by an attacker, the attacker can delay the response on purpose to manipulate the response of the second request when a victim launched two requests using HTTP pipeline. Version 23.10.0rc1 contains a patch for this issue. | 2023-10-25 | not yet calculated | CVE-2023-46137 MISC |
ubiquiti -- unifi_network_application | Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network. Affected Products: UDM UDM-PRO UDM-SE UDR UDW Mitigation: Update UniFi Network to Version 7.5.187 or later. | 2023-10-25 | not yet calculated | CVE-2023-41721 MISC |
ubuntu -- ubuntu_grub2 | An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved. | 2023-10-25 | not yet calculated | CVE-2023-4692 MISC MISC MISC MISC MISC |
ubuntu -- ubuntu_grub2 | An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk. | 2023-10-25 | not yet calculated | CVE-2023-4693 MISC MISC MISC MISC MISC |
univention -- ucs@school | Incorrect LDAP ACLs in ucs-school-ldap-acls-master in UCS@school before 4.4v5-errata allow remote teachers, staff, and school administrators to read LDAP password hashes (sambaNTPassword, krb5Key, sambaPasswordHistory, and pwhistory) via LDAP search requests. For example, a teacher can gain administrator access via an NTLM hash. | 2023-10-26 | not yet calculated | CVE-2020-17477 MISC |
uomasa_saiji_news_line -- uomasa_saiji_news_line | The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 2023-10-25 | not yet calculated | CVE-2023-39735 MISC MISC |
uvdesk_community_skeleton -- uvdesk_community_skeleton | UVDesk Community Skeleton v1.1.1 allows unauthenticated attackers to perform brute force attacks on the login page to gain access to the application. | 2023-10-23 | not yet calculated | CVE-2023-37635 MISC |
uvdesk_community_skeleton -- uvdesk_community_skeleton | A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket. | 2023-10-23 | not yet calculated | CVE-2023-37636 MISC |
vermeg -- agilereporter | An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component. | 2023-10-27 | not yet calculated | CVE-2022-34832 MISC MISC |
vermeg -- agilereporter | An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component. | 2023-10-27 | not yet calculated | CVE-2022-34833 MISC MISC |
vermeg -- agilereporter | An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log. | 2023-10-27 | not yet calculated | CVE-2022-34834 MISC MISC |
viessmann -- vitogate_300 | A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-23 | not yet calculated | CVE-2023-5702 MISC MISC MISC |
vim -- vim | Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068. | 2023-10-27 | not yet calculated | CVE-2023-46246 MISC MISC |
vinchin -- backup_&_recovery | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. | 2023-10-27 | not yet calculated | CVE-2023-45498 MISC FULLDISC |
vinchin -- backup_&_recovery | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. | 2023-10-27 | not yet calculated | CVE-2023-45499 MISC FULLDISC |
vision_meat_works_trackdiner10/10_mc_line -- vision_meat_works_trackdiner10/10_mc_line | The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | 2023-10-25 | not yet calculated | CVE-2023-39734 MISC MISC |
vmware -- open-vm-tools | open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. | 2023-10-27 | not yet calculated | CVE-2023-34059 MISC MISC MISC |
vmware -- vcenter_server | vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | 2023-10-25 | not yet calculated | CVE-2023-34048 MISC |
vmware -- vcenter_server | vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | 2023-10-25 | not yet calculated | CVE-2023-34056 MISC |
vmware -- vmware_tools | VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. | 2023-10-27 | not yet calculated | CVE-2023-34057 MISC |
vmware -- vmware_tools | VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 2023-10-27 | not yet calculated | CVE-2023-34058 MISC MISC |
vue.js -- vue.js_devtools | The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard `postMessage()` API. By creating a malicious web page with an iFrame targeting a sensitive resource (i.e., a locally accessible file or sensitive website), and registering a listener on the web page, the extension sent messages back to the listener, containing the base64 encoded screenshot data of the sensitive resource. | 2023-10-23 | not yet calculated | CVE-2023-5718 MISC |
wabt -- wabt | WebAssembly wabt 1.0.33 has an Out-of-Bound Memory Read in in DataSegment::IsValidRange(), which lead to segmentation fault. | 2023-10-23 | not yet calculated | CVE-2023-46331 MISC |
wabt -- wabt | WebAssembly wabt 1.0.33 contains an Out-of-Bound Memory Write in DataSegment::Drop(), which lead to segmentation fault. | 2023-10-23 | not yet calculated | CVE-2023-46332 MISC |
wenwenaicms -- wenwenaicms | Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. | 2023-10-25 | not yet calculated | CVE-2023-45990 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Print, PDF, Email by PrintFriendly plugin <= 5.5.1 versions. | 2023-10-25 | not yet calculated | CVE-2023-25032 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin <= 2.0.0.1 versions. | 2023-10-26 | not yet calculated | CVE-2023-30492 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in TotalPress.Org Custom post types, Custom Fields & more plugin <= 4.0.12 versions. | 2023-10-26 | not yet calculated | CVE-2023-32116 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alkaweb Eonet Manual User Approve plugin <= 2.1.3 versions. | 2023-10-27 | not yet calculated | CVE-2023-32738 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mitchell Bennis Simple File List plugin <= 6.1.9 versions. | 2023-10-25 | not yet calculated | CVE-2023-39924 MISC |
wordpress -- wordpress | The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-27 | not yet calculated | CVE-2023-5774 MISC MISC MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike - Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8 versions. | 2023-10-25 | not yet calculated | CVE-2023-45640 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Peter Keung Peter's Custom Anti-Spam plugin <= 3.2.2 versions. | 2023-10-25 | not yet calculated | CVE-2023-45759 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson WP GoToWebinar plugin <= 14.45 versions. | 2023-10-25 | not yet calculated | CVE-2023-45832 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LeadSquared Suite plugin <= 0.7.4 versions. | 2023-10-25 | not yet calculated | CVE-2023-45833 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Libsyn Libsyn Publisher Hub plugin <= 1.4.4 versions. | 2023-10-25 | not yet calculated | CVE-2023-45835 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions. | 2023-10-25 | not yet calculated | CVE-2023-45837 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XQueue GmbH Maileon for WordPress plugin <= 2.16.0 versions. | 2023-10-25 | not yet calculated | CVE-2023-46068 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Osmansorkar Ajax Archive Calendar plugin <= 2.6.7 versions. | 2023-10-25 | not yet calculated | CVE-2023-46069 MISC |
wordpress -- wordpress | An authenticated XCC user can change permissions for any user through a crafted API command. | 2023-10-25 | not yet calculated | CVE-2023-4607 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Emmanuel GEORJON EG-Attachments plugin <= 2.1.3 versions. | 2023-10-25 | not yet calculated | CVE-2023-46070 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickDatos Protección de Datos RGPD plugin <= 3.1.0 versions. | 2023-10-25 | not yet calculated | CVE-2023-46071 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions. | 2023-10-26 | not yet calculated | CVE-2023-46072 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin <= 2.3.2 versions. | 2023-10-26 | not yet calculated | CVE-2023-46074 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Contact Form Builder, Contact Widget plugin <= 2.1.6 versions. | 2023-10-26 | not yet calculated | CVE-2023-46075 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin <= 1.2.102 versions. | 2023-10-26 | not yet calculated | CVE-2023-46076 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed - Custom Feed plugin <= 2.2.5 versions. | 2023-10-26 | not yet calculated | CVE-2023-46077 MISC |
wordpress -- wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions. | 2023-10-26 | not yet calculated | CVE-2023-46081 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. | 2023-10-22 | not yet calculated | CVE-2023-46085 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions. | 2023-10-26 | not yet calculated | CVE-2023-46088 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions. | 2023-10-22 | not yet calculated | CVE-2023-46089 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. | 2023-10-26 | not yet calculated | CVE-2023-46090 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions. | 2023-10-27 | not yet calculated | CVE-2023-46091 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin <= 2.0 versions. | 2023-10-27 | not yet calculated | CVE-2023-46093 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Conversios Track Google Analytics 4, Facebook Pixel & Conversions API via Google Tag Manager for WooCommerce plugin <= 6.5.3 versions. | 2023-10-26 | not yet calculated | CVE-2023-46094 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions. | 2023-10-22 | not yet calculated | CVE-2023-46095 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions. | 2023-10-25 | not yet calculated | CVE-2023-46150 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions. | 2023-10-25 | not yet calculated | CVE-2023-46151 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. | 2023-10-25 | not yet calculated | CVE-2023-46152 MISC |
wordpress -- wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions. | 2023-10-27 | not yet calculated | CVE-2023-46153 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar - Google Calendar Plugin <= 3.2.5 versions. | 2023-10-25 | not yet calculated | CVE-2023-46189 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions. | 2023-10-25 | not yet calculated | CVE-2023-46190 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions. | 2023-10-25 | not yet calculated | CVE-2023-46191 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions. | 2023-10-27 | not yet calculated | CVE-2023-46192 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions. | 2023-10-25 | not yet calculated | CVE-2023-46193 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist - Custom Archive Templates plugin <= 1.7.5 versions. | 2023-10-27 | not yet calculated | CVE-2023-46194 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions. | 2023-10-25 | not yet calculated | CVE-2023-46198 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <= 4.1.1 versions. | 2023-10-27 | not yet calculated | CVE-2023-46199 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions. | 2023-10-27 | not yet calculated | CVE-2023-46200 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions. | 2023-10-25 | not yet calculated | CVE-2023-46202 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions. | 2023-10-25 | not yet calculated | CVE-2023-46204 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions. | 2023-10-27 | not yet calculated | CVE-2023-46208 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus - Unlimited grid plugin <= 1.3.2 versions. | 2023-10-27 | not yet calculated | CVE-2023-46209 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions. | 2023-10-27 | not yet calculated | CVE-2023-46211 MISC |
wordpress -- wordpress | The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-27 | not yet calculated | CVE-2023-5051 MISC MISC MISC |
wordpress -- wordpress | The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-25 | not yet calculated | CVE-2023-5085 MISC MISC |
wordpress -- wordpress | The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-25 | not yet calculated | CVE-2023-5110 MISC MISC |
wordpress -- wordpress | The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The shortcode is not displayed to administrators, so it cannot be used against administrator users. | 2023-10-25 | not yet calculated | CVE-2023-5126 MISC MISC |
wordpress -- wordpress | The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping on 'icon' user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-25 | not yet calculated | CVE-2023-5127 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
wordpress -- wordpress | The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to modify the contents of the .htaccess files located in a site's root directory or /wp-content and /wp-includes folders and achieve remote code execution. | 2023-10-25 | not yet calculated | CVE-2023-5311 MISC MISC MISC |
wordpress -- wordpress | The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta functions in versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to gain elevated (e.g., administrator) privileges. | 2023-10-28 | not yet calculated | CVE-2023-5425 MISC MISC |
wordpress -- wordpress | The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta functions in versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to delete user, term, and post meta belonging to arbitrary users. | 2023-10-28 | not yet calculated | CVE-2023-5426 MISC MISC |
wordpress -- wordpress | The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9 as well as 4.9.2. This makes it possible for unauthenticated attackers to perform some of those actions that were intended for higher privileged users. | 2023-10-20 | not yet calculated | CVE-2023-5533 MISC MISC |
wordpress -- wordpress | The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-20 | not yet calculated | CVE-2023-5534 MISC MISC |
wordpress -- wordpress | The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-27 | not yet calculated | CVE-2023-5705 MISC MISC MISC |
wordpress -- wordpress | The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-25 | not yet calculated | CVE-2023-5740 MISC MISC MISC |
wordpress -- wordpress | The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-25 | not yet calculated | CVE-2023-5744 MISC MISC MISC |
wordpress -- wordpress | The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-25 | not yet calculated | CVE-2023-5745 MISC MISC |
wordpress -- wordpress | The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks | 2023-10-26 | not yet calculated | CVE-2023-5798 MISC |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin - WP Knowledgebase plugin <= 1.3.4 versions. | 2023-10-26 | not yet calculated | CVE-2023-5802 MISC |
wordpress -- wordpress | The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-27 | not yet calculated | CVE-2023-5817 MISC MISC MISC |
wordpress -- wordpress | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-27 | not yet calculated | CVE-2023-5820 MISC MISC MISC |
wordpress -- wordpress | The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-27 | not yet calculated | CVE-2023-5821 MISC MISC MISC |
writercms -- writercms | Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. | 2023-10-26 | not yet calculated | CVE-2023-43905 MISC |
xnview_classic -- xnview_classic | Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file. | 2023-10-27 | not yet calculated | CVE-2023-46587 MISC |
xolo_cms -- xolo_cms | Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | 2023-10-26 | not yet calculated | CVE-2023-43906 MISC |
xorg-server -- xorg-server | A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service. | 2023-10-25 | not yet calculated | CVE-2023-5367 MISC MISC MISC MISC MISC MISC |
xorg-server -- xorg-server | A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed. | 2023-10-25 | not yet calculated | CVE-2023-5380 MISC MISC MISC MISC MISC |
xorg-server -- xorg-server | A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service. | 2023-10-25 | not yet calculated | CVE-2023-5574 MISC MISC MISC |
xpand -- it_write-back_manager | Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. | 2023-10-26 | not yet calculated | CVE-2023-27170 MISC |
xwiki -- xwiki | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute names. This can be exploited, e.g., via the link syntax in any content that supports XWiki syntax like comments in XWiki. When a user moves the mouse over a malicious link, the malicious JavaScript code is executed in the context of the user session. When this user is a privileged user who has programming rights, this allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. While this attribute was correctly recognized as not allowed, the attribute was still printed with a prefix `data-xwiki-translated-attribute-` without further cleaning or validation. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by removing characters not allowed in data attributes and then validating the cleaned attribute again. There are no known workarounds apart from upgrading to a version including the fix. | 2023-10-25 | not yet calculated | CVE-2023-37908 MISC MISC MISC MISC |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed. | 2023-10-25 | not yet calculated | CVE-2023-37909 MISC MISC MISC |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version. | 2023-10-25 | not yet calculated | CVE-2023-37910 MISC MISC MISC |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole. | 2023-10-25 | not yet calculated | CVE-2023-37911 MISC MISC MISC MISC MISC MISC |
xwiki -- xwiki | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro. | 2023-10-25 | not yet calculated | CVE-2023-37912 MISC MISC MISC |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove `/` or `\` from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter. | 2023-10-25 | not yet calculated | CVE-2023-37913 MISC MISC MISC |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker's user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki's WAR and can be patched by manually applying the changes from the fix. | 2023-10-25 | not yet calculated | CVE-2023-45134 MISC MISC MISC |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right. For the attack to work, the attacker needs to convince the victim to visit a link like `<xwiki-host>/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)` where `<xwiki-host>` is the URL of the Wiki installation and to then click on the "Create" button on that page. The page looks like a regular XWiki page that the victim would also see when clicking the button to create a page that doesn't exist yet, the malicious code is not displayed anywhere on that page. After clicking the "Create" button, the malicious title would be displayed but at this point, the code has already been executed and the attacker could use this code also to hide the attack, e.g., by redirecting the victim again to the same page with an innocent title. It thus seems plausible that this attack could work if the attacker can place a fake "create page" button on a page which is possible with edit right. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by displaying the title already in the first step such that the victim can notice the attack before continuing. It is possible to manually patch the modified files from the patch in an existing installation. For the JavaScript change, the minified JavaScript file would need to be obtained from a build of XWiki and replaced accordingly. | 2023-10-25 | not yet calculated | CVE-2023-45135 MISC MISC MISC |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix. | 2023-10-25 | not yet calculated | CVE-2023-45136 MISC MISC MISC |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix. | 2023-10-25 | not yet calculated | CVE-2023-45137 MISC MISC MISC |
yxbookcms -- yxbookcms | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. | 2023-10-27 | not yet calculated | CVE-2023-46503 MISC |
yxbookcms -- yxbookcms | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. | 2023-10-27 | not yet calculated | CVE-2023-46504 MISC |
zenario_cms -- zenario_cms | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. | 2023-10-25 | not yet calculated | CVE-2023-44769 MISC MISC |
zentao_biz -- zentao_biz | ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF). | 2023-10-27 | not yet calculated | CVE-2023-46375 MISC |
zentao_biz -- zentao_biz | Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. | 2023-10-27 | not yet calculated | CVE-2023-46376 MISC |
zentao_biz -- zentao_biz | ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. | 2023-10-27 | not yet calculated | CVE-2023-46491 MISC |
zentao_enterprise_edition -- zentao_enterprise_edition | ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS). | 2023-10-27 | not yet calculated | CVE-2023-46374 MISC |
zephyr -- zephyr | Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver | 2023-10-26 | not yet calculated | CVE-2023-5139 MISC |
zephyr -- zephyr | Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c | 2023-10-25 | not yet calculated | CVE-2023-5753 MISC |
zioncom_holdings_ltd. -- a7000r | An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. | 2023-10-27 | not yet calculated | CVE-2023-46510 MISC |
zitadel -- zitadel | ZITADEL is an identity infrastructure management system. ZITADEL users can upload their own avatar image using various image types including SVG. SVG can include scripts, such as javascript, which can be executed during rendering. Due to a missing security header, an attacker could inject code to an SVG to gain access to the victim's account in certain scenarios. A victim would need to directly open the malicious image in the browser, where a single session in ZITADEL needs to be active for this exploit to work. If the possible victim had multiple or no active sessions in ZITADEL, the attack would not succeed. This issue has been patched in version 2.39.2 and 2.38.2. | 2023-10-26 | not yet calculated | CVE-2023-46238 MISC MISC MISC |
zpe_systems,_inc. -- nodegrid_os | ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | 2023-10-28 | not yet calculated | CVE-2023-43322 CONFIRM |
palantir -- palantir | The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. | 2023-10-26 | not yet calculated | CVE-2023-30969 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.