Vulnerability Summary for the Week of October 30, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
contec -- solarview_compact_firmware | An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. | 2023-10-27 | 9.8 | CVE-2023-46509 MISC |
dreamsecurity -- magicline_4.0 | A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. | 2023-10-30 | 9.8 | CVE-2023-45797 MISC |
google -- android | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 8.8 | CVE-2023-21356 MISC |
google -- android | In Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 8.8 | CVE-2023-21361 MISC |
google -- android | In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 8.8 | CVE-2023-40129 MISC MISC |
google -- android | In NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2021-39810 MISC |
google -- android | In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2023-21351 MISC |
google -- android | In libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2023-21355 MISC |
google -- android | In UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2023-21358 MISC |
google -- android | In libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2023-21372 MISC |
google -- android | In Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2023-21373 MISC |
google -- android | In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2023-21374 MISC |
google -- android | In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2023-21375 MISC |
google -- android | In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2023-21378 MISC |
google -- android | In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.8 | CVE-2023-21381 MISC |
google -- android | In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 7.8 | CVE-2023-40116 MISC MISC |
google -- android | In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 7.8 | CVE-2023-40117 MISC MISC MISC |
google -- android | In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 7.8 | CVE-2023-40120 MISC MISC |
google -- android | In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 7.8 | CVE-2023-40125 MISC MISC |
google -- android | In several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 7.8 | CVE-2023-40128 MISC MISC |
google -- android | In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 7.8 | CVE-2023-40130 MISC MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.5 | CVE-2023-21347 MISC |
google -- android | In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 7.5 | CVE-2023-21353 MISC |
google -- android | In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 7 | CVE-2023-40131 MISC MISC |
juzaweb -- cms | An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. | 2023-10-28 | 7.8 | CVE-2023-46468 MISC |
projectworlds -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-43738 MISC MISC |
projectworlds -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44162 MISC MISC |
projectworlds -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add1' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44375 MISC MISC |
projectworlds -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add2' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44376 MISC MISC |
projectworlds -- online_art_gallery | Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'add3' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44377 MISC MISC |
projectworlds -- online_bus_booking_system | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45012 MISC MISC |
projectworlds -- online_bus_booking_system | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_query' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45013 MISC MISC |
projectworlds -- online_bus_booking_system | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bus_id' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45014 MISC MISC |
projectworlds -- online_bus_booking_system | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45015 MISC MISC |
projectworlds -- online_bus_booking_system | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'source' parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45016 MISC MISC |
projectworlds -- online_bus_booking_system | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'destination' parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45017 MISC MISC |
projectworlds -- online_bus_booking_system | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45018 MISC MISC |
projectworlds -- online_bus_booking_system | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45019 MISC MISC |
projectworlds -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45111 MISC MISC |
projectworlds -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'feedback' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45112 MISC MISC |
projectworlds -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45113 MISC MISC |
projectworlds -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'subject' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45114 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45323 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'price' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45324 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45325 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45326 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45327 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45328 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45329 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45330 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45331 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'deleted' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45332 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'verified' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45333 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45334 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45335 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45336 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45337 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45338 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'type' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45339 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45340 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45341 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45342 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45343 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45344 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45345 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45346 MISC MISC |
projectworlds -- online_food_ordering_system | Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-02 | 9.8 | CVE-2023-45347 MISC MISC |
radare -- radare2 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. | 2023-10-28 | 9.8 | CVE-2023-46569 MISC MISC |
radare -- radare2 | An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. | 2023-10-28 | 9.8 | CVE-2023-46570 MISC MISC |
solarwinds -- network_configuration_manager | The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. | 2023-11-01 | 8 | CVE-2023-33226 MISC MISC |
solarwinds -- network_configuration_manager | The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges. | 2023-11-01 | 8 | CVE-2023-33227 MISC MISC |
solarwinds -- solarwinds_platform | SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges. | 2023-11-01 | 8 | CVE-2023-40062 MISC MISC |
solarwinds -- solarwinds_platform | Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result. | 2023-11-01 | 7.1 | CVE-2023-40061 MISC |
trteksolutions -- education_portal | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29. | 2023-10-27 | 9.8 | CVE-2023-5807 MISC |
zentao -- biz | ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF). | 2023-10-27 | 8.8 | CVE-2023-46375 MISC |
zentao -- biz | Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. | 2023-10-27 | 7.5 | CVE-2023-46376 MISC |
zpesystems -- nodegrid_os | ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/. | 2023-10-28 | 8.8 | CVE-2023-43322 CONFIRM |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe -- acrobat_for_edge | Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-10-30 | 5.5 | CVE-2023-44323 MISC |
color -- demoiccmax | In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes. | 2023-10-30 | 6.5 | CVE-2023-46866 MISC MISC |
color -- demoiccmax | In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference. | 2023-10-30 | 6.5 | CVE-2023-46867 MISC MISC |
flusity -- flusity | A vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability. | 2023-10-27 | 4.8 | CVE-2023-5810 MISC MISC MISC MISC |
google -- android | In Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 6.7 | CVE-2023-21360 MISC |
google -- android | In the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 6.7 | CVE-2023-21370 MISC |
google -- android | In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 6.7 | CVE-2023-21371 MISC |
google -- android | In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 6.7 | CVE-2023-21380 MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 6.5 | CVE-2023-21395 MISC |
google -- android | In Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21294 MISC |
google -- android | In Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21350 MISC |
google -- android | In NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21352 MISC |
google -- android | In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21354 MISC |
google -- android | In Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21362 MISC |
google -- android | In ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21364 MISC |
google -- android | In Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21365 MISC |
google -- android | In Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21366 MISC |
google -- android | In Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21367 MISC |
google -- android | In Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21368 MISC |
google -- android | In Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21369 MISC |
google -- android | In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21376 MISC |
google -- android | In SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21377 MISC |
google -- android | In Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21382 MISC |
google -- android | In Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21383 MISC |
google -- android | In Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21384 MISC |
google -- android | In Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21385 MISC |
google -- android | In Telecomm, there is a possible bypass of a multiuser security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 5.5 | CVE-2023-21394 MISC |
google -- android | In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 5.5 | CVE-2023-40121 MISC MISC |
google -- android | In updateActionViews of PipMenuView.java, there is a possible bypass of a multiuser security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 5.5 | CVE-2023-40123 MISC MISC |
google -- android | In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 5.5 | CVE-2023-40133 MISC MISC |
google -- android | In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 4.4 | CVE-2023-21357 MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 4.4 | CVE-2023-21359 MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 4.4 | CVE-2023-21379 MISC |
gougucms -- gougucms | A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter. | 2023-10-27 | 5.4 | CVE-2023-46394 MISC |
lenovo -- thinkpad_e14_firmware | An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | 2023-10-30 | 6.7 | CVE-2022-48189 MISC |
lenovo -- thinkpad_x1_fold_gen_1_firmware | An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code. | 2023-10-30 | 6.7 | CVE-2022-4573 MISC |
macwk -- icecms | IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | 2023-10-27 | 6.5 | CVE-2023-42188 MISC MISC |
projectworlds -- online_blood_donation_management_system | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response. | 2023-10-31 | 6.1 | CVE-2023-44484 MISC MISC |
projectworlds -- online_blood_donation_management_system | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'lastName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response. | 2023-10-31 | 6.1 | CVE-2023-44485 MISC MISC |
projectworlds -- online_blood_donation_management_system | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'address' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response. | 2023-10-31 | 6.1 | CVE-2023-44486 MISC MISC |
projectworlds -- online_blood_donation_management_system | Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The 'city' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response. | 2023-10-31 | 6.1 | CVE-2023-5306 MISC MISC |
projectworlds -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | 2023-11-01 | 6.1 | CVE-2023-45201 MISC MISC |
projectworlds -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | 2023-11-01 | 6.1 | CVE-2023-45202 MISC MISC |
projectworlds -- online_examination_system | Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | 2023-11-01 | 6.1 | CVE-2023-45203 MISC MISC |
pwncyn -- fancms | Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file. | 2023-10-27 | 6.1 | CVE-2023-46505 MISC |
pwncyn -- yxbookcms | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. | 2023-10-27 | 6.1 | CVE-2023-46503 MISC |
pwncyn -- yxbookcms | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. | 2023-10-27 | 5.4 | CVE-2023-46504 MISC |
solarwinds -- network_configuration_manager | The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information. | 2023-11-01 | 4.5 | CVE-2023-33228 MISC MISC |
wordpress -- wordpress | The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-27 | 6.5 | CVE-2023-5821 MISC MISC MISC |
wordpress -- wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions. | 2023-10-27 | 6.1 | CVE-2023-46153 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist - Custom Archive Templates plugin <= 1.7.5 versions. | 2023-10-27 | 6.1 | CVE-2023-46194 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors - Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions. | 2023-10-27 | 6.1 | CVE-2023-46208 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus - Unlimited grid plugin <= 1.3.2 versions. | 2023-10-27 | 6.1 | CVE-2023-46209 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions. | 2023-10-27 | 5.4 | CVE-2023-46211 MISC |
wordpress -- wordpress | The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the 'form_id' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-27 | 5.4 | CVE-2023-5051 MISC MISC MISC |
wordpress -- wordpress | The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-30 | 5.4 | CVE-2023-5335 MISC MISC |
wordpress -- wordpress | The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-30 | 5.4 | CVE-2023-5565 MISC MISC |
wordpress -- wordpress | The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-30 | 5.4 | CVE-2023-5566 MISC MISC MISC MISC |
wordpress -- wordpress | The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-27 | 5.4 | CVE-2023-5705 MISC MISC MISC |
wordpress -- wordpress | The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-27 | 5.4 | CVE-2023-5774 MISC MISC MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions. | 2023-10-27 | 4.8 | CVE-2023-46091 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin <= 2.0 versions. | 2023-10-27 | 4.8 | CVE-2023-46093 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions. | 2023-10-27 | 4.8 | CVE-2023-46192 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <= 4.1.1 versions. | 2023-10-27 | 4.8 | CVE-2023-46199 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions. | 2023-10-27 | 4.8 | CVE-2023-46200 MISC |
zentao -- biz | ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS). | 2023-10-27 | 6.1 | CVE-2023-46374 MISC |
zentao -- biz | ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. | 2023-10-27 | 6.1 | CVE-2023-46491 MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
google -- android | In Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 3.3 | CVE-2023-21345 MISC |
google -- android | In the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 3.3 | CVE-2023-21346 MISC |
google -- android | In Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 3.3 | CVE-2023-21348 MISC |
google -- android | In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | 3.3 | CVE-2023-21349 MISC |
google -- android | In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 3.3 | CVE-2023-40127 MISC MISC |
google -- android | In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 3.3 | CVE-2023-40134 MISC MISC |
google -- android | In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 3.3 | CVE-2023-40135 MISC MISC |
google -- android | In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 3.3 | CVE-2023-40136 MISC MISC |
google -- android | In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 3.3 | CVE-2023-40137 MISC MISC |
google -- android | In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-27 | 3.3 | CVE-2023-40138 MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
7-zip -- 7-zip | 7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive. | 2023-11-03 | not yet calculated | CVE-2023-31102 MISC MISC MISC |
addify -- addifyfreegifts | SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component. | 2023-11-01 | not yet calculated | CVE-2023-44025 MISC |
artifex_software -- jbig2dec | Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. | 2023-10-31 | not yet calculated | CVE-2023-46361 MISC |
asus -- rt-ax55 | ASUS RT-AX55's authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. | 2023-11-03 | not yet calculated | CVE-2023-41345 MISC |
asus -- rt-ax55 | ASUS RT-AX55's authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | not yet calculated | CVE-2023-41346 MISC |
asus -- rt-ax55 | ASUS RT-AX55's authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | not yet calculated | CVE-2023-41347 MISC |
asus -- rt-ax55 | ASUS RT-AX55's authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | not yet calculated | CVE-2023-41348 MISC |
atera -- agent_package_availability | The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. | 2023-10-31 | not yet calculated | CVE-2023-37243 MISC |
atlassian -- confluence_data_center | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | 2023-10-31 | not yet calculated | CVE-2023-22518 MISC MISC |
authentik -- authentik | authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the default admin user, which can also optionally set the default admin users' password from an environment variable. When the user is deleted, the `initial-setup` flow used to configure authentik after the first installation becomes available again. authentik 2023.8.4 and 2023.10.2 fix this issue. As a workaround, ensure the default admin user (Username `akadmin`) exists and has a password set. It is recommended to use a very strong password for this user and store it in a secure location like a password manager. It is also possible to deactivate the user to prevent any logins as akadmin. | 2023-10-31 | not yet calculated | CVE-2023-46249 MISC MISC MISC MISC MISC |
avahi -- avahi | A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. | 2023-11-02 | not yet calculated | CVE-2023-38469 MISC MISC |
avahi -- avahi | A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. | 2023-11-02 | not yet calculated | CVE-2023-38470 MISC MISC |
avahi -- avahi | A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. | 2023-11-02 | not yet calculated | CVE-2023-38471 MISC MISC |
avahi -- avahi | A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. | 2023-11-02 | not yet calculated | CVE-2023-38472 MISC MISC |
avahi -- avahi | A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. | 2023-11-02 | not yet calculated | CVE-2023-38473 MISC MISC |
basercms -- basercms | baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue. | 2023-10-30 | not yet calculated | CVE-2023-43647 MISC MISC MISC |
basercms -- basercms | baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue. | 2023-10-30 | not yet calculated | CVE-2023-43648 MISC MISC MISC |
basercms -- basercms | baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue. | 2023-10-30 | not yet calculated | CVE-2023-43649 MISC MISC MISC |
basercms -- basercms | baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available. | 2023-10-30 | not yet calculated | CVE-2023-43792 MISC MISC |
beijing_yunfan_internet_technology_co.,_ltd -- yunfan_learning_examination_system | An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function. | 2023-11-04 | not yet calculated | CVE-2023-46963 MISC |
best_courier_management_system -- best_courier_management_system | Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. | 2023-10-31 | not yet calculated | CVE-2023-46451 MISC MISC |
best_courier_management_system -- best_courier_management_system | An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | 2023-11-03 | not yet calculated | CVE-2023-46980 MISC MISC |
best_practical_solutions_llc. -- request_tracker | Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | 2023-11-03 | not yet calculated | CVE-2023-45024 MISC CONFIRM |
best_practical_solutions_llc. -- request_tracker | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. | 2023-11-03 | not yet calculated | CVE-2023-41259 MISC CONFIRM CONFIRM |
best_practical_solutions_llc. -- request_tracker | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. | 2023-11-03 | not yet calculated | CVE-2023-41260 MISC CONFIRM CONFIRM |
bigbluebutton -- bigbluebutton | BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds. | 2023-10-30 | not yet calculated | CVE-2023-42803 MISC MISC |
bigbluebutton -- bigbluebutton | BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds. | 2023-10-30 | not yet calculated | CVE-2023-42804 MISC MISC |
bigbluebutton -- bigbluebutton | BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds. | 2023-10-30 | not yet calculated | CVE-2023-43797 MISC MISC MISC |
bigbluebutton -- bigbluebutton | BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton. | 2023-10-30 | not yet calculated | CVE-2023-43798 MISC MISC MISC MISC |
bigtree_cms -- bigtree_cms | Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. | 2023-11-01 | not yet calculated | CVE-2023-44954 MISC MISC |
bitrix24 -- bitrix24 | Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted ".htaccess" file. | 2023-11-01 | not yet calculated | CVE-2023-1713 MISC |
bitrix24 -- bitrix24 | Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization. | 2023-11-01 | not yet calculated | CVE-2023-1714 MISC |
bitrix24 -- bitrix24 | A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitization via placing HTML tags at the beginning of the payload. | 2023-11-01 | not yet calculated | CVE-2023-1715 MISC |
bitrix24 -- bitrix24 | Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege. | 2023-11-01 | not yet calculated | CVE-2023-1716 MISC |
bitrix24 -- bitrix24 | Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`. | 2023-11-01 | not yet calculated | CVE-2023-1717 MISC |
bitrix24 -- bitrix24 | Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmp_url". | 2023-11-01 | not yet calculated | CVE-2023-1718 MISC |
bitrix24 -- bitrix24 | Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialized variables. | 2023-11-01 | not yet calculated | CVE-2023-1719 MISC |
bitrix24 -- bitrix24 | Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile. | 2023-11-01 | not yet calculated | CVE-2023-1720 MISC |
bluespice -- bluespiceavatars | Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context. | 2023-10-30 | not yet calculated | CVE-2023-42431 MISC |
bon_presta -- boninstagramcarousel | Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call. | 2023-11-03 | not yet calculated | CVE-2023-43982 MISC |
boomerang_parental_control -- boomerang_parental_control | An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to back up the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API. | 2023-11-03 | not yet calculated | CVE-2023-36620 MISC MISC MISC |
boomerang_parental_control -- boomerang_parental_control | An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing. | 2023-11-03 | not yet calculated | CVE-2023-36621 MISC MISC MISC |
botan -- botan | bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password. | 2023-11-03 | not yet calculated | CVE-2017-7252 CONFIRM MISC |
campcodes -- simple_student_information_system | A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323. | 2023-11-02 | not yet calculated | CVE-2023-5923 MISC MISC MISC |
campcodes -- simple_student_information_system | A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324. | 2023-11-02 | not yet calculated | CVE-2023-5924 MISC MISC MISC |
campcodes -- simple_student_information_system | A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244325 was assigned to this vulnerability. | 2023-11-02 | not yet calculated | CVE-2023-5925 MISC MISC MISC |
campcodes -- simple_student_information_system | A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-244326 is the identifier assigned to this vulnerability. | 2023-11-02 | not yet calculated | CVE-2023-5926 MISC MISC MISC |
campcodes -- simple_student_information_system | A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327. | 2023-11-02 | not yet calculated | CVE-2023-5927 MISC MISC MISC |
campcodes -- simple_student_information_system | A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244328. | 2023-11-02 | not yet calculated | CVE-2023-5928 MISC MISC MISC |
campcodes -- simple_student_information_system | A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/students/manage_academic.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244329 was assigned to this vulnerability. | 2023-11-02 | not yet calculated | CVE-2023-5929 MISC MISC MISC |
campcodes -- simple_student_information_system | A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-244330 is the identifier assigned to this vulnerability. | 2023-11-02 | not yet calculated | CVE-2023-5930 MISC MISC MISC |
chef_automate --chef_automate | Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. | 2023-10-31 | not yet calculated | CVE-2023-40050 MISC MISC MISC |
chef_inspec -- chef_inspec | Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. | 2023-10-31 | not yet calculated | CVE-2023-42658 MISC MISC MISC |
chinghwa_telecom -- nokia | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. | 2023-11-03 | not yet calculated | CVE-2023-41350 MISC |
chunghwa_telecom -- nokia | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service. | 2023-11-03 | not yet calculated | CVE-2023-41351 MISC |
chunghwa_telecom -- nokia | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | not yet calculated | CVE-2023-41352 MISC |
chunghwa_telecom -- nokia | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service. | 2023-11-03 | not yet calculated | CVE-2023-41353 MISC |
chunghwa_telecom -- nokia | Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor. | 2023-11-03 | not yet calculated | CVE-2023-41354 MISC |
chunghwa_telecom -- nokia | Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | 2023-11-03 | not yet calculated | CVE-2023-41355 MISC |
cisco -- cisco_adaptive_security_appliance/firepower_threat_defense_software | A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition. | 2023-11-01 | not yet calculated | CVE-2023-20042 MISC |
cisco -- cisco_adaptive_security_appliance/firepower_threat_defense_software | A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6 messages. An attacker could exploit this vulnerability by sending crafted ICMPv6 messages to a targeted Cisco ASA or FTD system with IPv6 enabled. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2023-11-01 | not yet calculated | CVE-2023-20086 MISC |
cisco -- cisco_adaptive_security_appliance/firepower_threat_defense_software | A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of HTTPS requests. An attacker could exploit this vulnerability by sending crafted HTTPS requests to an affected system. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a DoS condition. | 2023-11-01 | not yet calculated | CVE-2023-20095 MISC |
cisco -- cisco_adaptive_security_appliance/firepower_threat_defense_software | Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that should be protected. | 2023-11-01 | not yet calculated | CVE-2023-20245 MISC |
cisco -- cisco_adaptive_security_appliance/firepower_threat_defense_software | A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile. | 2023-11-01 | not yet calculated | CVE-2023-20247 MISC |
cisco -- cisco_adaptive_security_appliance/firepower_threat_defense_software | Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected. | 2023-11-01 | not yet calculated | CVE-2023-20256 MISC |
cisco -- cisco_adaptive_security_appliance/firepower_threat_defense_software | A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network. | 2023-11-01 | not yet calculated | CVE-2023-20264 MISC |
cisco -- cisco_firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2023-11-01 | not yet calculated | CVE-2023-20005 MISC |
cisco -- cisco_firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2023-11-01 | not yet calculated | CVE-2023-20041 MISC |
cisco -- cisco_firepower_management_center | A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software. | 2023-11-01 | not yet calculated | CVE-2023-20048 MISC |
cisco -- cisco_firepower_management_center | A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessing the expert mode of an affected device and submitting specific commands to a connected system. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device. Alternatively, a successful exploit could allow the attacker to execute arbitrary code in the context of an FTD device if the attacker has administrative privileges on an associated FMC device. | 2023-11-01 | not yet calculated | CVE-2023-20063 MISC |
cisco -- cisco_firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2023-11-01 | not yet calculated | CVE-2023-20074 MISC |
cisco -- cisco_firepower_management_center | A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from the affected system. | 2023-11-01 | not yet calculated | CVE-2023-20114 MISC |
cisco -- cisco_firepower_management_center | A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered. | 2023-11-01 | not yet calculated | CVE-2023-20155 MISC |
cisco -- cisco_firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. | 2023-11-01 | not yet calculated | CVE-2023-20206 MISC |
cisco -- cisco_firepower_management_center | Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device. | 2023-11-01 | not yet calculated | CVE-2023-20219 MISC |
cisco -- cisco_firepower_management_center | Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device. | 2023-11-01 | not yet calculated | CVE-2023-20220 MISC |
cisco -- cisco_firepower_threat_defense_software | A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required. | 2023-11-01 | not yet calculated | CVE-2023-20031 MISC |
cisco -- cisco_firepower_threat_defense_software | A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required. | 2023-11-01 | not yet calculated | CVE-2023-20070 MISC |
cisco -- cisco_firepower_threat_defense_software | A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this vulnerability. This vulnerability is due to improper error checking when parsing fields within the ICMPv6 header. An attacker could exploit this vulnerability by sending a crafted ICMPv6 packet through an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition. Note: To recover from the DoS condition, the Snort 2 Detection Engine or the Cisco FTD device may need to be restarted. | 2023-11-01 | not yet calculated | CVE-2023-20083 MISC |
cisco -- cisco_firepower_threat_defense_software | A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required. | 2023-11-01 | not yet calculated | CVE-2023-20177 MISC |
cisco -- cisco_firepower_threat_defense_software | A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state. | 2023-11-01 | not yet calculated | CVE-2023-20244 MISC |
cisco -- cisco_firepower_threat_defense_software | A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions. | 2023-11-01 | not yet calculated | CVE-2023-20267 MISC |
cisco -- cisco_firepower_threat_defense_software | A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition. | 2023-11-01 | not yet calculated | CVE-2023-20270 MISC |
cisco -- cisco_identity_services_engine_software | A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 2023-11-01 | not yet calculated | CVE-2023-20170 MISC |
cisco -- cisco_identity_services_engine_software | A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | 2023-11-01 | not yet calculated | CVE-2023-20175 MISC |
cisco -- cisco_identity_services_engine_software | Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. | 2023-11-01 | not yet calculated | CVE-2023-20195 MISC |
cisco -- cisco_identity_services_engine_software | Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. | 2023-11-01 | not yet calculated | CVE-2023-20196 MISC |
cisco -- cisco_identity_services_engine_software | A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this vulnerability by sending crafted CDP traffic to the device. A successful exploit could cause the CDP process to crash, impacting neighbor discovery and the ability of Cisco ISE to determine the reachability of remote devices. After a crash, the CDP process must be manually restarted using the cdp enable command in interface configuration mode. | 2023-11-01 | not yet calculated | CVE-2023-20213 MISC |
cisco -- cisco_meeting_server | A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge. | 2023-11-01 | not yet calculated | CVE-2023-20255 MISC |
cisco -- multiple_products | Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload. | 2023-11-01 | not yet calculated | CVE-2023-20071 MISC |
cisco -- multiple_products | Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system. | 2023-11-01 | not yet calculated | CVE-2023-20246 MISC |
click_studios_pty_ltd -- passwordstate | Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request. | 2023-10-31 | not yet calculated | CVE-2023-43295 MISC |
cloudexplorer_lite -- cloudexplorer_lite | CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with `matching/API/`, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue. | 2023-10-30 | not yet calculated | CVE-2023-44397 MISC |
codeigniter -- codeigniter | CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set('display_errors', '0')` with `ini_set('display_errors', 'Off')` in `app/Config/Boot/production.php`. | 2023-10-31 | not yet calculated | CVE-2023-46240 MISC MISC MISC |
crater -- crater | /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. | 2023-10-30 | not yet calculated | CVE-2023-46865 MISC MISC |
cybozu-- remote_service | Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication. | 2023-11-01 | not yet calculated | CVE-2023-46278 MISC MISC |
daiky-value.fukuten -- daiky-value.fukuten | An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 2023-11-02 | not yet calculated | CVE-2023-39050 MISC MISC |
dell -- powerscale_onefs | Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition. | 2023-11-02 | not yet calculated | CVE-2023-43076 MISC |
dell -- powerscale_onefs | Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure. | 2023-11-02 | not yet calculated | CVE-2023-43087 MISC |
demonisblack --demon_image_annotation | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection. This issue affects demon image annotation: from n/a through 5.1. | 2023-11-04 | not yet calculated | CVE-2023-40215 MISC |
devolutions -- devolutions_server | Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters. | 2023-11-01 | not yet calculated | CVE-2023-5358 MISC |
devolutions -- remote_desktop_manager | Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. | 2023-11-01 | not yet calculated | CVE-2023-5765 MISC |
devolutions -- remote_desktop_manager | A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. | 2023-11-01 | not yet calculated | CVE-2023-5766 MISC |
django -- django | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | 2023-11-03 | not yet calculated | CVE-2023-41164 CONFIRM MISC MISC FEDORA |
django -- django | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. | 2023-11-03 | not yet calculated | CVE-2023-43665 CONFIRM MISC MISC FEDORA |
django -- django | An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | 2023-11-02 | not yet calculated | CVE-2023-46695 MISC MISC CONFIRM |
dm_service -- dm_service | In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42644 MISC |
dm_service -- dm_service | In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42654 MISC |
dmpop_mejiro_commit -- dmpop_mejiro_commit | Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images. | 2023-11-01 | not yet calculated | CVE-2023-46448 MISC MISC |
dolibarr -- dolibarr | Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. | 2023-10-30 | not yet calculated | CVE-2023-5842 MISC MISC |
dolibarr -- erp_crm | Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. | 2023-11-01 | not yet calculated | CVE-2023-4197 MISC MISC |
dolibarr -- erp_crm | Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data | 2023-11-01 | not yet calculated | CVE-2023-4198 MISC MISC |
douhaocms -- douhaocms | Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file. | 2023-10-30 | not yet calculated | CVE-2023-42323 MISC |
dromara -- lamp-cloud | Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token. | 2023-11-02 | not yet calculated | CVE-2023-31579 MISC MISC |
eclipse_foundation -- glassfish | In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners. | 2023-11-03 | not yet calculated | CVE-2023-5763 MISC MISC |
eclipse_foundation -- parsson | In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. | 2023-11-03 | not yet calculated | CVE-2023-4043 MISC MISC |
elenos -- etg150_fm_transmitter | An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted. | 2023-10-31 | not yet calculated | CVE-2023-37831 MISC |
elenos -- etg150_fm_transmitter | A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. | 2023-10-31 | not yet calculated | CVE-2023-37832 MISC |
elenos -- etg150_fm_transmitter | Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users. | 2023-10-31 | not yet calculated | CVE-2023-37833 MISC |
elenos -- etg150_fm_transmitter | Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out. | 2023-10-31 | not yet calculated | CVE-2023-39695 MISC |
engineermode -- engineermode | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42648 MISC |
engineermode -- engineermode | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42649 MISC |
engineermode -- engineermode | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42650 MISC |
engineermode -- engineermode | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42651 MISC |
engineermode -- engineermode | In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42652 MISC |
exfatprogs -- exfatprogs | exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. | 2023-10-28 | not yet calculated | CVE-2023-45897 MISC MISC MISC MISC MISC |
faceid_service -- faceid_service | In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges | 2023-11-01 | not yet calculated | CVE-2023-42653 MISC |
fireflow -- fireflow | Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker to obtain victim's domain credentials and Net-NTLM hash which can lead to relay domain attacks. | 2023-11-02 | not yet calculated | CVE-2023-46595 MISC |
flyte -- flyteadmin | FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue. | 2023-10-30 | not yet calculated | CVE-2023-41891 MISC MISC MISC |
fog -- fog | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard. | 2023-10-31 | not yet calculated | CVE-2023-46235 MISC MISC |
fog -- fog | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch. | 2023-10-31 | not yet calculated | CVE-2023-46236 MISC MISC |
fog -- fog | FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue. | 2023-10-31 | not yet calculated | CVE-2023-46237 MISC MISC |
foodcoopshop -- foodcoopshop | FoodCoopShop is open source software for food coops and local shops. Versions prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability. | 2023-11-02 | not yet calculated | CVE-2023-46725 MISC MISC MISC MISC |
franfinance -- franfinance | An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components. | 2023-10-31 | not yet calculated | CVE-2023-43139 MISC |
franklin_fueling_system -- ts-550 | Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. | 2023-11-02 | not yet calculated | CVE-2023-5846 MISC |
frigate -- frigate | Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via "drive-by" attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could be exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch. | 2023-10-30 | not yet calculated | CVE-2023-45670 MISC MISC MISC MISC MISC |
frigate -- frigate | Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could be exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue. | 2023-10-30 | not yet calculated | CVE-2023-45671 MISC |
frigate -- frigate | Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could be exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch. | 2023-10-30 | not yet calculated | CVE-2023-45672 MISC MISC MISC MISC |
frrouting_frr -- frrouting_frr | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). | 2023-11-03 | not yet calculated | CVE-2023-47234 MISC |
frrouting_frr -- frrouting_frr | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. | 2023-11-03 | not yet calculated | CVE-2023-47235 MISC |
fujifilm_business_inovation_corp. -- apeos_c3070_asia_pacific_model | Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2023-11-02 | not yet calculated | CVE-2023-46327 MISC MISC MISC |
galaxy_software_services_corporation -- vitals_esp | Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service. | 2023-11-03 | not yet calculated | CVE-2023-41357 MISC |
gawk -- gawk | A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. | 2023-11-02 | not yet calculated | CVE-2023-3164 MISC MISC |
getsimplecms -- getsimplecms | Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the components.php function. | 2023-10-31 | not yet calculated | CVE-2023-46040 MISC |
glpi -- glpi | GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP files can then be executed through a web server request. Version 10.0.10 fixes this issue. As a workaround, remove write access on `/ajax` and `/front` files to the web server. | 2023-11-02 | not yet calculated | CVE-2023-42802 MISC MISC |
gnss_service -- gnss_service | In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42750 MISC |
google -- android | In Bluetooth, there is a possible way for a paired Bluetooth device to access a long-term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21307 MISC |
google -- android | In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-40101 MISC |
google -- android | KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps. | 2023-10-31 | not yet calculated | CVE-2023-46139 MISC MISC MISC MISC MISC MISC MISC |
google -- android | In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2022-20264 MISC |
google -- android | In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21293 MISC |
google -- android | In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21295 MISC |
google -- android | In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21296 MISC |
google -- android | In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21297 MISC |
google -- android | In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21298 MISC |
google -- android | In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21299 MISC |
google -- android | In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21300 MISC |
google -- android | In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21301 MISC |
google -- android | In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21302 MISC |
google -- android | In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21303 MISC |
google -- android | In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21304 MISC |
google -- android | In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21305 MISC |
google -- android | In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21306 MISC |
google -- android | In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21308 MISC |
google -- android | In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21309 MISC |
google -- android | In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21310 MISC |
google -- android | In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21311 MISC |
google -- android | In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21312 MISC |
google -- android | In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21313 MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21314 MISC |
google -- android | In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21315 MISC |
google -- android | In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21316 MISC |
google -- android | In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21317 MISC |
google -- android | In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21318 MISC |
google -- android | In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21319 MISC |
google -- android | In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21320 MISC |
google -- android | In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21321 MISC |
google -- android | In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21323 MISC |
google -- android | In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21324 MISC |
google -- android | In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21325 MISC |
google -- android | In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21326 MISC |
google -- android | In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21327 MISC |
google -- android | In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21328 MISC |
google -- android | In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21329 MISC |
google -- android | In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21330 MISC |
google -- android | In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21331 MISC |
google -- android | In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21332 MISC |
google -- android | In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21333 MISC |
google -- android | In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21334 MISC |
google -- android | In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21335 MISC |
google -- android | In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21336 MISC |
google -- android | In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21337 MISC |
google -- android | In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21338 MISC |
google -- android | In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21339 MISC |
google -- android | In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21340 MISC |
google -- android | In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21341 MISC |
google -- android | In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21342 MISC |
google -- android | In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21343 MISC |
google -- android | In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21344 MISC |
google -- android | In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21387 MISC |
google -- android | In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21388 MISC |
google -- android | In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21389 MISC |
google -- android | In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21390 MISC |
google -- android | In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21391 MISC |
google -- android | In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21392 MISC |
google -- android | In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21393 MISC |
google -- android | In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21396 MISC |
google -- android | In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21397 MISC |
google -- android | In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-21398 MISC |
google -- chrome | Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) | 2023-11-01 | not yet calculated | CVE-2023-5480 MISC MISC MISC |
google -- chrome | Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | 2023-11-01 | not yet calculated | CVE-2023-5482 MISC MISC MISC |
google -- chrome | Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-11-01 | not yet calculated | CVE-2023-5849 MISC MISC MISC |
google -- chrome | Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) | 2023-11-01 | not yet calculated | CVE-2023-5850 MISC MISC MISC |
google -- chrome | Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-11-01 | not yet calculated | CVE-2023-5851 MISC MISC MISC |
google -- chrome | Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | 2023-11-01 | not yet calculated | CVE-2023-5852 MISC MISC MISC |
google -- chrome | Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-11-01 | not yet calculated | CVE-2023-5853 MISC MISC MISC |
google -- chrome | Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | 2023-11-01 | not yet calculated | CVE-2023-5854 MISC MISC MISC |
google -- chrome | Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) | 2023-11-01 | not yet calculated | CVE-2023-5855 MISC MISC MISC |
google -- chrome | Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-11-01 | not yet calculated | CVE-2023-5856 MISC MISC MISC |
google -- chrome | Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) | 2023-11-01 | not yet calculated | CVE-2023-5857 MISC MISC MISC |
google -- chrome | Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | 2023-11-01 | not yet calculated | CVE-2023-5858 MISC MISC MISC |
google -- chrome | Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) | 2023-11-01 | not yet calculated | CVE-2023-5859 MISC MISC MISC |
govee -- led_strip | An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands. | 2023-10-30 | not yet calculated | CVE-2023-45956 MISC |
gpac -- gpac | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box. | 2023-11-01 | not yet calculated | CVE-2023-46927 MISC MISC |
gpac -- gpac | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42. | 2023-11-01 | not yet calculated | CVE-2023-46928 MISC MISC |
gpac -- gpac | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14. | 2023-11-01 | not yet calculated | CVE-2023-46930 MISC MISC |
gpac -- gpac | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box. | 2023-11-01 | not yet calculated | CVE-2023-46931 MISC MISC |
groundhogg_inc. -- groundhogg | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11. | 2023-11-03 | not yet calculated | CVE-2023-34179 MISC |
gyouza-newhushimi -- gyouza-newhushimi | An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 2023-11-02 | not yet calculated | CVE-2023-39042 MISC MISC |
hadsky -- hadsky | An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. | 2023-11-01 | not yet calculated | CVE-2023-46428 MISC |
hattoriya -- hattoriya | An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 2023-11-02 | not yet calculated | CVE-2023-39053 MISC MISC |
hirochankakiwaiting -- hirochankakiwaiting | An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 2023-11-02 | not yet calculated | CVE-2023-39057 MISC MISC |
hitachi_energy -- esoms | The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications. | 2023-11-01 | not yet calculated | CVE-2023-5515 MISC |
hitachi_energy -- esoms | Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. | 2023-11-01 | not yet calculated | CVE-2023-5516 MISC |
hitachi_energy -- mach_system_software | The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can exploit this vulnerability by uploading a crafted ZIP archive via the network to McFeeder's service endpoint. | 2023-11-01 | not yet calculated | CVE-2023-2621 MISC |
hitachi_energy -- mach_system_software | Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read. | 2023-11-01 | not yet calculated | CVE-2023-2622 MISC |
hitachi_energy -- esoms_report_generation | The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. | 2023-11-01 | not yet calculated | CVE-2023-5514 MISC |
hp_inc. -- hp_pc_hardware_diagnostics_windows | Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. | 2023-10-31 | not yet calculated | CVE-2023-5739 MISC |
ibm -- content_navigator | IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. | 2023-11-03 | not yet calculated | CVE-2023-35896 MISC MISC |
ibm -- i | Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116. | 2023-10-29 | not yet calculated | CVE-2023-40685 MISC MISC |
ibm -- mq_appliance | IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. | 2023-11-03 | not yet calculated | CVE-2023-46176 MISC MISC |
ibm -- multiple_products | IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. | 2023-11-03 | not yet calculated | CVE-2023-43018 MISC MISC |
ibm -- robotic_process_automation | A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. | 2023-11-03 | not yet calculated | CVE-2023-45189 MISC MISC |
ibm -- multiple_products | IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. | 2023-11-03 | not yet calculated | CVE-2023-42027 MISC MISC MISC |
ibm -- multiple_products | IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. | 2023-11-03 | not yet calculated | CVE-2023-42029 MISC MISC MISC |
idnovate_superuser -- idnovate_superuser | An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call. | 2023-10-31 | not yet calculated | CVE-2023-45899 MISC |
ifaa_service -- ifaa_service | In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42646 MISC |
ifaa_service -- ifaa_service | In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42647 MISC |
inkdrop -- inkdrop | Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. | 2023-10-30 | not yet calculated | CVE-2023-44141 MISC MISC MISC |
insights-client -- insights-client | A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). | 2023-11-01 | not yet calculated | CVE-2023-3972 MISC MISC MISC MISC MISC MISC MISC |
insyde -- insydeh2o | A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. | 2023-11-01 | not yet calculated | CVE-2023-39281 MISC MISC |
insyde --insydeh2o | An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation. | 2023-11-02 | not yet calculated | CVE-2023-39283 MISC MISC |
insyde -- insydeh20 | An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler. | 2023-11-02 | not yet calculated | CVE-2023-39284 MISC MISC |
inure -- inure | Missing Authorization in GitHub repository hamza417/inure prior to Build95. | 2023-10-31 | not yet calculated | CVE-2023-5862 MISC MISC |
ivanti -- automation | A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | 2023-11-03 | not yet calculated | CVE-2022-44569 MISC |
ivanti -- avalance | Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | 2023-11-03 | not yet calculated | CVE-2023-41725 MISC |
ivanti -- avalanche | Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | 2023-11-03 | not yet calculated | CVE-2022-43554 MISC |
ivanti -- avalanche | Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | 2023-11-03 | not yet calculated | CVE-2022-43555 MISC |
ivanti --avalance | Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | 2023-11-03 | not yet calculated | CVE-2023-41726 MISC |
jhipster -- jhipster | JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters. | 2023-10-31 | not yet calculated | CVE-2015-20110 MISC MISC MISC MISC |
jspxcms -- jspxcms | There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend. | 2023-11-01 | not yet calculated | CVE-2023-46911 MISC |
jumpserver -- jumpserver | JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is registered in the future, it may affect the password reset functionality. This issue has been patched in version 3.8.0 by changing the default email domain to `example.com`. Those who cannot upgrade may change the default email domain to `example.com` manually. | 2023-10-31 | not yet calculated | CVE-2023-46138 MISC MISC |
kerawen -- kerawen | kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). | 2023-11-04 | not yet calculated | CVE-2023-40922 MISC |
kimai -- kimai | Kimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software's PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available. | 2023-10-31 | not yet calculated | CVE-2023-46245 MISC |
kubernetes -- csi-proxy | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy. | 2023-11-03 | not yet calculated | CVE-2023-3893 MISC MISC |
kubernetes -- kube-apiserver | A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties. | 2023-11-03 | not yet calculated | CVE-2022-3172 MISC MISC |
kubernetes -- kubelet | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | 2023-10-31 | not yet calculated | CVE-2023-3676 MISC MISC |
kubernetes -- kubelet | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. | 2023-10-31 | not yet calculated | CVE-2023-3955 MISC MISC |
kubernetes -- kubernetes | Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port ("spec.ports[*].port") as a LoadBalancer Service when the LoadBalancer controller does not set the "status.loadBalancer.ingress[].ip" field. Clusters where the LoadBalancer controller sets the "status.loadBalancer.ingress[].ip" field are unaffected. | 2023-10-30 | not yet calculated | CVE-2021-25736 MISC MISC |
kyocera -- taskalfa | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575. | 2023-11-03 | not yet calculated | CVE-2023-34259 MISC MISC |
kyocera -- taskalfa | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory. | 2023-11-03 | not yet calculated | CVE-2023-34260 MISC MISC |
kyocera -- taskalfa | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error. | 2023-11-03 | not yet calculated | CVE-2023-34261 MISC MISC |
learndash -- learndash_lms | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LearnDash LearnDash LMS allows SQL Injection. This issue affects LearnDash LMS: from n/a through 4.5.3. | 2023-10-31 | not yet calculated | CVE-2023-28777 MISC |
lenovo -- thinkpad_bios | An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. | 2023-10-30 | not yet calculated | CVE-2022-4574 MISC |
lenovo -- thinkpad_bios | A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. | 2023-10-30 | not yet calculated | CVE-2022-4575 MISC |
line_corporation -- line_for_android | LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | 2023-10-31 | not yet calculated | CVE-2015-0897 MISC MISC |
line_corporation -- line_for_android | LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | 2023-10-31 | not yet calculated | CVE-2015-2968 MISC MISC |
linux -- kernel | A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. | 2023-11-01 | not yet calculated | CVE-2023-1192 MISC MISC MISC |
linux -- kernel | A use-after-free flaw was found in the Linux kernel's mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. | 2023-11-03 | not yet calculated | CVE-2023-1476 MISC MISC MISC MISC |
linux -- kernel | A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information. | 2023-11-01 | not yet calculated | CVE-2023-3397 MISC MISC MISC |
linux -- kernel | An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. | 2023-10-29 | not yet calculated | CVE-2023-46862 MISC MISC |
linux -- kernel | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real-world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. | 2023-11-03 | not yet calculated | CVE-2023-47233 MISC MISC MISC |
linux -- kernel | A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges. | 2023-11-01 | not yet calculated | CVE-2023-5178 MISC MISC MISC |
liquidfiles -- liquidfiles | HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. | 2023-10-30 | not yet calculated | CVE-2023-4393 MISC |
lissy93_dashy -- lissy93_dashy | A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability. | 2023-11-02 | not yet calculated | CVE-2023-5916 MISC MISC MISC MISC |
lmxcms -- lmxcms | An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. | 2023-11-02 | not yet calculated | CVE-2023-46958 MISC MISC MISC |
lost_and_found_information_system -- lost_and_found_information_system | Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | 2023-11-03 | not yet calculated | CVE-2023-38965 MISC MISC |
loytec -- multiple_products | LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP. | 2023-11-04 | not yet calculated | CVE-2023-46380 MISC |
loytec -- multiple_products | LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. | 2023-11-04 | not yet calculated | CVE-2023-46381 MISC |
loytec -- multiple_products | LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login. | 2023-11-04 | not yet calculated | CVE-2023-46382 MISC |
lte-pic32-writer -- lte-pic32-writer | lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`. | 2023-10-31 | not yet calculated | CVE-2023-46723 MISC |
manageengine -- desktop_central | A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv. | 2023-11-03 | not yet calculated | CVE-2023-4767 MISC |
manageengine -- desktop_central | A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf. | 2023-11-03 | not yet calculated | CVE-2023-4768 MISC |
manageengine -- desktop_central | A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests. | 2023-11-03 | not yet calculated | CVE-2023-4769 MISC |
mattermost -- mattermost | Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server | 2023-11-02 | not yet calculated | CVE-2023-5875 MISC |
mattermost -- mattermost | Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial-Of-Service. | 2023-11-02 | not yet calculated | CVE-2023-5876 MISC |
mattermost -- mattermost | Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | 2023-11-02 | not yet calculated | CVE-2023-5920 MISC |
mb_support -- openviva | A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim's browser via name field of a process. | 2023-10-30 | not yet calculated | CVE-2022-39172 MISC |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. | 2023-11-03 | not yet calculated | CVE-2023-45360 MISC |
mediawiki -- mediawiki | An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak. | 2023-11-03 | not yet calculated | CVE-2023-45362 MISC |
microsoft -- edge | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-03 | not yet calculated | CVE-2023-36022 MISC |
microsoft -- edge | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2023-11-03 | not yet calculated | CVE-2023-36029 MISC |
microsoft -- edge | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-03 | not yet calculated | CVE-2023-36034 MISC |
microweber -- microweber | Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. | 2023-10-31 | not yet calculated | CVE-2023-5861 MISC MISC |
mincal -- mincal | An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. | 2023-10-30 | not yet calculated | CVE-2023-46478 MISC |
minicms -- minicms | Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php. | 2023-10-31 | not yet calculated | CVE-2023-46378 MISC |
mintplex-labs -- anything-llm | Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | 2023-10-30 | not yet calculated | CVE-2023-5832 MISC MISC |
mintplex-labs -- anything-llm | Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. | 2023-10-30 | not yet calculated | CVE-2023-5833 MISC MISC |
mlsoft -- tco!stream | In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files. | 2023-10-30 | not yet calculated | CVE-2023-45799 MISC |
moxa -- multiple_products | A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. | 2023-11-01 | not yet calculated | CVE-2023-4452 MISC |
moxa -- nport_6000_series | A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. | 2023-11-01 | not yet calculated | CVE-2023-5627 MISC |
moxa -- pt-g503_series | A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | 2023-11-02 | not yet calculated | CVE-2023-4217 MISC |
moxa -- pt-g503_series | A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | 2023-11-02 | not yet calculated | CVE-2023-5035 MISC |
mupdf -- mupdf | MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 2023-10-31 | not yet calculated | CVE-2023-31794 MISC MISC MISC |
nanoleaf -- light_strip | An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. | 2023-10-31 | not yet calculated | CVE-2023-45955 MISC |
nats -- nats-server | NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0. | 2023-10-30 | not yet calculated | CVE-2023-47090 MISC MISC MLIST |
ncsist_manageengine -- mobile_device_manager | NCSIST ManageEngine Mobile Device Manager (MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | 2023-11-03 | not yet calculated | CVE-2023-41356 MISC |
ncsist_manageengine -- mobile_device_manager | NCSIST ManageEngine Mobile Device Manager (MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | 2023-11-03 | not yet calculated | CVE-2023-41344 MISC |
netmove_corporation -- saat_netizen_installer | Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed. | 2023-10-31 | not yet calculated | CVE-2016-1203 MISC MISC |
nvidia -- multiple_products | NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 2023-11-02 | not yet calculated | CVE-2023-31016 MISC |
nvidia -- multiple_products | NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 2023-11-02 | not yet calculated | CVE-2023-31017 MISC |
nvidia -- multiple_products | NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context. | 2023-11-02 | not yet calculated | CVE-2023-31019 MISC |
nvidia -- multiple_products | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering. | 2023-11-02 | not yet calculated | CVE-2023-31020 MISC |
nvidia -- multiple_products | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. | 2023-11-02 | not yet calculated | CVE-2023-31022 MISC |
nvidia -- multiple_products | NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service. | 2023-11-02 | not yet calculated | CVE-2023-31023 MISC |
nvidia -- multiple_products | NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges. | 2023-11-02 | not yet calculated | CVE-2023-31027 MISC |
nvidia -- vgpu_driver_and_cloud_gaming_driver | NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. | 2023-11-02 | not yet calculated | CVE-2023-31018 MISC |
nvidia -- vgpu_driver_and_cloud_gaming_driver | NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service. | 2023-11-02 | not yet calculated | CVE-2023-31021 MISC |
nvidia -- vgpu_driver_and_cloud_gaming_driver | NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service. | 2023-11-02 | not yet calculated | CVE-2023-31026 MISC |
opencrx -- opencrx | An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request. | 2023-10-30 | not yet calculated | CVE-2023-46502 MISC MISC |
openeuler -- isulad | iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS. | 2023-10-29 | not yet calculated | CVE-2021-33634 MISC MISC MISC |
openeuler -- isulad | When malicious images are pulled by isula pull, attackers can execute arbitrary code. | 2023-10-29 | not yet calculated | CVE-2021-33635 MISC MISC MISC |
openeuler -- isulad | When the isula load command is used to load malicious images, attackers can execute arbitrary code. | 2023-10-29 | not yet calculated | CVE-2021-33636 MISC MISC MISC |
openeuler -- isulad | When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. | 2023-10-29 | not yet calculated | CVE-2021-33637 MISC MISC MISC |
openeuler -- isulad | When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. | 2023-10-29 | not yet calculated | CVE-2021-33638 MISC MISC MISC |
openimageio_oiio -- openimageio_oiio | Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. | 2023-11-02 | not yet calculated | CVE-2023-42299 MISC |
opentext -- service_management_automation_x | Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites. | 2023-10-30 | not yet calculated | CVE-2023-4964 MISC |
ox_software_gmbh -- ox_app_suite | Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-26452 MISC MISC |
ox_software_gmbh -- ox_app_suite | Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-26453 MISC MISC |
ox_software_gmbh -- ox_app_suite | Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-26454 MISC MISC |
ox_software_gmbh -- ox_app_suite | RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-26455 MISC MISC |
ox_software_gmbh -- ox_app_suite | Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-26456 MISC MISC |
ox_software_gmbh -- ox_app_suite | Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-29043 MISC MISC |
ox_software_gmbh -- ox_app_suite | Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-29044 MISC MISC |
ox_software_gmbh -- ox_app_suite | Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-29045 MISC MISC |
ox_software_gmbh -- ox_app_suite | Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result, users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-29046 MISC MISC |
ox_software_gmbh -- ox_app_suite | Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known. | 2023-11-02 | not yet calculated | CVE-2023-29047 MISC MISC |
pcrs -- pcrs | PCRS <= 3.11 (d0de1e) "Questions" page and "Code editor" page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. | 2023-11-03 | not yet calculated | CVE-2023-46404 MISC MISC |
peppermint_ticket_management -- peppermint_ticket_management | Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request. | 2023-10-30 | not yet calculated | CVE-2023-46863 MISC |
peppermint_ticket_management -- peppermint_ticket_management | Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request. | 2023-10-30 | not yet calculated | CVE-2023-46864 MISC |
php -- php | A vulnerability was found in PHP when setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. | 2023-11-02 | not yet calculated | CVE-2022-4900 MISC MISC |
phpbb -- phpbb | A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307. | 2023-11-02 | not yet calculated | CVE-2023-5917 MISC MISC MISC MISC MISC MISC |
phpfox -- phpfox | An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code. | 2023-11-03 | not yet calculated | CVE-2023-46817 MISC MISC MISC MISC MISC |
phpmyfaq -- phpmyfaq | Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | 2023-10-31 | not yet calculated | CVE-2023-5865 MISC MISC |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | 2023-10-31 | not yet calculated | CVE-2023-5863 MISC MISC |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1. | 2023-10-31 | not yet calculated | CVE-2023-5864 MISC MISC |
phpmyfaq -- phpmyfaq | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. | 2023-10-31 | not yet calculated | CVE-2023-5866 MISC MISC |
phpmyfaq -- phpmyfaq | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | 2023-10-31 | not yet calculated | CVE-2023-5867 MISC MISC |
pillow -- pillow | An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. | 2023-11-03 | not yet calculated | CVE-2023-44271 MISC MISC MISC |
pimcore -- pimcore | The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually. | 2023-10-31 | not yet calculated | CVE-2023-46722 MISC MISC MISC |
pimcore -- pimcore | Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. | 2023-10-30 | not yet calculated | CVE-2023-5844 MISC MISC |
pimcore -- pimcore | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. | 2023-10-31 | not yet calculated | CVE-2023-5873 MISC MISC |
pkp -- pkp | Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-01 | not yet calculated | CVE-2023-5889 MISC MISC |
pkp -- pkp | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-01 | not yet calculated | CVE-2023-5890 MISC MISC |
pkp -- pkp | Cross-site Scripting (XSS) - Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-01 | not yet calculated | CVE-2023-5891 MISC MISC |
pkp -- pkp | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-01 | not yet calculated | CVE-2023-5892 MISC MISC |
pkp -- pkp | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-01 | not yet calculated | CVE-2023-5893 MISC MISC |
pkp -- pkp | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/ojs prior to 3.3.0-16. | 2023-11-01 | not yet calculated | CVE-2023-5894 MISC MISC |
pkp -- pkp | Cross-site Scripting (XSS) - DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-01 | not yet calculated | CVE-2023-5895 MISC MISC |
pkp -- pkp | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4. | 2023-11-01 | not yet calculated | CVE-2023-5896 MISC MISC |
pkp -- pkp | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1. | 2023-11-01 | not yet calculated | CVE-2023-5897 MISC MISC |
pkp -- pkp | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-01 | not yet calculated | CVE-2023-5898 MISC MISC |
pkp -- pkp | Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-01 | not yet calculated | CVE-2023-5899 MISC MISC |
popojicms -- popojicms | A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects some unknown processing of the file install.php of the component Web Config. The manipulation of the argument Site Title with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-244229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-02 | not yet calculated | CVE-2023-5910 MISC MISC MISC MISC |
prestashop -- prestashop | SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allows a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components. | 2023-10-31 | not yet calculated | CVE-2023-27846 MISC |
prestashop -- prestashop | Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | 2023-10-31 | not yet calculated | CVE-2023-36263 MISC |
prestashop -- prestashop | In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | 2023-10-31 | not yet calculated | CVE-2023-45378 MISC |
prestashop -- prestashop | In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email. | 2023-11-02 | not yet calculated | CVE-2023-46352 MISC MISC |
prestashop -- prestashop | In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. | 2023-10-31 | not yet calculated | CVE-2023-46356 MISC |
print_service -- print_service | In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2023-10-30 | not yet calculated | CVE-2023-45780 MISC |
px4-autopilot -- px4-autopilot | PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available. | 2023-10-31 | not yet calculated | CVE-2023-46256 MISC MISC |
pypdf -- pypdf | pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`. | 2023-10-31 | not yet calculated | CVE-2023-46250 MISC MISC MISC |
python-eventlet -- python-eventlet | A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. | 2023-11-01 | not yet calculated | CVE-2023-5625 MISC MISC MISC |
qemu -- qemu | A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot. | 2023-11-03 | not yet calculated | CVE-2023-5088 MISC MISC MISC |
qnap_systems_inc. -- multimedia_console | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later | 2023-11-03 | not yet calculated | CVE-2023-23369 MISC |
qnap_systems_inc. -- music_station | A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later | 2023-11-03 | not yet calculated | CVE-2023-39299 MISC |
qnap_systems_inc. -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | 2023-11-03 | not yet calculated | CVE-2023-23368 MISC |
qnap_systems_inc. -- qts | A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later | 2023-11-03 | not yet calculated | CVE-2023-39301 MISC |
quic-go -- quic-go | quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected. | 2023-10-31 | not yet calculated | CVE-2023-46239 MISC MISC MISC |
ragic -- no-code_database_builder | Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | 2023-11-03 | not yet calculated | CVE-2023-41343 MISC |
red_hat -- openshift | A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster. | 2023-11-02 | not yet calculated | CVE-2023-5408 MISC MISC MISC MISC |
relativity_oda_llc -- relativityone | SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. | 2023-11-03 | not yet calculated | CVE-2023-46954 MISC |
reportico -- reportico | Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS). | 2023-11-02 | not yet calculated | CVE-2023-46925 MISC |
rsvpmaker -- rsvpmaker | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. | 2023-11-03 | not yet calculated | CVE-2023-41652 MISC |
ruby-magick -- ruby-magick | A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion. | 2023-10-30 | not yet calculated | CVE-2023-5349 MISC MISC MISC MISC |
samba -- samba | A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work. | 2023-11-01 | not yet calculated | CVE-2023-1193 MISC MISC MISC |
samba -- samba | An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. | 2023-11-03 | not yet calculated | CVE-2023-1194 MISC MISC MISC |
samba -- samba | A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. | 2023-11-03 | not yet calculated | CVE-2023-3961 MISC MISC MISC MISC MISC MISC |
samba -- samba | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. | 2023-11-03 | not yet calculated | CVE-2023-4091 MISC MISC MISC MISC MISC MISC |
samba -- samba | A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services. | 2023-11-03 | not yet calculated | CVE-2023-42670 MISC MISC MISC MISC MISC |
sangoma_technologies -- freepbx | Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. | 2023-11-02 | not yet calculated | CVE-2023-43336 MISC MISC MISC |
sap_se -- sap_enable_now | In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information. | 2023-10-30 | not yet calculated | CVE-2023-36920 MISC MISC |
schedmd_slurm -- schedmd_slurm | SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. | 2023-11-03 | not yet calculated | CVE-2023-41914 MISC CONFIRM FEDORA |
securepoint_ssl_vpn_client -- securepoint_ssl_vpn_client | The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. | 2023-10-30 | not yet calculated | CVE-2023-47101 MISC MISC |
senayan -- multiple_products | SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. | 2023-10-31 | not yet calculated | CVE-2023-45996 MISC MISC |
shouzu -- sweets_oz | An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 2023-11-02 | not yet calculated | CVE-2023-39047 MISC MISC |
sim_service -- sim_service | In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42645 MISC |
sim_service -- sim_service | In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42655 MISC |
six_apart -- multiple_products | Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier. | 2023-10-30 | not yet calculated | CVE-2023-45746 MISC MISC |
solwin_infotech -- user_activity_log | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection. This issue affects User Activity Log: from n/a through 1.6.2. | 2023-10-31 | not yet calculated | CVE-2023-37966 MISC |
sourcecodester -- company_website_cms | A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability. | 2023-11-02 | not yet calculated | CVE-2023-5919 MISC MISC MISC |
sourcecodester -- visitor_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244308. | 2023-11-02 | not yet calculated | CVE-2023-5918 MISC MISC MISC |
sourcegraph -- cody | Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file `.vscode/cody.json` and overwrite Cody commands. If a user with the extension installed opens this malicious repository and runs a Cody command such as /explain or /doc, this could allow arbitrary code execution on the user's machine. The vulnerability is rated as critical severity, but with low exploitability. It requires the user to have a malicious repository loaded and execute the overwritten command in VS Code. The issue is exploitable regardless of the user blocking code execution on a repository through VS Code Workspace Trust. The issue was found during a regular 3rd party penetration test. The maintainers of Cody do not have evidence of open source repositories having malicious `.vscode/cody.json` files to exploit this vulnerability. The issue is fixed in version 0.14.1 of the Cody VSCode extension. In case users can't promptly upgrade, they should not open any untrusted repositories with the Cody extension loaded. | 2023-10-31 | not yet calculated | CVE-2023-46248 MISC MISC |
spicedb -- spicedb | SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0-rc1 patches this issue. | 2023-10-31 | not yet calculated | CVE-2023-46255 MISC MISC |
squid -- squid | Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial-of-Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | 2023-11-01 | not yet calculated | CVE-2023-46724 MISC MISC MISC MISC |
squid -- squid | SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | 2023-11-03 | not yet calculated | CVE-2023-46846 MISC MISC MISC MISC MISC MISC |
squid -- squid | Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | 2023-11-03 | not yet calculated | CVE-2023-46847 MISC MISC MISC MISC MISC MISC |
squid -- squid | Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. | 2023-11-03 | not yet calculated | CVE-2023-46848 MISC MISC MISC MISC MISC |
squid -- squid | Squid is vulnerable to Denial-of-Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. | 2023-11-03 | not yet calculated | CVE-2023-5824 MISC MISC MISC |
submitty -- submitty | Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS. | 2023-11-02 | not yet calculated | CVE-2023-43193 MISC MISC |
submitty -- submitty | Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter. | 2023-11-02 | not yet calculated | CVE-2023-43194 MISC MISC |
subrion -- subrion | Subrion 4.2.1 has a remote command execution vulnerability in the backend. | 2023-11-03 | not yet calculated | CVE-2023-46947 MISC |
swtpm -- swtpm | In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | 2023-11-03 | not yet calculated | CVE-2020-28407 MISC CONFIRM CONFIRM |
synapse -- synapse | Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver. | 2023-10-31 | not yet calculated | CVE-2023-43796 MISC MISC |
teamamaze -- amazefileutilities | Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91. | 2023-11-03 | not yet calculated | CVE-2023-5948 MISC MISC |
tenable -- nessus | Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. | 2023-11-01 | not yet calculated | CVE-2023-5847 MISC MISC |
thorn_sftp_gateway -- thorn_sftp_gateway | Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution. | 2023-10-31 | not yet calculated | CVE-2023-47174 MISC |
tinyfiledialogs -- tinyfiledialogs | tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. | 2023-10-30 | not yet calculated | CVE-2020-36767 MISC |
tinyfiledialogs -- tinyfiledialogs | tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters. | 2023-10-30 | not yet calculated | CVE-2023-47104 MISC MISC |
tokudaya.ekimae_mc -- tokudaya.ekimae_mc | An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 2023-11-02 | not yet calculated | CVE-2023-39054 MISC MISC |
tokudaya.honten -- tokudaya.honten | An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 2023-11-02 | not yet calculated | CVE-2023-39048 MISC MISC |
totolink -- totolink | An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. | 2023-10-31 | not yet calculated | CVE-2023-46484 MISC |
totolink -- totolink | An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. | 2023-10-31 | not yet calculated | CVE-2023-46485 MISC |
totolink -- totolink | TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. | 2023-10-31 | not yet calculated | CVE-2023-46976 MISC |
totolink -- totolink | TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth. | 2023-10-31 | not yet calculated | CVE-2023-46977 MISC |
totolink -- totolink | TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control. Attackers can reset login password & WIFI passwords without authentication. | 2023-10-31 | not yet calculated | CVE-2023-46978 MISC |
totolink -- totolink | TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. | 2023-10-31 | not yet calculated | CVE-2023-46979 MISC |
totolink -- totolink | TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset several critical passwords without authentication by visiting specific pages. | 2023-10-31 | not yet calculated | CVE-2023-46992 MISC |
totolink -- totolink | In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. | 2023-10-31 | not yet calculated | CVE-2023-46993 MISC |
tp-link -- tapo_c100 | An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. | 2023-10-31 | not yet calculated | CVE-2023-39610 MISC |
transmute-core -- transmute-core | Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. | 2023-11-02 | not yet calculated | CVE-2023-47204 MISC MISC |
turing_video -- turing_edge+_evc5fd | An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. | 2023-10-31 | not yet calculated | CVE-2023-42425 MISC MISC |
unisoc_(shanghai)_technologies_co.,_ltd. -- multiple_products | In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2022-48457 MISC |
unisoc_(shanghai)_technologies_co.,_ltd. -- multiple_products | In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2022-48454 MISC |
unisoc_(shanghai)_technologies_co.,_ltd. -- multiple_products | In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2022-48455 MISC |
unisoc_(shanghai)_technologies_co.,_ltd. -- multiple_products | In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed | 2023-11-01 | not yet calculated | CVE-2022-48456 MISC |
unisoc_(shanghai)_technologies_co.,_ltd. -- multiple_products | In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2022-48458 MISC |
unisoc_(shanghai)_technologies_co.,_ltd. -- multiple_products | In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2022-48459 MISC |
unisoc_(shanghai)_technologies_co.,_ltd. -- multiple_products | In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2022-48460 MISC |
unisoc_(shanghai)_technologies_co.,_ltd. -- multiple_products | In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2023-11-01 | not yet calculated | CVE-2022-48461 MISC |
univention_ucs -- univention_ucs | An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function. | 2023-10-31 | not yet calculated | CVE-2023-38994 MISC MISC MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42631 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42632 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42633 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42634 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42635 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42636 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42637 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42638 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42639 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42640 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42641 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42642 MISC |
validationtools -- validationtools | In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-11-01 | not yet calculated | CVE-2023-42643 MISC |
vinchin_backup_&_recovery -- vinchin_backup_&_recovery | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. | 2023-10-27 | not yet calculated | CVE-2023-45498 MISC FULLDISC MISC |
vinchin_backup_&_recovery -- vinchin_backup_&_recovery | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. | 2023-10-27 | not yet calculated | CVE-2023-45499 MISC FULLDISC MISC |
virtualmin -- virtualmin | A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details. | 2023-11-01 | not yet calculated | CVE-2023-47094 MISC |
virtualmin -- virtualmin | A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server. | 2023-11-01 | not yet calculated | CVE-2023-47095 MISC |
virtualmin -- virtualmin | A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field. | 2023-11-01 | not yet calculated | CVE-2023-47096 MISC |
virtualmin -- virtualmin | A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates. | 2023-11-01 | not yet calculated | CVE-2023-47097 MISC |
virtualmin -- virtualmin | A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field. | 2023-11-01 | not yet calculated | CVE-2023-47098 MISC |
virtualmin -- virtualmin | A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server. | 2023-11-01 | not yet calculated | CVE-2023-47099 MISC |
vision_meat_works -- track_diner_10/10mbl | An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 2023-11-02 | not yet calculated | CVE-2023-39051 MISC MISC |
vmware -- open-vm-tools | open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. | 2023-10-27 | not yet calculated | CVE-2023-34059 MISC MISC MISC MISC MISC |
vmware -- tools | VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 2023-10-27 | not yet calculated | CVE-2023-34058 MISC MISC MISC MISC |
vmware -- workspace_one_uem_console | VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user. | 2023-10-31 | not yet calculated | CVE-2023-20886 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Multiple Page Generator Plugin - MPG multiple-pages-generator-by-porthas allows SQL Injection. This issue affects Multiple Page Generator Plugin - MPG: from n/a through 3.3.19. | 2023-10-31 | not yet calculated | CVE-2023-33927 MISC |
wordpress -- wordpress | A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804. | 2023-10-29 | not yet calculated | CVE-2005-10002 MISC MISC MISC |
wordpress -- wordpress | A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803. | 2023-10-29 | not yet calculated | CVE-2007-10003 MISC MISC MISC MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection. This issue affects Paytm Payment Gateway: from n/a through 2.7.3. | 2023-11-03 | not yet calculated | CVE-2022-45805 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection. This issue affects ARMember: from n/a through 3.4.11. | 2023-11-03 | not yet calculated | CVE-2022-46808 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection. This issue affects Email posts to subscribers: from n/a through 6.2. | 2023-11-03 | not yet calculated | CVE-2022-46818 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection. This issue affects Spiffy Calendar: from n/a through 4.9.1. | 2023-11-03 | not yet calculated | CVE-2022-46859 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection. This issue affects Neshan Maps: from n/a through 1.1.4. | 2023-11-03 | not yet calculated | CVE-2022-47426 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection. This issue affects Be POPIA Compliant: from n/a through 1.2.0. | 2023-11-03 | not yet calculated | CVE-2022-47445 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection. This issue affects Simple Photo Gallery: from n/a through v1.8.1. | 2023-11-03 | not yet calculated | CVE-2022-47588 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. | 2023-10-31 | not yet calculated | CVE-2023-24000 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contact Form - WPManageNinja LLC Contact Form Plugin - Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin - Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25. | 2023-10-31 | not yet calculated | CVE-2023-24410 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | 2023-10-31 | not yet calculated | CVE-2023-25045 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. | 2023-10-31 | not yet calculated | CVE-2023-25047 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | 2023-11-03 | not yet calculated | CVE-2023-25700 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | 2023-11-03 | not yet calculated | CVE-2023-25800 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop - Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection. This issue affects Zendrop - Global Dropshipping: from n/a through 1.0.0. | 2023-11-03 | not yet calculated | CVE-2023-25960 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 2.1.10. | 2023-11-03 | not yet calculated | CVE-2023-25990 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection. This issue affects MapPress Maps for WordPress: from n/a through 2.85.4. | 2023-11-03 | not yet calculated | CVE-2023-26015 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0. | 2023-10-31 | not yet calculated | CVE-2023-31212 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection. This issue affects Zero Spam for WordPress: from n/a through 5.4.4. | 2023-11-03 | not yet calculated | CVE-2023-32121 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection. This issue affects Order Your Posts Manually: from n/a through 2.2.5. | 2023-11-03 | not yet calculated | CVE-2023-32508 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection. This issue affects Contact Form to Any API: from n/a through 1.1.2. | 2023-11-04 | not yet calculated | CVE-2023-32741 MISC |
wordpress -- wordpress | The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch but continues to release updates and we escalated this issue to the plugin's team 30 days ago. | 2023-11-03 | not yet calculated | CVE-2023-3277 MISC MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection. This issue affects WP Project Manager: from n/a through 2.6.0. | 2023-11-03 | not yet calculated | CVE-2023-34383 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection. This issue affects Product Vendors: from n/a through 2.1.78. | 2023-10-31 | not yet calculated | CVE-2023-35879 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free - Contact Form Builder for WordPress allows SQL Injection. This issue affects Quasar form free - Contact Form Builder for WordPress: from n/a through 6.0. | 2023-11-04 | not yet calculated | CVE-2023-35910 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft - Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection. This issue affects Contact Form to DB by BestWebSoft - Messages Database Plugin For WordPress: from n/a through 1.7.1. | 2023-10-31 | not yet calculated | CVE-2023-36508 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4. | 2023-11-03 | not yet calculated | CVE-2023-36529 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection. This issue affects SP Project & Document Manager: from n/a through 4.67. | 2023-11-03 | not yet calculated | CVE-2023-36677 MISC |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection. This issue affects Onepage Builder: from n/a through 2.4.1. | 2023-11-04 | not yet calculated | CVE-2023-38391 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions. | 2023-10-31 | not yet calculated | CVE-2023-40681 MISC |
wordpress -- wordpress | The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-10-31 | not yet calculated | CVE-2023-4250 MISC |
wordpress -- wordpress | The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | 2023-10-31 | not yet calculated | CVE-2023-4251 MISC |
wordpress -- wordpress | The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). | 2023-10-31 | not yet calculated | CVE-2023-4390 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebCource WC Captcha plugin <= 1.4 versions. | 2023-10-31 | not yet calculated | CVE-2023-46210 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech Smart Online Order for Clover plugin <= 1.5.4 versions. | 2023-10-31 | not yet calculated | CVE-2023-46312 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.4 versions. | 2023-10-31 | not yet calculated | CVE-2023-46313 MISC |
wordpress -- wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza - A Restaurant Plugin plugin <= 3.18.2 versions. | 2023-10-31 | not yet calculated | CVE-2023-46622 MISC |
wordpress -- wordpress | The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting. | 2023-10-31 | not yet calculated | CVE-2023-4823 MISC |
wordpress -- wordpress | The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced | 2023-10-31 | not yet calculated | CVE-2023-4836 MISC MISC |
wordpress -- wordpress | The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rafflepress' and 'rafflepress_gutenberg' shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on 'giframe' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-30 | not yet calculated | CVE-2023-5049 MISC MISC MISC MISC |
wordpress -- wordpress | The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-31 | not yet calculated | CVE-2023-5073 MISC MISC |
wordpress -- wordpress | The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true", which could lead to a variety of outcomes, including DoS. | 2023-10-31 | not yet calculated | CVE-2023-5098 MISC |
wordpress -- wordpress | The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2023-10-31 | not yet calculated | CVE-2023-5099 MISC MISC |
wordpress -- wordpress | The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-31 | not yet calculated | CVE-2023-5114 MISC MISC |
wordpress -- wordpress | The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-31 | not yet calculated | CVE-2023-5116 MISC MISC |
wordpress -- wordpress | The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-30 | not yet calculated | CVE-2023-5164 MISC MISC MISC |
wordpress -- wordpress | The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily. | 2023-10-30 | not yet calculated | CVE-2023-5199 MISC MISC |
wordpress -- wordpress | The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability. | 2023-10-31 | not yet calculated | CVE-2023-5211 MISC |
wordpress -- wordpress | The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2023-10-31 | not yet calculated | CVE-2023-5229 MISC |
wordpress -- wordpress | The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | 2023-10-31 | not yet calculated | CVE-2023-5237 MISC MISC |
wordpress -- wordpress | The EventPrime WordPress plugin before 3.2.0 does not sanitize and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. | 2023-10-31 | not yet calculated | CVE-2023-5238 MISC |
wordpress -- wordpress | The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-10-31 | not yet calculated | CVE-2023-5243 MISC |
wordpress -- wordpress | The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files. | 2023-10-30 | not yet calculated | CVE-2023-5250 MISC MISC |
wordpress -- wordpress | The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. | 2023-10-30 | not yet calculated | CVE-2023-5251 MISC MISC MISC |
wordpress -- wordpress | The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-30 | not yet calculated | CVE-2023-5252 MISC MISC |
wordpress -- wordpress | The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitize and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. | 2023-10-31 | not yet calculated | CVE-2023-5307 MISC MISC |
wordpress -- wordpress | The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-30 | not yet calculated | CVE-2023-5315 MISC MISC |
wordpress -- wordpress | The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. | 2023-10-31 | not yet calculated | CVE-2023-5360 MISC |
wordpress -- wordpress | The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-30 | not yet calculated | CVE-2023-5362 MISC MISC MISC MISC |
wordpress -- wordpress | The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5412 MISC MISC MISC |
wordpress -- wordpress | The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5428 MISC MISC MISC |
wordpress -- wordpress | The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5429 MISC MISC MISC |
wordpress -- wordpress | The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5430 MISC MISC MISC |
wordpress -- wordpress | The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5431 MISC MISC MISC |
wordpress -- wordpress | The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5433 MISC MISC MISC |
wordpress -- wordpress | The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5434 MISC MISC MISC |
wordpress -- wordpress | The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5435 MISC MISC MISC |
wordpress -- wordpress | The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5436 MISC MISC MISC |
wordpress -- wordpress | The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5437 MISC MISC MISC |
wordpress -- wordpress | The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5438 MISC MISC MISC |
wordpress -- wordpress | The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5439 MISC MISC MISC |
wordpress -- wordpress | The CITS Support svg, webp Media and TTF, OTF File Upload WordPress plugin before 3.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 2023-10-31 | not yet calculated | CVE-2023-5458 MISC |
wordpress -- wordpress | The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-31 | not yet calculated | CVE-2023-5464 MISC MISC MISC |
wordpress -- wordpress | The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | 2023-10-31 | not yet calculated | CVE-2023-5519 MISC |
wordpress -- wordpress | The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2023-10-30 | not yet calculated | CVE-2023-5583 MISC MISC |
wordpress -- wordpress | The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253. | 2023-11-02 | not yet calculated | CVE-2023-5606 MISC MISC |
wordpress -- wordpress | The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-30 | not yet calculated | CVE-2023-5666 MISC MISC MISC |
wordpress -- wordpress | The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-03 | not yet calculated | CVE-2023-5707 MISC MISC MISC MISC |
wordpress -- wordpress | The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. | 2023-10-30 | not yet calculated | CVE-2023-5843 MISC MISC |
wordpress -- wordpress | The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2023-11-02 | not yet calculated | CVE-2023-5860 MISC MISC |
wordpress -- wordpress | The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-03 | not yet calculated | CVE-2023-5945 MISC MISC MISC |
wordpress -- wordpress | The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-11-03 | not yet calculated | CVE-2023-5946 MISC MISC |
wpn-xm_serverstack -- wpn-xm_serverstack | A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit. | 2023-11-03 | not yet calculated | CVE-2023-4591 MISC |
wpn-xm_serverstack -- wpn-xm_serverstack | A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking. | 2023-11-03 | not yet calculated | CVE-2023-4592 MISC |
wuzhicms -- wuzhicms | SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. | 2023-11-01 | not yet calculated | CVE-2023-46482 MISC |
yettiesoft -- vestcert | In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution. | 2023-10-30 | not yet calculated | CVE-2023-45798 MISC |
zentao -- zentao | A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code. | 2023-11-02 | not yet calculated | CVE-2023-46475 MISC MISC |
nats.io -- multiple_products | NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library's `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep. | 2023-10-31 | not yet calculated | CVE-2023-46129 MISC MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.