Vulnerability Summary for the Week of January 1, 2024

Released
Jan 08, 2024
Document ID
SB24-008

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
7-card -- fakabaoA vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249385 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7183
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
7-card -- fakabaoA vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this issue is some unknown functionality of the file shop/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249386 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7184
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
7-card -- fakabaoA vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been classified as critical. This affects an unknown part of the file shop/wxpay_notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249387. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7185
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
7-card -- fakabaoA vulnerability was found in 7-card Fakabao up to 1.0_build20230805. It has been declared as critical. This vulnerability affects unknown code of the file member/notify.php. The manipulation of the argument out_trade_no leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7186
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
amazon-ion -- ion-javaAmazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.2024-01-037.5CVE-2024-21634
security-advisories@github.com
apache -- dolphinschedulerImproper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue affects Apache DolphinScheduler: until 3.1.9. Users are recommended to upgrade to version 3.1.9, which fixes the issue.2023-12-308.8CVE-2023-49299
security@apache.org
security@apache.org
apktool -- apktoolApktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either username is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue.2024-01-037.8CVE-2024-21633
security-advisories@github.com
security-advisories@github.com
campcodes -- chic_beauty_salonA vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Product Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249157 was assigned to this vulnerability.2023-12-298.8CVE-2023-7150
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_college_library_systemA vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249178 is the identifier assigned to this vulnerability.2023-12-299.8CVE-2023-7156
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_college_library_systemA vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0. This issue affects some unknown processing of the file /admin/book_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249365 was assigned to this vulnerability.2023-12-307.2CVE-2023-7178
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_college_library_systemA vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. This affects an unknown part of the file /admin/return_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249363.2023-12-308.8CVE-2023-7176
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_college_library_systemA vulnerability classified as critical was found in Campcodes Online College Library System 1.0. This vulnerability affects unknown code of the file /admin/book_add.php of the component HTTP POST Request Handler. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249364.2023-12-308.8CVE-2023-7177
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- online_college_library_systemA vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Affected is an unknown function of the file /admin/category_row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249366 is the identifier assigned to this vulnerability.2023-12-308.8CVE-2023-7179
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cesanta -- mjsAn issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs+0x4ec508 component.2024-01-027.5CVE-2023-49550
cve@mitre.org
cesanta -- mjsAn issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_parse function in the msj.c file.2024-01-027.5CVE-2023-49551
cve@mitre.org
cloudflare,_inc. -- miniflareSending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers.2023-12-298.1CVE-2023-7078
cna@cloudflare.com
cna@cloudflare.com
cloudflare,_inc. -- wranglerThe V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate Origin/Host headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability to run code. If wrangler dev --remote was being used, an attacker could access production resources if they were bound to the worker. This issue was fixed in wrangler@3.19.0 and wrangler@2.20.2. Whilst wrangler dev's inspector server listens on local interfaces by default as of wrangler@3.16.0, an SSRF vulnerability in miniflare https://github.com/cloudflare/workers-sdk/security/advisories/GHSA-fwvg-2739-22v7  (CVE-2023-7078) allowed access from the local network until wrangler@3.18.0. wrangler@3.19.0 and wrangler@2.20.2 introduced validation for the Origin/Host headers.2023-12-298CVE-2023-7080
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
code-projects -- client_details_systemA vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of the argument uid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249144.2023-12-299.8CVE-2023-7141
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- client_details_systemA vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php. The manipulation of the argument ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249145 was assigned to this vulnerability.2023-12-299.8CVE-2023-7142
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- college_notes_galleryA vulnerability has been found in code-projects College Notes Gallery 2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument user leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249133 was assigned to this vulnerability.2023-12-318.8CVE-2023-7130
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro -- online_food_ordering_systemA vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability.2024-01-057.3CVE-2024-0247
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
coolkit_technology -- ewelink-smart_home_for_android_and_iosImproper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass. This issue affects eWeLink before 5.2.0.2023-12-307.7CVE-2023-6998
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
dedebiz -- dedebizA vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Affected by this issue is some unknown functionality of the component Add Attachment Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249368. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-307.2CVE-2023-7181
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
documize -- documizeSQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.2023-12-299.8CVE-2023-23634
cve@mitre.org
easy-rules-mvel -- easy-rules-mveleasy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule.2023-12-297.8CVE-2023-50571
cve@mitre.org
ekol_informatics -- website_templateImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ekol Informatics Website Template allows SQL Injection. This issue affects Website Template: through 20231215.2024-01-029.8CVE-2023-6436
iletisim@usom.gov.tr
embras -- geosiap_erpGrupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page.2023-12-309.8CVE-2023-50589
cve@mitre.org
cve@mitre.org
cve@mitre.org
flarum -- flarumFlarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe.2024-01-057.5CVE-2024-21641
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
follow-redirects -- follow-redirectsVersions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially leading to information disclosure, phishing attacks, or other security breaches.2024-01-027.3CVE-2023-26159
report@snyk.io
report@snyk.io
report@snyk.io
froxlor -- froxlorFroxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.2024-01-037.5CVE-2023-50256
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
gm_information_technologies -- multi-disciplinary_design_optimizationImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection. This issue affects MDO: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-299.8CVE-2023-4675
iletisim@usom.gov.tr
google -- androidIn Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID: MOLY01161825 (MSV-895).2024-01-027.5CVE-2023-32889
security@mediatek.com
google -- google_nest_miniAn attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege 2024-01-0210CVE-2023-48419
dsap-vuln-management@google.com
google -- pixel_watch In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation2024-01-0210CVE-2023-48418
dsap-vuln-management@google.com
google -- pixel_watchThere is a possible information disclosure due to a missing permission check. This could lead to local information disclosure of health data with no additional execution privileges needed.2024-01-028.4CVE-2023-4164
dsap-vuln-management@google.com
google -- wifi_proGoogle Nest WiFi Pro root code-execution & user-data compromise2024-01-0210CVE-2023-6339
dsap-vuln-management@google.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by path traversal arbitrary file read vulnerability because it uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory.  The product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. Potential exploits can completely disrupt or take over the application.2024-01-038.8CVE-2023-45722
psirt@hcl.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics product is impacted by unauthenticated file upload vulnerability. The web application permits the upload of a certain file without requiring user authentication.2024-01-038.2CVE-2023-45724
psirt@hcl.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an Improper Access Control (Controller APIs) vulnerability. Certain API endpoints are accessible to Customer Admin Users that can allow access to sensitive information about other users.2024-01-038.3CVE-2023-50343
psirt@hcl.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by the use of a broken cryptographic algorithm for encryption, potentially giving an attacker ability to decrypt sensitive information.2024-01-038.2CVE-2023-50350
psirt@hcl.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by the use of an insecure key rotation mechanism which can allow an attacker to compromise the confidentiality or integrity of data.2024-01-038.2CVE-2023-50351
psirt@hcl.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by path traversal vulnerability which allows file upload capability.  Certain endpoints permit users to manipulate the path (including the file name) where these files are stored on the server.2024-01-037.6CVE-2023-45723
psirt@hcl.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by Improper Access Control (Obsolete web pages) vulnerability. Discovery of outdated and accessible web pages, reflects a "Missing Access Control" vulnerability, which could lead to inadvertent exposure of sensitive information and/or exposing a vulnerable endpoint.2024-01-037.6CVE-2023-50341
psirt@hcl.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A user can obtain certain details about another user as a result of improper access control.2024-01-037.1CVE-2023-50342
psirt@hcl.com
hihonor -- magic_osSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.2023-12-297.5CVE-2023-23427
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.2023-12-297.5CVE-2023-23428
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.2023-12-297.5CVE-2023-23429
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file2023-12-297.1CVE-2023-23435
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file2023-12-297.1CVE-2023-23436
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-23442
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-23443
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by type confusion vulnerability; successful exploitation could cause information leak.2023-12-297.1CVE-2023-51426
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-51427
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-51428
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_uiSome Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.2023-12-297.8CVE-2023-51434
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_uiSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.2023-12-297.1CVE-2023-51435
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magichomeSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.2023-12-297.5CVE-2023-23430
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- nth-an00_firmwareSome Honor products are affected by file writing vulnerability, successful exploitation could cause code execution2023-12-299.8CVE-2023-23424
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- nth-an00_firmwareSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.2023-12-297.1CVE-2023-23431
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- nth-an00_firmwareSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.2023-12-297.1CVE-2023-23432
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- nth-an00_firmwareSome Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.2023-12-297.1CVE-2023-23433
3836d913-7555-4dd0-a509-f5667fdf5fe4
hitachi_energy -- rtu500_series_cmu_firmwareA vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. If the HCI Modbus TCP is enabled and configured, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500 in a high rate, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a lack of flood control which eventually if exploited causes an internal stack overflow in the HCI Modbus TCP function.2024-01-047.5CVE-2022-2081
cybersecurity@hitachienergy.com
hospital_management_system -- hospital_management_systemA vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.2023-12-307.3CVE-2023-7172
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
jeecg -- jeecg_bootSQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component.2023-12-309.8CVE-2023-41542
cve@mitre.org
jeecg -- jeecg_bootSQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.2023-12-309.8CVE-2023-41543
cve@mitre.org
cve@mitre.org
jeecg -- jeecg_bootSSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component.2023-12-309.8CVE-2023-41544
cve@mitre.org
kashipara_group -- billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'itemnameid' parameter of the material_bill.php?action=itemRelation resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49622
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cancelid' parameter of the material_bill.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49624
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partylist_edit_submit.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49625
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'buyer_address' parameter of the buyer_detail_submit.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49633
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'customer_details' parameter of the buyer_invoice_submit.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49639
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bank_details' parameter of the party_submit.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49658
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'quantity[]' parameter of the submit_delivery_list.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49665
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- billing_softwareBilling Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'custmer_details' parameter of the submit_material_list.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-49666
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- online_notice_board_systemOnline Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the registration.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50743
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- online_notice_board_systemOnline Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'e' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50752
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- online_notice_board_systemOnline Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/update_profile.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50753
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- online_notice_board_systemOnline Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.2024-01-048.8CVE-2023-50760
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the booking.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50862
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelIDHidden' parameter of the generateReceipt.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50863
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'hotelId' parameter of the hotelDetails.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50864
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'city' parameter of the hotelSearch.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50865
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginAction.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50866
help@fluidattacks.com
help@fluidattacks.com
kashipara_group -- travel_websiteTravel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the signupAction.php resource does not validate the characters received and they are sent unfiltered to the database.2024-01-049.8CVE-2023-50867
help@fluidattacks.com
help@fluidattacks.com
laf -- lafLaf is a cloud development platform. In the Laf version design, the log uses communication with k8s to quickly retrieve logs from the container without the need for additional storage. However, in version 1.0.0-beta.13 and prior, this interface does not verify the permissions of the pod, which allows authenticated users to obtain any pod logs under the same namespace through this method, thereby obtaining sensitive information printed in the logs. As of time of publication, no known patched versions exist.2024-01-039.6CVE-2023-50253
security-advisories@github.com
security-advisories@github.com
lenovo -- universal_device_clientUncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.2024-01-037.8CVE-2023-6338
psirt@lenovo.com
linux -- kernelA flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a denial-of-service condition or potential code execution.2024-01-047CVE-2023-6270
secalert@redhat.com
secalert@redhat.com
linux -- kernelA use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system.2024-01-027.8CVE-2024-0193
secalert@redhat.com
secalert@redhat.com
man-group -- dtaleD-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users.2024-01-057.5CVE-2024-21642
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
masterlab -- masterlabA vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249147.2023-12-299.8CVE-2023-7144
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
masterlab -- masterlabA vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249148.2023-12-299.8CVE-2023-7145
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
masterlab -- masterlabA vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the component HTTP POST Request Handler. The manipulation of the argument phone leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249149 was assigned to this vulnerability.2023-12-299.8CVE-2023-7146
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
masterlab -- masterlabA vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-249150 is the identifier assigned to this vulnerability.2023-12-299.8CVE-2023-7147
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
masterlab -- masterlabA vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipulation of the argument avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249181 was assigned to this vulnerability.2023-12-299.8CVE-2023-7159
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
mattermost -- mattermostMattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.2023-12-298.8CVE-2023-7114
responsibledisclosure@mattermost.com
mediatek -- lr13In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803 (MSV-893).2024-01-029.8CVE-2023-32874
security@mediatek.com
mediatek -- lr13In modem EMM, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01183647; Issue ID: MOLY01183647 (MSV-963).2024-01-027.5CVE-2023-32890
security@mediatek.com
mediatek -- nr15In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807.2024-01-027.5CVE-2023-32886
security@mediatek.com
mediatek -- nr15In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837 (MSV-892).2024-01-027.5CVE-2023-32887
security@mediatek.com
mediatek -- nr15In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID: MOLY01161830 (MSV-894).2024-01-027.5CVE-2023-32888
security@mediatek.com
micropython -- micropythonA vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The patch is identified as 8b24aa36ba978eafc6114b6798b47b7bfecdca26. It is recommended to apply a patch to fix this issue. VDB-249158 is the identifier assigned to this vulnerability.2023-12-299.8CVE-2023-7152
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
micropython -- micropythonA vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.22.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249180.2023-12-299.8CVE-2023-7158
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
microsoft -- python_extensionVisual Studio Code Python Extension Remote Code Execution Vulnerability2023-12-297.8CVE-2020-17163
secure@microsoft.com
misskey -- misskeyMisskey is an open source, decentralized social media platform. Third-party applications may be able to access some endpoints or Websocket APIs that are incorrectly specified as [kind](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L811) or [secure](https://github.com/misskey-dev/misskey/blob/406b4bdbe79b5b0b68fcdcb3c4b6e419460a0258/packages/backend/src/server/api/endpoints.ts#L805) without the user's permission and perform operations such as reading or adding non-public content. As a result, if the user who authenticated the application is an administrator, confidential information such as object storage secret keys and SMTP server passwords will be leaked, and general users can also create invitation codes without permission and leak non-public user information. This is patched in version [2023.12.1](https://github.com/misskey-dev/misskey/commit/c96bc36fedc804dc840ea791a9355d7df0748e64).2023-12-299.6CVE-2023-52139
security-advisories@github.com
security-advisories@github.com
mtab -- bookmarkA vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical. This issue affects some unknown processing of the file public/install.php of the component Installation. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249395. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.1CVE-2023-7193
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
netentsec -- application_security_gateway_firmwareA vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The manipulation of the argument check_VirtualSiteId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249183.2023-12-299.8CVE-2023-7161
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
omniauth-microsoft_graph -- omniauth-microsoft_graphomniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue.2024-01-028.6CVE-2024-21632
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
otclient -- otclientOTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "`Analysis - SonarCloud`" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue.2024-01-029.8CVE-2024-21623
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
paddlepaddle -- paddlepaddleStack overflow in paddle.searchsorted in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.2024-01-039.8CVE-2023-52304
paddle-security@baidu.com
paddlepaddle -- paddlepaddleStack overflow in paddle.linalg.lu_unpack in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, or even more damage.2024-01-039.8CVE-2023-52307
paddle-security@baidu.com
paddlepaddle -- paddlepaddleHeap buffer overflow in paddle.repeat_interleave in PaddlePaddle before 2.6.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.2024-01-039.8CVE-2023-52309
paddle-security@baidu.com
paddlepaddle -- paddlepaddlePaddlePaddle before 2.6.0 has a command injection in get_online_pass_interval. This resulted in the ability to execute arbitrary commands on the operating system.2024-01-039.8CVE-2023-52310
paddle-security@baidu.com
paddlepaddle -- paddlepaddlePaddlePaddle before 2.6.0 has a command injection in _wget_download. This resulted in the ability to execute arbitrary commands on the operating system.2024-01-039.8CVE-2023-52311
paddle-security@baidu.com
paddlepaddle -- paddlepaddlePaddlePaddle before 2.6.0 has a command injection in convert_shape_compare. This resulted in the ability to execute arbitrary commands on the operating system.2024-01-039.8CVE-2023-52314
paddle-security@baidu.com
paddlepaddle -- paddlepaddleFPE in paddle.nanmedian in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38674
paddle-security@baidu.com
paddlepaddle -- paddlepaddleFPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38675
paddle-security@baidu.com
paddlepaddle -- paddlepaddleNullptr in paddle.dot in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38676
paddle-security@baidu.com
paddlepaddle -- paddlepaddleFPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38677
paddle-security@baidu.com
paddlepaddle -- paddlepaddleOOB access in paddle.mode in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-38678
paddle-security@baidu.com
paddlepaddle -- paddlepaddleNullptr in paddle.nextafter in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52302
paddle-security@baidu.com
paddlepaddle -- paddlepaddleNullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52303
paddle-security@baidu.com
paddlepaddle -- paddlepaddleFPE in paddle.topk in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52305
paddle-security@baidu.com
paddlepaddle -- paddlepaddleFPE in paddle.lerp in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52306
paddle-security@baidu.com
paddlepaddle -- paddlepaddleFPE in paddle.amin in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52308
paddle-security@baidu.com
paddlepaddle -- paddlepaddleNullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52312
paddle-security@baidu.com
paddlepaddle -- paddlepaddleFPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. This flaw can cause a runtime crash and a denial of service.2024-01-037.5CVE-2023-52313
paddle-security@baidu.com
pandorafms -- pandora_fmsImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774.2023-12-298.8CVE-2023-44088
security@pandorafms.com
perl -- perlA vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.2024-01-027.8CVE-2023-47039
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
poly -- multiple_productsA vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument Cookie leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249256.2023-12-297.5CVE-2023-4463
cna@vuldb.com
cna@vuldb.com
nvd@nist.gov
cna@vuldb.com
cna@vuldb.com
poly -- multiple_productsA vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability.2023-12-297.2CVE-2023-4464
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly -- trio_8800/trio_c60A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability.2023-12-297.6CVE-2023-4468
cna@vuldb.com
cna@vuldb.com
nvd@nist.gov
cna@vuldb.com
cna@vuldb.com
prestashop -- prestashopPrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`.2024-01-028.1CVE-2024-21627
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
priva -- topcontrol_suiteThe Priva TopControl Suite contains predictable credentials for the SSH service, based on the Serial number. Which makes it possible for an attacker to calculate the login credentials for the Priva TopControll suite.2024-01-027.5CVE-2022-3010
csirt@divd.nl
csirt@divd.nl
csirt@divd.nl
qnap_systems_inc. -- qts/quts_heroA prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later2024-01-057.5CVE-2023-39296
security@qnapsecurity.com.tw
qnap_systems_inc. -- qumagieAn OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later2024-01-057.4CVE-2023-47560
security@qnapsecurity.com.tw
qnap_systems_inc. -- video_stationAn OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later2024-01-058.8CVE-2023-41288
security@qnapsecurity.com.tw
qualcomm,_inc. -- snapdragonMemory corruption in Data Modem when a non-standard SDP body, during a VOLTE call.2024-01-029.8CVE-2023-33025
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption in HLOS while running playready use-case.2024-01-029.3CVE-2023-33030
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption in TZ Secure OS while requesting a memory allocation from TA region.2024-01-029.3CVE-2023-33032
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption in Audio during playback with speaker protection.2024-01-028.4CVE-2023-33033
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption while running VK synchronization with KASAN enabled.2024-01-028.4CVE-2023-33094
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects queued.2024-01-028.4CVE-2023-33108
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption when resource manager sends the host kernel a reply message with multiple fragments.2024-01-028.4CVE-2023-33113
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same time.2024-01-028.4CVE-2023-33114
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem UNMAP.2024-01-028.4CVE-2023-43514
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonInformation disclosure in Core services while processing a Diag command.2024-01-027.6CVE-2023-33014
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonPermanent DOS in Hypervisor while untrusted VM without PSCI support makes a PSCI call.2024-01-027.1CVE-2023-33036
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonCryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data.2024-01-027.1CVE-2023-33037
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonTransient DOS in Data Modem during DTLS handshake.2024-01-027.5CVE-2023-33040
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonTransient DOS in WLAN Firmware while parsing a BTM request.2024-01-027.5CVE-2023-33062
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption in wearables while processing data from AON.2024-01-027.8CVE-2023-33085
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonTransient DOS while processing a WMI P2P listen start command (0xD00A) sent from host.2024-01-027.5CVE-2023-33109
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonThe session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory corruption.2024-01-027.8CVE-2023-33110
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonTransient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA element.2024-01-027.5CVE-2023-33112
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonTransient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN driver.2024-01-027.5CVE-2023-33116
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command.2024-01-027.8CVE-2023-33117
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL.2024-01-027.8CVE-2023-33118
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption in Audio when memory map command is executed consecutively in ADSP.2024-01-027.8CVE-2023-33120
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonTransient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header.2024-01-027.5CVE-2023-43511
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonTransient DOS while parsing GATT service data when the total amount of memory that is required by the multiple services is greater than the actual size of the services buffer.2024-01-027.5CVE-2023-43512
product-security@qualcomm.com
red_hat -- red_hat_developer_hubA flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.2024-01-047.3CVE-2023-6944
secalert@redhat.com
secalert@redhat.com
s-cms -- s-cmsA vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7189
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
s-cms -- s-cmsA vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7190
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
s-cms -- s-cmsA vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7191
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
scone -- sconeImproper initialization of x87 and SSE floating-point configuration registers in the __scone_entry component of SCONE before 5.8.0 for Intel SGX allows a local attacker to compromise the execution integrity of floating-point operations in an enclave or access sensitive information via side-channel analysis.2023-12-307.8CVE-2022-46487
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
shifuml -- shifuA vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifier.java of the component Java Expression Language Handler. The manipulation of the argument FilterExpression leads to code injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249151.2023-12-298.1CVE-2023-7148
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
shipping_100_fahuo100 -- shipping_100_fahuo100A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Affected is an unknown function of the file member/login.php. The manipulation of the argument M_pwd leads to sql injection. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-249390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.1CVE-2023-7188
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sidequestvr -- sidequestSideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly.2024-01-048.8CVE-2024-21625
security-advisories@github.com
siemens -- syngo_fastviewA vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing DICOM files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15097)2024-01-047.8CVE-2021-40367
productcert@siemens.com
siemens -- syngo_fastviewA vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in an out-of-bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14860)2024-01-047.8CVE-2021-42028
productcert@siemens.com
siemens -- syngo_fastviewA vulnerability has been identified in syngo fastView (All versions). The affected application lacks proper validation of user-supplied data when parsing BMP files. This could result in a write-what-where condition and an attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15696)2024-01-047.8CVE-2021-45465
productcert@siemens.com
silicon_labs -- gecko_sdkAn unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region.2024-01-029.3CVE-2023-4280
product-security@silabs.com
product-security@silabs.com
small_crm -- small_crmPHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.2023-12-299.8CVE-2023-50035
cve@mitre.org
sourcecodester -- customer_support_systemSourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject.2023-12-298.8CVE-2023-50070
cve@mitre.org
cve@mitre.org
sourcecodester -- customer_support_systemSourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.2023-12-298.8CVE-2023-50071
cve@mitre.org
cve@mitre.org
sourcecodester -- engineers_online_portalA vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440.2024-01-017.3CVE-2024-0182
cna@vuldb.com
cna@vuldb.com
sourcecodester -- free_and_open_source_inventory_management_systemA vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_return_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249179.2023-12-299.8CVE-2023-7157
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- free_and_open_source_inventory_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249177 was assigned to this vulnerability.2023-12-298.8CVE-2023-7155
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sqlite -- sqlite3A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.2023-12-299.8CVE-2023-7104
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tencent -- tencent_distributed_sqlTencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387.2023-12-317.5CVE-2023-52286
cve@mitre.org
testlink -- testlinkTestLink through 1.9.20 allows type juggling for authentication bypass because === is not used.2023-12-307.5CVE-2023-50110
cve@mitre.org
tj-actions -- verify-changed-filesThe [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. The [`verify-changed-files`](https://github.com/tj-actions/verify-changed-files) workflow returns the list of files changed within a workflow execution. This could potentially allow filenames that contain special characters such as `;` which can be used by an attacker to take over the [GitHub Runner](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners) if the output value is used in a raw fashion (thus being directly replaced before execution) inside a `run` block. By running custom commands, an attacker may be able to steal secrets such as `GITHUB_TOKEN` if triggered on other events than `pull_request`. This has been patched in versions [17](https://github.com/tj-actions/verify-changed-files/releases/tag/v17) and [17.0.0](https://github.com/tj-actions/verify-changed-files/releases/tag/v17.0.0) by enabling `safe_output` by default and returning filename paths escaping special characters for bash environments.2023-12-297.7CVE-2023-52137
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
totolink -- n350rt_firmwareA vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. The identifier VDB-249389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-318.8CVE-2023-7187
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute.2023-12-309.8CVE-2023-51133
cve@mitre.org
cve@mitre.org
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup.2023-12-309.8CVE-2023-51135
cve@mitre.org
cve@mitre.org
totolink -- x2000r_firmwareTOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.2023-12-309.8CVE-2023-51136
cve@mitre.org
cve@mitre.org
totolink -- x6000r_firmwareTOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi.2023-12-309.8CVE-2023-50651
cve@mitre.org
cve@mitre.org
unified_remote -- unified_remoteUnified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint.2023-12-309.8CVE-2023-52252
cve@mitre.org
cve@mitre.org
ween_software -- admin_panelImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ween Software Admin Panel allows SQL Injection. This issue affects Admin Panel: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-299.8CVE-2023-4541
iletisim@usom.gov.tr
wireshark_foundation -- wiresharkHTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0207
cve@gitlab.com
cve@gitlab.com
wireshark_foundation -- wiresharkGVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0208
cve@gitlab.com
cve@gitlab.com
wireshark_foundation -- wiresharkIEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0209
cve@gitlab.com
cve@gitlab.com
wireshark_foundation -- wiresharkZigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0210
cve@gitlab.com
cve@gitlab.com
wireshark_foundation -- wiresharkDOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file2024-01-037.8CVE-2024-0211
cve@gitlab.com
cve@gitlab.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin. This issue affects JS Help Desk - Best Help Desk & Support Plugin through 2.7.1.2024-01-0510CVE-2022-46839
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in IOSS WP MLM SOFTWARE PLUGIN. This issue affects WP MLM SOFTWARE PLUGIN through 4.0.2023-12-2910CVE-2023-51475
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker. This issue affects RSVPMaker through 10.6.6.2023-12-299.8CVE-2023-25054
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps. This issue affects Frontend Admin by DynamiApps through 3.18.3.2023-12-299.8CVE-2023-51411
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms. This issue affects Piotnet Forms through 1.0.25.2023-12-299.8CVE-2023-51412
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters. This issue affects EnvíaloSimple: Email Marketing y Newslettersthrough 2.1.2023-12-299.8CVE-2023-51414
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome. This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome through 1.11.10.7.2023-12-299.8CVE-2023-51419
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2.2023-12-299.9CVE-2023-51421
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0.2023-12-319.8CVE-2023-51423
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Jacques Malgrange Rencontre - Dating Site. This issue affects Rencontre - Dating Site through 3.10.1.2023-12-299.8CVE-2023-51468
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestres do WP Checkout Mestres WP. This issue affects Checkout Mestres WP through 7.1.9.6.2023-12-319.8CVE-2023-51469
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds - Simple Classifieds Plugin. This issue affects TerraClassifieds - Simple Classifieds Plugin through 2.0.3.2023-12-299.8CVE-2023-51473
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store. This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store through 1.0.6.2023-12-299.8CVE-2023-51505
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in Presslabs Theme per user. This issue affects Theme per userthrough 1.0.1.2023-12-319.8CVE-2023-52181
audit@patchstack.com
wordpress -- wordpressMissing Authorization vulnerability in Anders Thorborg. This issue affects Anders Thorborg through 1.4.12.2023-12-298.8CVE-2023-22676
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet. This issue affects WP Booklet through 2.1.8.2023-12-298.8CVE-2023-22677
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in Milan Dini? Rename Media Files. This issue affects Rename Media Files through 1.0.1.2023-12-298.8CVE-2023-32095
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor. This issue affects JetElements For Elementor through 2.6.10.2023-12-318.8CVE-2023-39157
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra. This issue affects WP EXtra through 6.2.2023-12-298.8CVE-2023-46623
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons. This issue affects Qode Essential Addons through 1.5.2.2023-12-298.8CVE-2023-47840
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro. This issue affects Astra Pro through 4.3.1.2023-12-298.8CVE-2023-49830
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in InspireUI MStore API. This issue affects MStore API through 4.10.1.2023-12-298.8CVE-2023-50878
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WPExpertsio New User Approve. This issue affects New User Approve through 2.5.1.2023-12-298.8CVE-2023-50902
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WebbaPlugins Appointment & Event Booking Calendar Plugin - Webba Booking. This issue affects Appointment & Event Booking Calendar Plugin - Webba Booking through 4.5.33.2023-12-298.8CVE-2023-51354
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Bright Plugins Block IPs for Gravity Forms. This issue affects Block IPs for Gravity Forms through 1.0.1.2023-12-298.8CVE-2023-51358
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Rise Themes Rise Blocks - A Complete Gutenberg Page Builder. This issue affects Rise Blocks - A Complete Gutenberg Page Builder through 3.1.2023-12-298.8CVE-2023-51378
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Brain Storm Force Ultimate Addons for WPBakery Page Builder. This issue affects Ultimate Addons for WPBakery Page Builder through 3.19.17.2023-12-298.8CVE-2023-51402
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log. This issue affects WP Mail Log through 1.1.2.2023-12-298.8CVE-2023-51410
audit@patchstack.com
wordpress -- wordpressUnrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons. This issue affects JVM Gutenberg Rich Text Icons through 1.2.3.2023-12-298.8CVE-2023-51417
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce. This issue affects Verge3D Publishing and E-Commerce through 4.5.2.2023-12-298.8CVE-2023-51420
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition. This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition through 3.05.0.2023-12-298.8CVE-2023-51422
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre - Dating Site. This issue affects Rencontre - Dating Site through 3.11.1.2023-12-298.8CVE-2023-51470
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career - Manage job board listings, and recruitments. This issue affects Job Manager & Career - Manage job board listings, and recruitments through 1.4.4.2023-12-298.8CVE-2023-51545
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhileTrue Most And Least Read Posts Widget. This issue affects Most And Least Read Posts Widget through 2.5.16.2023-12-318.8CVE-2023-52133
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor. This issue affects Dynamic Content for Elementor before 2.12.5.2024-01-058.8CVE-2023-52150
audit@patchstack.com
wordpress -- wordpressDeserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz - WordPress Quizzes Builder. This issue affects ARI Stream Quiz - WordPress Quizzes Builder through 1.3.0.2023-12-318.8CVE-2023-52182
audit@patchstack.com
wordpress -- wordpressThe OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to, and including, 5.7.9. This makes it possible for unauthenticated attackers to update the plugin's settings which can be used to inject Cross-Site Scripting payloads and delete entire directories. PLease note there were several attempted patched, and we consider 5.7.10 to be the most sufficiently patched.2024-01-038.6CVE-2023-6600
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator - WordPress Two Factor Authentication - 2FA , Two Factor, OTP SMS and Email | Passwordless login. This issue affects miniOrange's Google Authenticator - WordPress Two Factor Authentication - 2FA , Two Factor, OTP SMS and Email | Passwordless login through 5.6.1.2023-12-297.5CVE-2022-44589
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress. This issue affects Kanban Boards for WordPress through 2.5.21.2023-12-297.2CVE-2023-40606
audit@patchstack.com
wordpress -- wordpressImproper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension. This issue affects Nexter Extension through 2.0.3.2023-12-297.2CVE-2023-45751
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown - Protect Login Form. This issue affects Login Lockdown - Protect Login Form through 2.06.2023-12-297.2CVE-2023-50837
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway. This issue affects WooCommerce Stripe Payment Gateway through 7.6.1.2024-01-057.5CVE-2023-51502
audit@patchstack.com
wordpress -- wordpressAuthorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo. This issue affects WooPayments - Fully Integrated Solution Built and Supported by Woo through 6.9.2.2023-12-317.5CVE-2023-51503
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Senol Sahin AI Power: Complete AI Pack - Powered by GPT-4. This issue affects AI Power: Complete AI Pack - Powered by GPT-4 through 1.8.2.2023-12-297.5CVE-2023-51527
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support - WordPress Helpdesk and Customer Support Ticket Plugin. This issue affects Fluent Support - WordPress Helpdesk and Customer Support Ticket Plugin through 1.7.6.2023-12-317.2CVE-2023-51547
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode Product Catalog Simple. This issue affects Product Catalog Simple through 1.7.6.2023-12-297.5CVE-2023-51687
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress. This issue affects eCommerce Product Catalog Plugin for WordPress through 3.3.26.2023-12-297.5CVE-2023-51688
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Zinc Page Generator. This issue affects Page Generator through 1.7.1.2023-12-317.2CVE-2023-52131
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jewel Theme WP Adminify. This issue affects WP Adminify through 3.1.6.2023-12-317.2CVE-2023-52132
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress. This issue affects GEO my WordPress through 4.0.2.2023-12-317.2CVE-2023-52134
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE - Drag & Drop Contact Form Builder for WordPress. This issue affects WS Form LITE - Drag & Drop Contact Form Builder for WordPress through 1.9.170.2023-12-297.2CVE-2023-52135
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout. This issue affects WP Stripe Checkout through 1.2.2.37.2024-01-057.5CVE-2023-52143
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes. This issue affects Recipe Maker For Your Food Blog from Zip Recipes through 8.1.0.2023-12-317.6CVE-2023-52180
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup - WordPress Cloud Backup, Migration, Restore & Cloning Plugin. This issue affects Everest Backup - WordPress Cloud Backup, Migration, Restore & Cloning Plugin through 2.1.9.2023-12-317.5CVE-2023-52185
audit@patchstack.com
wordpress -- wordpressThe POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'device' header in all versions up to, and including, 2.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-037.2CVE-2023-7027
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpress
 
Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons. This issue affects YITH WooCommerce Product Add-Ons through 4.3.0.2023-12-319.1CVE-2023-49777
audit@patchstack.com
xnview -- xnview_classicXnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.2023-12-299.8CVE-2023-52173
cve@mitre.org
cve@mitre.org
xnview -- xnview_classicXnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6.2023-12-299.8CVE-2023-52174
cve@mitre.org
cve@mitre.org
yaztek_software_technologies_and_computer_systems -- e-commerce_software
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yaztek Software Technologies and Computer Systems E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: through 20231229.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-299.8CVE-2023-4674
iletisim@usom.gov.tr
zzcms -- zzcmsZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.2023-12-299.8CVE-2023-50104
cve@mitre.org

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
antisamy-dotnet -- antisamy-dotnetOWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This is patched in OWASP AntiSamy .NET 1.2.0 and later. See important remediation details in the reference given below. As a workaround, manually edit the AntiSamy policy file (e.g., antisamy.xml) by deleting the `preserveComments` directive or setting its value to `false`, if present. Also, it would be useful to make AntiSamy remove the `noscript` tag by adding a line described in the GitHub Security Advisory to the tag definitions under the `<tagrules>` node or deleting it entirely if present. As the previously mentioned policy settings are preconditions for the mXSS attack to work, changing them as recommended should be sufficient to protect you against this vulnerability when using a vulnerable version of this library. However, the existing bug would still be present in AntiSamy or its parser dependency (HtmlAgilityPack). The safety of this workaround relies on configurations that may change in the future and don't address the root cause of the vulnerability. As such, it is strongly recommended to upgrade to a fixed version of AntiSamy.2024-01-026.1CVE-2023-51652
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
campcodes -- online_college_library_systemA vulnerability was found in Campcodes Online College Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/borrow_add.php of the component HTTP POST Request Handler. The manipulation of the argument student leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249362 is the identifier assigned to this vulnerability.2023-12-304.7CVE-2023-7175
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cloudflare,_inc. -- wranglerSending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also read any file.2023-12-295.7CVE-2023-7079
cna@cloudflare.com
cna@cloudflare.com
cna@cloudflare.com
cloudflare,_inc. -- zlibCloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression using a crafted malicious file potentially leading to denial of service of the software. Patches: The issue has been patched in commit 8352d10 https://github.com/cloudflare/zlib/commit/8352d108c05db1bdc5ac3bdf834dad641694c13c . The upstream repository is not affected.2024-01-044CVE-2023-6992
cna@cloudflare.com
cna@cloudflare.com
code-projects -- client_details_systemA vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manipulation of the argument fname/lname/email/contact leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249146 is the identifier assigned to this vulnerability.2023-12-294.8CVE-2023-7143
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- qr_code_generatorA vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of the argument file with the input "><iMg src=N onerror=alert(document.domain)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249153 was assigned to this vulnerability.2023-12-296.1CVE-2023-7149
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro -- internet_banking_systemA vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability.2024-01-026.3CVE-2024-0194
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
craft_cms -- craft_cmsCraft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.2024-01-035.4CVE-2024-21622
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
cubefs -- cubefsCubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the amount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment - otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading.2024-01-036.5CVE-2023-46738
security-advisories@github.com
security-advisories@github.com
cubefs -- cubefsCubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading.2024-01-036.5CVE-2023-46739
security-advisories@github.com
security-advisories@github.com
cubefs -- cubefsCubeFS is an open-source cloud-native file storage system. Prior to version 3.3.1, CubeFS used an insecure random string generator to generate user-specific, sensitive keys used to authenticate users in a CubeFS deployment. This could allow an attacker to predict and/or guess the generated string and impersonate a user thereby obtaining higher privileges. When CubeFS creates new users, it creates a piece of sensitive information for the user called the "accessKey". To create the "accesKey", CubeFS uses an insecure string generator which makes it easy to guess and thereby impersonate the created user. An attacker could leverage the predictable random string generator and guess a users access key and impersonate the user to obtain higher privileges. The issue has been fixed in v3.3.1. There is no other mitigation than to upgrade.2024-01-036.5CVE-2023-46740
security-advisories@github.com
security-advisories@github.com
cubefs -- cubefsCubeFS is an open-source cloud-native file storage system. A vulnerability was found in CubeFS prior to version 3.3.1 that could allow users to read sensitive data from the logs which could allow them escalate privileges. CubeFS leaks configuration keys in plaintext format in the logs. These keys could allow anyone to carry out operations on blobs that they otherwise do not have permissions for. For example, an attacker that has successfully retrieved a secret key from the logs can delete blogs from the blob store. The attacker can either be an internal user with limited privileges to read the log, or they can be an external user who has escalated privileges sufficiently to access the logs. The vulnerability has been patched in v3.3.1. There is no other mitigation than upgrading.2024-01-034.8CVE-2023-46741
security-advisories@github.com
security-advisories@github.com
cubefs -- cubefsCubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak user's secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the user's secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS.2024-01-034.8CVE-2023-46742
security-advisories@github.com
security-advisories@github.com
google -- androidIn keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607.2024-01-026.7CVE-2023-32872
security@mediatek.com
google -- androidIn battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070.2024-01-026.7CVE-2023-32877
security@mediatek.com
google -- androidIn battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308064.2024-01-026.7CVE-2023-32879
security@mediatek.com
google -- androidIn battery, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308616.2024-01-026.7CVE-2023-32882
security@mediatek.com
google -- androidIn Engineer Mode, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08282249; Issue ID: ALPS08282249.2024-01-026.7CVE-2023-32883
security@mediatek.com
google -- androidIn netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.2024-01-026.7CVE-2023-32884
security@mediatek.com
google -- androidIn display drm, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07780685; Issue ID: ALPS07780685.2024-01-026.7CVE-2023-32885
security@mediatek.com
google -- androidIn bluetooth service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07933038; Issue ID: MSV-559.2024-01-026.7CVE-2023-32891
security@mediatek.com
google -- androidIn keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217.2024-01-024.4CVE-2023-32875
security@mediatek.com
google -- androidIn keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612.2024-01-024.4CVE-2023-32876
security@mediatek.com
google -- androidIn battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992.2024-01-024.4CVE-2023-32878
security@mediatek.com
google -- androidIn battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308076.2024-01-024.4CVE-2023-32880
security@mediatek.com
google -- androidIn battery, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308080.2024-01-024.4CVE-2023-32881
security@mediatek.com
hail -- hailHail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect (OIDC) email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change their email address, they could create accounts and use resources in clusters that they should not have access to. For example, a user could create a Microsoft or Google account and then change their email to `test@example.org`. This account can then be used to create a Hail Batch account in Hail Batch clusters whose organization domain is `example.org`. The attacker is not able to access private data or impersonate another user, but they would have the ability to run jobs if Hail Batch billing projects are enabled and create Azure Tenants if they have Azure Active Directory Administrator access.2023-12-295.3CVE-2023-51663
security-advisories@github.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. An unauthenticated user can download certain files.2024-01-035.4CVE-2023-50344
psirt@hcl.com
hihonor -- fri-an00_firmwareSome Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure.2023-12-295.5CVE-2023-23426
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- honorboardappSome Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak.2023-12-295.5CVE-2023-23434
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- lge-an00_firmwareSome Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions2023-12-295.5CVE-2023-23438
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- lge-an00_firmwareSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.2023-12-295.5CVE-2023-23439
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- lge-an00_firmwareSome Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.2023-12-295.5CVE-2023-23440
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_osSome Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak.2023-12-295.5CVE-2023-51429
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_uiSome Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.2023-12-295.5CVE-2023-23441
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_uiSome Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak.2023-12-295.5CVE-2023-51430
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_uiSome Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.2023-12-295.5CVE-2023-51432
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_uiSome Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause information leak.2023-12-295.5CVE-2023-51433
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- magic_uiSome Honor products are affected by type confusion vulnerability; successful exploitation could cause denial of service.2023-12-295.5CVE-2023-6939
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- phoneserviceSome Honor products are affected by incorrect privilege assignment vulnerability; successful exploitation could cause device service exceptions.2023-12-295.5CVE-2023-51431
3836d913-7555-4dd0-a509-f5667fdf5fe4
hihonor -- vmallSome Honor products are affected by information leak vulnerability; successful exploitation could cause the information leak2023-12-295.5CVE-2023-23437
3836d913-7555-4dd0-a509-f5667fdf5fe4
hitachi_energy -- multiple_productsA vulnerability exists in the Relion update package signature validation. A tampered update package could cause the IED to restart. After restart the device is back to normal operation. An attacker could exploit the vulnerability by first gaining access to the system with security privileges and attempt to update the IED with a malicious update package. Successful exploitation of this vulnerability will cause the IED to restart, causing a temporary Denial of Service.2024-01-044.5CVE-2022-3864
cybersecurity@hitachienergy.com
hospital_management_system -- hospital_management_systemA vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability.2023-12-304.3CVE-2023-7173
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
icewarp -- icewarpA vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-054.3CVE-2024-0246
cna@vuldb.com
cna@vuldb.com
ipaddress -- ipaddressAn issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop.2023-12-295.5CVE-2023-50570
cve@mitre.org
jline -- jlineAn issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error.2023-12-295.5CVE-2023-50572
cve@mitre.org
kernelsu -- kernelsuKernelSU is a Kernel-based root solution for Android devices. In versions 0.7.1 and prior, the logic of get apk path in KernelSU kernel module can be bypassed, which causes any malicious apk named `me.weishu.kernelsu` get root permission. If a KernelSU module installed device try to install any not checked apk which package name equal to the official KernelSU Manager, it can take over root privileges on the device. As of time of publication, a patched version is not available.2024-01-026.7CVE-2023-49794
security-advisories@github.com
security-advisories@github.com
kruise -- kruiseKruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the "captured" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege.2024-01-036.5CVE-2023-30617
security-advisories@github.com
lenovo -- lenovo_browser_mobileA vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive information.2024-01-036.5CVE-2023-6540
psirt@lenovo.com
libredwg -- libredwgVersions of the package libredwg before 0.12.5.6384 are vulnerable to Denial of Service (DoS) due to an out-of-bounds read involving section->num_pages in decode_r2007.c.2024-01-025.5CVE-2023-26157
report@snyk.io
report@snyk.io
report@snyk.io
linux -- kernelA memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.2024-01-026.1CVE-2023-7192
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
logobee -- logobeeLogoBee 0.2 allows updates.php?id= XSS.2023-12-306.1CVE-2023-52257
cve@mitre.org
magic-api -- magic-apiA vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511.2024-01-026.3CVE-2024-0196
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
mattermost -- mattermostMattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.2023-12-296.1CVE-2023-7113
responsibledisclosure@mattermost.com
mattermost -- mattermostMattermost fails to properly verify the permissions needed for viewing archived public channels, allowing a member of one team to get details about the archived public channels of another team via the GET /api/v4/teams/<team-id>/channels/deleted endpoint.2024-01-024.3CVE-2023-47858
responsibledisclosure@mattermost.com
mattermost -- mattermostMattermost fails to scope the WebSocket response around notified users to a each user separately resulting in the WebSocket broadcasting the information about who was notified about a post to everyone else in the channel.2024-01-024.3CVE-2023-48732
responsibledisclosure@mattermost.com
mdaemon -- securitygatewayMDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. This might allow domain administrators to conduct attacks against global administrators.2023-12-314.8CVE-2023-52269
cve@mitre.org
cve@mitre.org
mediatek -- software_development_kitIn wlan driver, there is a possible PIN crack due to use of insufficiently random values. This could lead to local information disclosure with no execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00325055; Issue ID: MSV-868.2024-01-025.5CVE-2023-32831
security@mediatek.com
moxa-- oncell_g3150a-lte_seriesA clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. This vulnerability is caused by incorrectly restricts frame objects, which can lead to user confusion about which interface the user is interacting with. This vulnerability may lead the attacker to trick the user into interacting with the application.2023-12-315.3CVE-2023-6093
psirt@moxa.com
moxa-- oncell_g3150a-lte_seriesA vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. The vulnerability results from lack of protection for sensitive information during transmission. An attacker eavesdropping on the traffic between the web browser and server may obtain sensitive information. This type of attack could be executed to gather sensitive information or to facilitate a subsequent attack against the target.2023-12-315.3CVE-2023-6094
psirt@moxa.com
novel-plus -- novel-plusA vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the argument nickName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c62da9bb3a9b3603014d0edb436146512631100d. It is recommended to apply a patch to fix this issue. The identifier VDB-249201 was assigned to this vulnerability.2023-12-295.4CVE-2023-7166
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
novel-plus -- novel-plusA vulnerability was found in Novel-Plus up to 4.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file novel-admin/src/main/java/com/java2nb/novel/controller/FriendLinkController.java of the component Friendly Link Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6093d8182362422370d7eaf6c53afde9ee45215. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249307.2023-12-294.8CVE-2023-7171
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal -- nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability.2024-01-026.3CVE-2024-0192
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal -- nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.2024-01-025.3CVE-2024-0191
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal -- nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443.2024-01-024.7CVE-2024-0185
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ocsinventory -- ocsinventoryOCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting.2024-01-044.9CVE-2023-3726
help@fluidattacks.com
help@fluidattacks.com
openharmony -- openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through occupy all resources2024-01-025.5CVE-2023-47216
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia camera crash through modify a released pointer.2024-01-025.5CVE-2023-47857
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.2024-01-025.5CVE-2023-48360
scy@openharmony.io
openharmony -- openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia player crash through modify a released pointer.2024-01-025.5CVE-2023-49135
scy@openharmony.io
openxiangshan -- xiangshanAn issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache.2023-12-305.5CVE-2023-50559
cve@mitre.org
cve@mitre.org
own_health_record -- own_health_recordA vulnerability was found in MdAlAmin-aol Own Health Record 0.1-alpha/0.2-alpha/0.3-alpha/0.3.1-alpha. It has been rated as problematic. This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 0.4-alpha is able to address this issue. The patch is named 58b413aa40820b49070782c786c526850ab7748f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249191.2023-12-304.3CVE-2018-25096
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pandora_fms -- pandora_fmsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774.2023-12-296.1CVE-2023-41813
security@pandorafms.com
pandora_fms -- pandora_fmsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user receiving the messages opens their notifications. This issue affects Pandora FMS: from 700 through 774.2023-12-296.1CVE-2023-41814
security@pandorafms.com
pandora_fms -- pandora_fmsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FMS: from 700 through 774.2023-12-296.1CVE-2023-41815
security@pandorafms.com
pandora_fms -- pandora_fmsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774.2023-12-296.1CVE-2023-44089
security@pandorafms.com
poly -- multiple_productsA vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability.2023-12-296.5CVE-2023-4465
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly -- multiple_productsA vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255.2023-12-295.9CVE-2023-4462
cna@vuldb.com
cna@vuldb.com
nvd@nist.gov
cna@vuldb.com
cna@vuldb.com
poly -- multiple_productsA vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation leads to protection mechanism failure. The attack can be launched remotely. The vendor explains that they do not regard this as a vulnerability as this is a feature that they offer to their customers who have a variety of environmental needs that are met through different firmware builds. To avoid potential roll-back attacks, they remove vulnerable builds from the public servers as a remediation effort. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249259.2023-12-294.9CVE-2023-4466
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
poly -- trio_8800_firmwareA vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads to backdoor. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249260.2023-12-296.6CVE-2023-4467
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
prestashop -- prestashopPrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue.2024-01-025.4CVE-2024-21628
security-advisories@github.com
security-advisories@github.com
qemu -- qemuA stack based buffer overflow was found in the virtio-net device of QEMU. This issue occurs when flushing TX in the virtio_net_flush_tx function if guest features VIRTIO_NET_F_HASH_REPORT, VIRTIO_F_VERSION_1 and VIRTIO_NET_F_MRG_RXBUF are enabled. This could allow a malicious user to overwrite local variables allocated on the stack. Specifically, the `out_sg` variable could be used to read a part of process memory and send it to the wire, causing an information leak.2024-01-024.9CVE-2023-6693
secalert@redhat.com
secalert@redhat.com
qnap_systems_inc. -- qcalagentAn OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later2024-01-056.3CVE-2023-41289
security@qnapsecurity.com.tw
qnap_systems_inc. -- qts/quts_heroAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later2024-01-056.6CVE-2023-39294
security@qnapsecurity.com.tw
qnap_systems_inc. -- qumagieA cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later2024-01-055.5CVE-2023-47559
security@qnapsecurity.com.tw
qnap_systems_inc. -- video_stationA SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later2024-01-054.3CVE-2023-41287
security@qnapsecurity.com.tw
qualcomm,_inc. -- snapdragonMemory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6 address.2024-01-026.7CVE-2023-28583
product-security@qualcomm.com
qualcomm,_inc. -- snapdragonMemory corruption while receiving a message in Bus Socket Transport Server.2024-01-026.7CVE-2023-33038
product-security@qualcomm.com
rust-ethereum -- rust-ethereumRust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available.2024-01-025.9CVE-2024-21629
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
rust-vmm -- rust-vmmvmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the `FamStructWrapper::deserialize` implementation provided by the crate for `vmm_sys_util::fam::FamStructWrapper` can lead to out of bounds memory accesses. The deserialization does not check that the length stored in the header matches the flexible array length. Mismatch in the lengths might allow out of bounds memory access through Rust-safe methods. The issue was corrected in version 0.12.0 by inserting a check that verifies the lengths of compared flexible arrays are equal for any deserialized header and aborting deserialization otherwise. Moreover, the API was changed so that header length can only be modified through Rust-unsafe code. This ensures that users cannot trigger out-of-bounds memory access from Rust-safe code.2024-01-025.7CVE-2023-50711
security-advisories@github.com
security-advisories@github.com
samsung_mobile -- nearby_device_scanningImproper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.2024-01-044CVE-2024-20808
mobile.security@samsung.com
samsung_mobile -- nearby_device_scanningImproper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.2024-01-044CVE-2024-20809
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.2024-01-046.8CVE-2024-20803
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.2024-01-046.2CVE-2024-20806
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesImproper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users&#39; notification in a multi-user environment.2024-01-044.6CVE-2024-20802
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesPath traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.2024-01-044CVE-2024-20804
mobile.security@samsung.com
sesami -- cash_point_&_transport_optimizerAn issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack.2023-12-295.5CVE-2023-31292
cve@mitre.org
sesami -- cash_point_&_transport_optimizerCSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field.2023-12-295.3CVE-2023-31296
cve@mitre.org
sesami -- cash_point_&_transport_optimizerCross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User ID field when creating a new system user.2023-12-294.8CVE-2023-31298
cve@mitre.org
sesami -- cash_point_\&_transport_optimizerStored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the Username field of the login form and application log.2023-12-296.1CVE-2023-31301
cve@mitre.org
silicon_labs -- gecko_sdkGlitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.2024-01-036.8CVE-2023-5138
product-security@silabs.com
product-security@silabs.com
sourcecodester -- engineers_online_portalA vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input <script>alert(0)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249182 is the identifier assigned to this vulnerability.2023-12-296.1CVE-2023-7160
cna@vuldb.com
cna@vuldb.com
spider-flow -- spider-flowA vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.2024-01-026.3CVE-2024-0195
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
thirtybees -- bees_blogThe beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled.2023-12-306.1CVE-2023-52264
cve@mitre.org
cve@mitre.org
cve@mitre.org
tongda -- office_anywhere_2017A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this vulnerability is an unknown functionality of the file general/project/proj/delete.php. The manipulation of the argument PROJ_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-249367. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-12-304.3CVE-2023-7180
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
vapor -- vaporVapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities.2024-01-036.5CVE-2024-21631
security-advisories@github.com
security-advisories@github.com
view_component -- view_componentview_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 has been released and fully mitigates both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`.2024-01-046.1CVE-2024-21636
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
winter_cms -- winter_cmsWinter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local File Inclusion vulnerability. This issue has been patched in v1.2.4.2023-12-295.4CVE-2023-52085
security-advisories@github.com
security-advisories@github.com
wiremock -- wiremockWireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area, resulting in the execution of the payload. This occurs because the response body is not validated or sanitized.2023-12-296.1CVE-2023-50069
cve@mitre.org
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms. Thís issue affects Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms through 1.2.8.2023-12-296.1CVE-2023-31095
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit. This issue affects WP Directory Kit through 1.1.9.2023-12-296.1CVE-2023-31229
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager. This issue affects Zephyr Project Manager through 3.3.9.2023-12-296.1CVE-2023-31237
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer. This issue affects Library Viewer through 2.0.6.2023-12-296.1CVE-2023-32101
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder. This issue affects MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder through 4.0.9.3.2023-12-296.1CVE-2023-32517
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS. This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme through 5.9.1.2023-12-296.1CVE-2023-50892
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza - WordPress Website and WooCommerce Builder allows Reflected XSS. This issue affects Impreza - WordPress Website and WooCommerce Builder through 8.17.4.2023-12-296.1CVE-2023-50893
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega - Absolute Addons For Elementor allows Reflected XSS. This issue affects HT Mega - Absolute Addons For Elementor through 2.3.8.2023-12-296.1CVE-2023-50901
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS. This issue affects Google Photos Gallery with Shortcodes through 4.0.2.2023-12-296.1CVE-2023-51373
audit@patchstack.com
wordpress -- wordpressServer-Side Request Forgery (SSRF) vulnerability in Leevio Happy Addons for Elementor. This issue affects Happy Addons for Elementor through 3.9.1.1.2023-12-296.5CVE-2023-51676
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs - Responsive Tabs Plugin for WordPress allows Stored XSS. This issue affects WP Tabs - Responsive Tabs Plugin for WordPressthrough 2.2.0.2024-01-056.5CVE-2023-52124
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS. This issue affects iframe through 4.8.2024-01-056.5CVE-2023-52125
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress. This issue affects teachPress through 9.0.4.2024-01-056.3CVE-2023-52129
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS. This issue affects WP Affiliate Disclosure through 1.2.7.2024-01-056.5CVE-2023-52178
audit@patchstack.com
wordpress -- wordpressThe MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-036.4CVE-2023-6524
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'msg' parameter in all versions up to, and including, 2.8.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-01-036.1CVE-2023-6629
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including user emails, password hashes, usernames, and more.2024-01-046.5CVE-2023-6733
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping. This makes it possible for contributors and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-036.4CVE-2023-6747
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-066.4CVE-2023-6801
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and including, 6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be leveraged to achieve Reflected Cross-site Scripting.2024-01-036.1CVE-2023-6981
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe EmbedPress - Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed_oembed_html shortcode in all versions up to 3.9.5 (exclusive) due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-036.4CVE-2023-6986
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up to, and including, 5.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access and higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-046.4CVE-2023-7044
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress.Com Editing Toolkit allows Stored XSS. This issue affects WordPress.Com Editing Toolkit through 3.78784.2023-12-295.4CVE-2023-50879
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS. This issue affects BuddyPress through 11.3.1.2023-12-295.4CVE-2023-50880
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More allows Stored XSS. This issue affects Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More through 6.9.15.2023-12-295.4CVE-2023-50881
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder - WordPress Page Builder allows Stored XSS. This issue affects Beaver Builder - WordPress Page Builder through 2.7.2.2023-12-295.4CVE-2023-50889
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress - Zoho Forms allows Stored XSS. This issue affects Form plugin for WordPress - Zoho Forms through 3.0.1.2023-12-295.4CVE-2023-50891
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy - Page Builder allows Stored XSS. This issue affects Brizy - Page Builder through 2.4.29.2023-12-295.4CVE-2023-51396
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS. This issue affects WP Remote Site Search through 1.0.4.2023-12-295.4CVE-2023-51397
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS. This issue affects Back Button Widget through 1.6.3.2023-12-295.4CVE-2023-51399
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in CodePeople Calculated Fields Form. This issue affects Calculated Fields Form through 1.2.28.2023-12-295.4CVE-2023-51517
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševi? Stock Ticker allows Stored XSS. This issue affects Stock Ticker through 3.23.4.2023-12-295.4CVE-2023-51541
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List - Price Table Builder & QR Code Restaurant Menu. This issue affects Stylish Price List - Price Table Builder & QR Code Restaurant Menu through 7.0.17.2024-01-055.4CVE-2023-51673
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms - Ultimate Form Builder - Contact forms and much more. This issue affects NEX-Forms - Ultimate Form Builder - Contact forms and much more through 8.5.2.2024-01-055.4CVE-2023-52120
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack - Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images. This issue affects NitroPack - Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images through 1.10.2.2024-01-055.4CVE-2023-52121
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email. This issue affects Send Users Email through 1.4.3.2024-01-055.3CVE-2023-52126
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution. This issue affects 404 Solution through 2.33.0.2024-01-055.3CVE-2023-52146
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager. This issue affects Affiliates Manager through 2.9.30.2024-01-055.3CVE-2023-52148
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button. This issue affects Floating Button through 6.0.2024-01-055.4CVE-2023-52149
audit@patchstack.com
wordpress -- wordpressExposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator - Automate everything with the #1 no-code automation and integration plugin. This issue affects Uncanny Automator - Automate everything with the #1 no-code automation and integration plugin through 5.1.0.2.2024-01-055.3CVE-2023-52151
audit@patchstack.com
wordpress -- wordpressThe Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and 'pagelayer_footer_code' meta fields in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This appears to be a reintroduction of a vulnerability patched in version 1.7.7.2024-01-045.4CVE-2023-6738
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors.2024-01-065.4CVE-2023-6798
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. This is due to missing or incorrect nonce validation in the powerpack-lite-for-elementor/classes/class-pp-admin-settings.php file. This makes it possible for unauthenticated attackers to modify and reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-01-035.3CVE-2023-6984
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings.2024-01-035.4CVE-2024-0201
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms - Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS. This issue affects weForms - Easy Drag & Drop Contact Form Builder For WordPress through 1.6.17.2023-12-294.8CVE-2023-50896
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS. This issue affects Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button through 1.1.8.2023-12-294.8CVE-2023-51361
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget allows Stored XSS. This issue affects Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS, Call Button, Customer Support Button with floating Chat Widget through 1.1.9.2023-12-294.8CVE-2023-51371
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar - WordPress Notification Bar allows Stored XSS. This issue affects HashBar - WordPress Notification Bar through 1.4.1.2023-12-294.8CVE-2023-51372
audit@patchstack.com
wordpress -- wordpressImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS. This issue affects ZeroBounce Email Verification & Validation through 1.0.11.2023-12-294.8CVE-2023-51374
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in CleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk through 6.20.2024-01-054.3CVE-2023-51535
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support - WordPress HelpDesk & Support Plugin. This issue affects Awesome Support - WordPress HelpDesk & Support Plugin through 6.1.5.2024-01-054.3CVE-2023-51538
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions. This issue affects Apollo13 Framework Extensions through 1.9.1.2024-01-054.3CVE-2023-51539
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress. This issue affects Inline Image Upload for BBPress through 1.1.18.2024-01-054.3CVE-2023-51668
audit@patchstack.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More. This issue affects Advanced Access Manager - Restricted Content, Users & Roles, Enhanced Security and More through 6.9.18.2023-12-294.7CVE-2023-51675
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search. This issue affects Doofinder WP & WooCommerce Search through 2.0.33.2024-01-054.3CVE-2023-51678
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building. This issue affects Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building through 3.1.18.2024-01-054.3CVE-2023-52119
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board. This issue affects Simple Job Board through 2.10.6.2024-01-054.3CVE-2023-52122
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials. This issue affects Strong Testimonials through 3.1.10.2024-01-054.3CVE-2023-52123
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce. This issue affects WPC Product Bundles for WooCommerce through 7.3.1.2024-01-054.3CVE-2023-52127
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label - WordPress Custom Admin, Custom Login Page, and Custom Dashboard. This issue affects White Label - WordPress Custom Admin, Custom Login Page, and Custom Dashboard through 2.9.0.2024-01-054.3CVE-2023-52128
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager. This issue affects Affiliates Manager through 2.9.31.2024-01-054.3CVE-2023-52130
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds - A Tweets Widget or X Feed Widget. This issue affects Custom Twitter Feeds - A Tweets Widget or X Feed Widget through 2.1.2.2024-01-054.3CVE-2023-52136
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts. This issue affects Republish Old Posts through 1.21.2024-01-054.3CVE-2023-52145
audit@patchstack.com
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal - A Complete Job Board. This issue affects WP Job Portal - A Complete Job Board through 2.0.6.2024-01-054.3CVE-2023-52184
audit@patchstack.com
wordpress -- wordpressThe Depicter Slider - Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue.2024-01-054.3CVE-2023-6493
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2024-01-044.4CVE-2023-6498
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. This is due to missing or incorrect nonce validation on the 'delete' action of the wp-sms-subscribers page. This makes it possible for unauthenticated attackers to delete subscribers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-01-034.3CVE-2023-6980
security@wordfence.com
security@wordfence.com
security@wordfence.com
wordpress -- wordpressThe WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on theprint_packinglist action in all versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to export orders which can contain sensitive information.2024-01-034.3CVE-2023-7068
security@wordfence.com
security@wordfence.com
zte -- red_magic_8_proPermissions and Access Control Vulnerability in ZTE Red Magic 8 Pro2024-01-046.6CVE-2023-41784
psirt@zte.com.cn
zte -- zxcloud_iraiThere is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges.2024-01-036.7CVE-2023-41776
psirt@zte.com.cn
zte -- zxcloud_iraiThere is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program  failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.2024-01-036.4CVE-2023-41780
psirt@zte.com.cn
zte -- zxcloud_iraiThere is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.2024-01-034.4CVE-2023-41779
psirt@zte.com.cn
zte -- zxcloud_iraiThere is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Due to the program  failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges.2024-01-034.3CVE-2023-41783
psirt@zte.com.cn

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acumos -- design_studioA vulnerability, which was classified as problematic, was found in Acumos Design Studio up to 2.0.7. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 0df8a5e8722188744973168648e4c74c69ce67fd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-249420.2024-01-023.5CVE-2018-25097
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
collective_idea, inc. -- auditedA race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.2024-01-043.1CVE-2024-22047
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security threats.2024-01-033.7CVE-2023-50345
psirt@hcl.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information.2024-01-033.1CVE-2023-50346
psirt@hcl.com
hcl_software -- dryice_myxalyticsHCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. The application returns detailed error messages that can provide an attacker with insight into the application, system, etc.2024-01-033.1CVE-2023-50348
psirt@hcl.com
huiran -- host_reseller_systemA vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444.2024-01-023.7CVE-2024-0186
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
libssh -- libsshA flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.2024-01-033.9CVE-2023-6004
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
mattermost -- mattermostMattermost fails to update the permissions of the current session for a user who was just demoted to guest, allowing freshly demoted guests to change group names.2024-01-023.7CVE-2023-50333
responsibledisclosure@mattermost.com
nueva_ecija_engineer_online_portal -- nueva_ecija_engineer_online_portalA vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability.2024-01-023.1CVE-2024-0188
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal -- nueva_ecija_engineer_online_portalA vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability.2024-01-023.5CVE-2024-0189
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal -- nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503.2024-01-023.5CVE-2024-0190
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal -- nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability.2024-01-012.4CVE-2024-0181
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal -- nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability.2024-01-012.4CVE-2024-0183
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nueva_ecija_engineer_online_portal -- nueva_ecija_engineer_online_portalA vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability.2024-01-022.4CVE-2024-0184
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
openharmony -- openharmonyin OpenHarmony v3.2.2 and prior versions allow a local attacker cause multimedia audio crash through modify a released pointer.2024-01-023.3CVE-2023-49142
scy@openharmony.io
packagekit -- packagekitA use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost.2024-01-033.3CVE-2024-0217
secalert@redhat.com
secalert@redhat.com
qnap_systems_inc. -- qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45039
security@qnapsecurity.com.tw
qnap_systems_inc. -- qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45040
security@qnapsecurity.com.tw
qnap_systems_inc. -- qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45041
security@qnapsecurity.com.tw
qnap_systems_inc. -- qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45042
security@qnapsecurity.com.tw
qnap_systems_inc. -- qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45043
security@qnapsecurity.com.tw
qnap_systems_inc. -- qts/quts_heroA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later2024-01-053.8CVE-2023-45044
security@qnapsecurity.com.tw
qnap_systems_inc. -- qumagieA SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later2024-01-053.5CVE-2023-47219
security@qnapsecurity.com.tw
samsung_mobile -- samsung_emailImplicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information.2024-01-043.3CVE-2024-20807
mobile.security@samsung.com
samsung_mobile -- samsung_mobile_devicesPath traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.2024-01-043.3CVE-2024-20805
mobile.security@samsung.com
wordpress -- wordpressA vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability.2024-01-023.5CVE-2015-10128
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
wordpress -- wordpressURL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security - Password, Two Factor Authentication, and Brute Force Protection. This issue affects Solid Security - Password, Two Factor Authentication, and Brute Force Protection through 8.1.4.2023-12-293.7CVE-2023-28786
audit@patchstack.com
zimbra -- zm-ajaxA vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is 8d039d6efe80780adc40c6f670c06d21de272105. It is recommended to upgrade the affected component. The identifier VDB-249421 was assigned to this vulnerability.2024-01-022.6CVE-2017-20188
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
zte -- zxcloud_iraiThere is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.2024-01-053.9CVE-2023-41782
psirt@zte.com.cn

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
abo.cms -- abo.cmsSQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module.2024-01-06not yet calculatedCVE-2023-46953
cve@mitre.org
aoyun_technology -- pbootcmsAoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend management platform.2024-01-04not yet calculatedCVE-2023-50082
cve@mitre.org
cve@mitre.org
apache -- inlongImproper Control of Generation of Code ('Code Injection') vulnerability in Apache InLong. This issue affects Apache InLong: from 1.5.0 through 1.9.0, which could lead to Remote Code Execution. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/93292024-01-03not yet calculatedCVE-2023-51784
security@apache.org
security@apache.org
apache -- inlongDeserialization of Untrusted Data vulnerability in Apache InLong. This issue affects Apache InLong: from 1.7.0 through 1.9.0, the attackers can make an arbitrary file read attack using mysql driver. Users are advised to upgrade to Apache InLong's 1.10.0 or cherry-pick [1] to solve it. [1]  https://github.com/apache/inlong/pull/93312024-01-03not yet calculatedCVE-2023-51785
security@apache.org
security@apache.org
apache -- openofficeApache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. This is a corner case of CVE-2022-47502.2023-12-29not yet calculatedCVE-2023-47804
security@apache.org
security@apache.org
security@apache.org
apiida_ag -- api_gateway_managerAPIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS).2024-01-03not yet calculatedCVE-2023-50092
cve@mitre.org
cve@mitre.org
apiida_ag -- api_gateway_managerAPIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection.2024-01-03not yet calculatedCVE-2023-50093
cve@mitre.org
cve@mitre.org
autel_robotics -- evo_nanoAutel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS).2024-01-06not yet calculatedCVE-2023-50121
cve@mitre.org
automatic_systems -- soc_fl9600_fastlineDirectory Traversal in Automatic-Systems SOC FL9600 FastLine lego_T04E00 allows a remote attacker to obtain sensitive information.2024-01-03not yet calculatedCVE-2023-37607
cve@mitre.org
cve@mitre.org
cve@mitre.org
automatic_systems -- soc_fl9600_fastlineAn issue in Automatic Systems SOC FL9600 FastLine v.lego_T04E00 allows a remote attacker to obtain sensitive information via the admin login credentials.2024-01-03not yet calculatedCVE-2023-37608
cve@mitre.org
cve@mitre.org
cve@mitre.org
ava_teaching_video_application -- ava_teaching_video_applicationCross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx.2024-01-06not yet calculatedCVE-2023-50609
cve@mitre.org
brave_software,_inc. -- brave_browserBrave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc.2023-12-30not yet calculatedCVE-2023-52263
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cesanta_software -- mjsAn issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_getretvalpos function in the msj.c file.2024-01-02not yet calculatedCVE-2023-49549
cve@mitre.org
cesanta_software -- mjsAn Out of Bounds Write in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_op_json_stringify function in the msj.c file.2024-01-02not yet calculatedCVE-2023-49552
cve@mitre.org
cesanta_software -- mjsAn issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_destroy function in the msj.c file.2024-01-02not yet calculatedCVE-2023-49553
cve@mitre.org
cetic-6lbr -- cetic-6lbrexamples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network.2023-12-31not yet calculatedCVE-2021-46901
cve@mitre.org
cve@mitre.org
cherry -- cherryhandle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution.2024-01-05not yet calculatedCVE-2024-22086
cve@mitre.org
class.upload.php -- class.upload.phpAs a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Developers must be aware of that fact and use extension whitelisting accompanied by forcing the server to always provide content-type based on the file extension. The README has been updated to include these guidelines.2024-01-04not yet calculatedCVE-2023-6551
cvd@cert.pl
cvd@cert.pl
cmark-gfm -- cmark-gfmCommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns.2024-01-04not yet calculatedCVE-2024-22051
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
dzzoffice -- dzzofficeSQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module.2024-01-06not yet calculatedCVE-2023-39853
cve@mitre.org
ehttp -- ehttpehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An attacker can make many connections over a short time to trigger this.2023-12-31not yet calculatedCVE-2023-52266
cve@mitre.org
cve@mitre.org
ehttp -- ehttpehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings.2023-12-31not yet calculatedCVE-2023-52267
cve@mitre.org
cve@mitre.org
encoded_id-rails -- encoded_id-railsencoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial-of-service condition by sending an HTTP request with an extremely long "id" parameter.2024-01-04not yet calculatedCVE-2024-0241
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
firefly-iii -- firefly-iiiFirefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection.2024-01-05not yet calculatedCVE-2024-22075
cve@mitre.org
fit2cloud -- cloud_explorer_liteInsecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter.2024-01-06not yet calculatedCVE-2023-50612
cve@mitre.org
floorsight_software_llc -- customer_portal_q3_2023An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.2024-01-02not yet calculatedCVE-2023-45893
cve@mitre.org
floorsight_software_llc -- insights_q3_2023An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.2024-01-02not yet calculatedCVE-2023-45892
cve@mitre.org
flycms -- flycmsFlyCms through abbaa5a allows XSS via the permission management feature.2024-01-01not yet calculatedCVE-2024-21732
cve@mitre.org
fortanix -- enclaveos_confidential_computing_managerAn issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Lack of pointer-alignment validation logic in entry functions allows a local attacker to access unauthorized information. This relates to the enclave_ecall function and system call layer.2023-12-30not yet calculatedCVE-2023-38021
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
fortanix -- enclaveos_confidential_computing_managerAn issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Insufficient pointer validation allows a local attacker to access unauthorized information. This relates to strlen and sgx_is_within_user.2023-12-30not yet calculatedCVE-2023-38022
cve@mitre.org
cve@mitre.org
gila_cms -- gila_cmsSQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to execute arbitrary web scripts via the Area parameter under the Administration>Widget tab after the login portal.2024-01-02not yet calculatedCVE-2020-26623
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
gila_cms -- gila_cmsA SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the ID parameter after the login portal.2024-01-02not yet calculatedCVE-2020-26624
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
gila_cms -- gila_cmsA SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote attacker to execute arbitrary web scripts via the 'user_id' parameter after the login portal.2024-01-02not yet calculatedCVE-2020-26625
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
gl.inet -- multiple_productsAn issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.2024-01-03not yet calculatedCVE-2023-50921
cve@mitre.org
gl.inet -- multiple_productsAn issue was discovered on GL.iNet devices through 4.5.0. Attackers who are able to steal the AdminToken cookie can execute arbitrary code by uploading a crontab-formatted file to a specific directory and waiting for its execution. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.2024-01-03not yet calculatedCVE-2023-50922
cve@mitre.org
google -- chromeUse after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-04not yet calculatedCVE-2024-0222
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chromeHeap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-04not yet calculatedCVE-2024-0223
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chromeUse after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-04not yet calculatedCVE-2024-0224
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chromeUse after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-04not yet calculatedCVE-2024-0225
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
govuk_tech_docs -- govuk_tech_docsgovuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page.2024-01-04not yet calculatedCVE-2024-22048
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
gpac -- gpacAn issue discovered in GPAC 2.3-DEV-rev605-gfc9e29089-master in MP4Box in gf_avc_change_vui /afltest/gpac/src/media_tools/av_parsers.c:6872:55 allows attackers to crash the application.2024-01-03not yet calculatedCVE-2023-46929
cve@mitre.org
cve@mitre.org
httparty -- httpartyhttparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written.2024-01-04not yet calculatedCVE-2024-22049
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
idurar-erp-crm -- idurar-erp-crmIDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data.2023-12-30not yet calculatedCVE-2023-52265
cve@mitre.org
cve@mitre.org
ifair -- ifairDirectory Traversal vulnerability in fuwushe.org iFair versions 23.8_ad0 and before allows an attacker to obtain sensitive information via a crafted script.2024-01-03not yet calculatedCVE-2023-47473
cve@mitre.org
cve@mitre.org
ifranview -- ifranviewIrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write.2024-01-05not yet calculatedCVE-2020-13878
cve@mitre.org
ifranview -- ifranviewIrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write.2024-01-05not yet calculatedCVE-2020-13879
cve@mitre.org
ifranview -- ifranviewIrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write.2024-01-05not yet calculatedCVE-2020-13880
cve@mitre.org
iodine -- iodinePath traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.2024-01-04not yet calculatedCVE-2024-22050
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
jeecg -- jeecgDeserialization of Untrusted Data in jeecgFormDemoController in JEECG 4.0 and earlier allows attackers to run arbitrary code via crafted POST request.2024-01-03not yet calculatedCVE-2023-49442
cve@mitre.org
jizhicms -- jizhicmsJizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php.2024-01-04not yet calculatedCVE-2023-51154
cve@mitre.org
jupyter_notebook_viewer -- nbviewer_appnbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.2024-01-05not yet calculatedCVE-2023-51277
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
kantega_software_corp. -- kantega_ssoThe Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0 through 5.11.4 before 5.11.5, and 6.0.0 through 6.19.0 before 6.20.0. The full product names are Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Confluence Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bitbucket Data Center & Server (Kantega SSO Enterprise), Kantega SAML SSO OIDC Kerberos Single Sign-on for Bamboo Data Center & Server (Kantega SSO Enterprise), and Kantega SAML SSO OIDC Kerberos Single Sign-on for FeCru Server (Kantega SSO Enterprise). (Here, FeCru refers to the Atlassian Fisheye and Crucible products running together.)2023-12-29not yet calculatedCVE-2023-52240
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
layui -- layuilayui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter.2023-12-30not yet calculatedCVE-2023-50550
cve@mitre.org
linux -- kernelClosing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock).2024-01-05not yet calculatedCVE-2023-34324
security@xen.org
little-backup-box -- little-backup-boxoutdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input.2023-12-30not yet calculatedCVE-2023-52262
cve@mitre.org
cve@mitre.org
lotos_webserver -- lotos_webserverLotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled.2024-01-05not yet calculatedCVE-2024-22088
cve@mitre.org
ly_corp. -- line_appAn issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.2024-01-03not yet calculatedCVE-2023-45559
cve@mitre.org
cve@mitre.org
ly_corp. -- line_appAn issue in A-WORLD OIRASE BEER_waiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.2024-01-02not yet calculatedCVE-2023-45561
cve@mitre.org
cve@mitre.org
cve@mitre.org
mingsoft_mcms -- mingsoft_mcmsMingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do.2023-12-30not yet calculatedCVE-2023-50578
cve@mitre.org
newtonsoft.json -- newtonsoft.jsonNewtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial-of-service condition.2024-01-03not yet calculatedCVE-2024-21907
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
npmjs -- npmjsA host header injection vulnerability exists in the NPM package @perfood/couch-auth versions <= 0.20.0. By sending a specially crafted host header in the forgot password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This may allow an attacker to reset other users' passwords and take over their accounts.2024-01-03not yet calculatedCVE-2023-39655
cve@mitre.org
cve@mitre.org
o-ran_software_community -- o-ran_software_communityAn issue was discovered in O-RAN Software Community ric-plt-e2mgr in the G-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the E2Manager API component.2024-01-03not yet calculatedCVE-2023-42358
cve@mitre.org
open5gs -- open5gsAn issue was discovered in open5gs v2.6.6. InitialUEMessage, Registration request sent at a specific time can crash AMF due to incorrect error handling of Nudm_UECM_Registration response.2024-01-02not yet calculatedCVE-2023-50019
cve@mitre.org
cve@mitre.org
open5gs -- open5gsAn issue was discovered in open5gs v2.6.6. SIGPIPE can be used to crash AMF.2024-01-02not yet calculatedCVE-2023-50020
cve@mitre.org
cve@mitre.org
petero.cbor -- petero.cborPeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial-of-service vulnerability. An attacker may trigger the denial-of-service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial-of-service condition.2024-01-03not yet calculatedCVE-2024-21909
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
pico -- picoroute in main.c in Pico HTTP Server in C through f3b69a6 has a sprintf stack-based buffer overflow via a long URI, leading to remote code execution.2024-01-05not yet calculatedCVE-2024-22087
cve@mitre.org
plotly -- plotlyIn Plotly plotly.js before 2.25.2, plot API calls have a risk of __proto__ being polluted in expandObjectPaths or nestedProperty.2024-01-03not yet calculatedCVE-2023-46308
cve@mitre.org
cve@mitre.org
prestashop -- prestashopSQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method.2024-01-05not yet calculatedCVE-2023-50027
cve@mitre.org
pycryptodome/pycryptodomex -- pycryptodome/pycryptodomexPyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.2024-01-05not yet calculatedCVE-2023-52323
cve@mitre.org
cve@mitre.org
rengine -- renginereNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output.2024-01-01not yet calculatedCVE-2023-50094
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
royal_tsx -- royal_tsxRoyal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ file, if the victim clicks on Test Connection. This occurs during SecureGatewayHost object processing in RAPortCheck.createNWConnection.2023-12-31not yet calculatedCVE-2023-52277
cve@mitre.org
s-cms -- s-cmsS-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.2024-01-04not yet calculatedCVE-2023-29962
cve@mitre.org
cve@mitre.org
scone -- sconeA lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.2023-12-30not yet calculatedCVE-2022-46486
cve@mitre.org
cve@mitre.org
cve@mitre.org
scone -- sconeAn issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Lack of pointer-alignment logic in __scone_dispatch and other entry functions allows a local attacker to access unauthorized information, aka an "AEPIC Leak."2023-12-30not yet calculatedCVE-2023-38023
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
sesami -- cash_point_&_transport_optimizerAn issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in the Reader system user's web browser, allowing the journal to be displayed, despite the option being disabled.2023-12-29not yet calculatedCVE-2023-31293
cve@mitre.org
sesami -- cash_point_&_transport_optimizerCSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.2023-12-29not yet calculatedCVE-2023-31294
cve@mitre.org
sesami -- cash_point_&_transport_optimizerCSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.2023-12-29not yet calculatedCVE-2023-31295
cve@mitre.org
sesami -- cash_point_&_transport_optimizerCross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container.2023-12-29not yet calculatedCVE-2023-31299
cve@mitre.org
sesami -- cash_point_&_transport_optimizerAn issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password Reset feature.2023-12-29not yet calculatedCVE-2023-31300
cve@mitre.org
sesami -- cash_point_&_transport_optimizerCross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field.2023-12-29not yet calculatedCVE-2023-31302
cve@mitre.org
spip -- spipecrire/public/assembler.php in SPIP before 4.1.3 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.2024-01-04not yet calculatedCVE-2023-52322
cve@mitre.org
cve@mitre.org
springblade -- springbladeAn issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via the lack of permissions control framework.2024-01-02not yet calculatedCVE-2023-47458
cve@mitre.org
cve@mitre.org
cve@mitre.org
stmicroelectronics_n.v. -- stsafe-a1xxSTMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application.2024-01-01not yet calculatedCVE-2023-50096
cve@mitre.org
sympa -- sympaSympa before 6.2.62 relies on a cookie parameter for certain security objectives but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.2023-12-31not yet calculatedCVE-2021-46900
cve@mitre.org
cve@mitre.org
cve@mitre.org
tecno_mobile -- tecno_camon_x_ca7Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension.2023-12-31not yet calculatedCVE-2023-52275
cve@mitre.org
cve@mitre.org
tenda -- ax3Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList.2024-01-04not yet calculatedCVE-2023-51812
cve@mitre.org
tenda -- i29Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function.2024-01-05not yet calculatedCVE-2023-50991
cve@mitre.org
the_genie_company -- aladdin_connectUsers' product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. This allows the attacker, with access to the android device, to potentially retrieve users' clear text authentication credentials.2024-01-03not yet calculatedCVE-2023-5879
cve@rapid7.con
the_genie_company -- aladdin_connectWhen the Genie Company Aladdin Connect garage door opener (Retrofit-Kit Model ALDCM) is placed into configuration mode the web servers "Garage Door Control Module Setup" page is vulnerable to XSS via a broadcast SSID name containing malicious code with client side Java Script and/or HTML. This allows the attacker to inject malicious code with client side Java Script and/or HTML into the users' web browser. 2024-01-03not yet calculatedCVE-2023-5880
cve@rapid7.con
the_genie_company -- aladdin_connectUnauthenticated access permitted to web interface page The Genie Company Aladdin Connect (Retrofit-Kit Model ALDCM) "Garage Door Control Module Setup" and modify the Garage door's SSID settings.2024-01-03not yet calculatedCVE-2023-5881
cve@rapid7.con
tinymce -- tinymceTinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.2024-01-03not yet calculatedCVE-2024-21908
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
tinymce -- tinymceTinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.2024-01-03not yet calculatedCVE-2024-21910
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
tinymce -- tinymceTinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.2024-01-03not yet calculatedCVE-2024-21911
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
tms -- tmsCross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function.2024-01-04not yet calculatedCVE-2023-50630
cve@mitre.org
ureport2 -- ureport2Arbitrary File Write vulnerability in the saveReportFile method of ureport2 2.2.9 and before allows attackers to write arbitrary files and run arbitrary commands via crafted POST request.2024-01-03not yet calculatedCVE-2023-50090
cve@mitre.org
wasm-micro-runtime -- wasm-micro-runtimeBytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have a "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.2023-12-31not yet calculatedCVE-2023-52284
cve@mitre.org
cve@mitre.org
cve@mitre.org
wordpress -- wordpressThe affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for requests to its affiliate-toolkit-starter/tools/atkp_imagereceiver.php endpoint, allowing unauthenticated visitors to make requests to arbitrary URL's, including RFC1918 private addresses, leading to a Server Side Request Forgery (SSRF) issue.2024-01-01not yet calculatedCVE-2023-5877
contact@wpscan.com
wordpress -- wordpressThe Popup Builder WordPress plugin before 4.2.3 does not prevent simple visitors from updating existing popups, and injecting raw JavaScript in them, which could lead to Stored XSS attacks.2024-01-01not yet calculatedCVE-2023-6000
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpressThe WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-01-01not yet calculatedCVE-2023-6037
contact@wpscan.com
wordpress -- wordpressThe PayHere Payment Gateway WordPress plugin before 2.2.12 automatically creates publicly accessible log files containing sensitive information when transactions occur.2024-01-01not yet calculatedCVE-2023-6064
contact@wpscan.com
wordpress -- wordpressThe WP STAGING WordPress Backup Plugin before 3.1.3 and WP STAGING Pro WordPress Backup Plugin before 5.1.3 do not prevent visitors from leaking key information about ongoing backups processes, allowing unauthenticated attackers to download said backups later.2024-01-01not yet calculatedCVE-2023-6113
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpressThe Backup Migration WordPress plugin before 1.3.6 stores in-progress backups information in easy to find, publicly accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups.2024-01-01not yet calculatedCVE-2023-6271
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpressThe Download Manager WordPress plugin before 3.2.83 does not protect file download's passwords, leaking it upon receiving an invalid one.2024-01-01not yet calculatedCVE-2023-6421
contact@wpscan.com
wordpress -- wordpressThe Html5 Video Player WordPress plugin before 2.5.19 does not sanitize and escape some of its player settings, which combined with missing capability checks around the plugin could allow any authenticated users, such as low as subscribers to perform Stored Cross-Site Scripting attacks against high privilege users like admins.2024-01-01not yet calculatedCVE-2023-6485
contact@wpscan.com
wordpress -- wordpressThe POST SMTP WordPress plugin before 2.8.7 does not sanitize and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2024-01-03not yet calculatedCVE-2023-6621
contact@wpscan.com
xen -- xenArm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetic in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore, there is no guarantee when all the writes will reach the memory.2024-01-05not yet calculatedCVE-2023-34321
security@xen.org
xen -- xenFor migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough.2024-01-05not yet calculatedCVE-2023-34322
security@xen.org
xen -- xenWhen a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default).2024-01-05not yet calculatedCVE-2023-34323
security@xen.org
xen -- xen[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. After further analysis the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project ("An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub's XFS file system implementation.") CVE-2023-34325 refers specifically to the vulnerabilities in Xen's copy of libfsimage, which is descended from a very old version of grub.2024-01-05not yet calculatedCVE-2023-34325
security@xen.org
xen -- xenThe caching invalidation guidelines from the AMD-Vi specification (48882-Rev 3.07-PUB-Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions.2024-01-05not yet calculatedCVE-2023-34326
security@xen.org
xen -- xen[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately, there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.2024-01-05not yet calculatedCVE-2023-34327
security@xen.org
xen -- xen[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately, there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely.2024-01-05not yet calculatedCVE-2023-34328
security@xen.org
xen -- xenThe current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4-page table levels. However, dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks.2024-01-05not yet calculatedCVE-2023-46835
security@xen.org
xen -- xenThe fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen.2024-01-05not yet calculatedCVE-2023-46836
security@xen.org
xen -- xenArm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetic in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore, there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient.2024-01-05not yet calculatedCVE-2023-46837
security@xen.org
yasm -- yasmUse After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.2024-01-03not yet calculatedCVE-2023-49554
cve@mitre.org
yasm -- yasmAn issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.2024-01-03not yet calculatedCVE-2023-49555
cve@mitre.org
yasm -- yasmBuffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.2024-01-03not yet calculatedCVE-2023-49556
cve@mitre.org
yasm -- yasmAn issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.2024-01-03not yet calculatedCVE-2023-49557
cve@mitre.org
yasm -- yasmAn issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.2024-01-03not yet calculatedCVE-2023-49558
cve@mitre.org

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.