Vulnerability Summary for the Week of January 8, 2024
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abocms -- abo.cms | SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. | 2024-01-06 | 9.8 | CVE-2023-46953 cve@mitre.org |
acme -- ultra_mini_httpd | A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819. | 2024-01-07 | 7.5 | CVE-2024-0263 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
advancedcustomfields -- advanced_custom_fields | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. | 2024-01-08 | 7.5 | CVE-2022-40696 audit@patchstack.com |
alekseykurepin -- pico_http_server_in_c | route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. | 2024-01-05 | 9.8 | CVE-2024-22087 cve@mitre.org |
altassian -- bitbucket | An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | 2024-01-09 | 8.3 | CVE-2023-50931 cve@mitre.org |
altassian -- jira | An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Jira, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | 2024-01-09 | 8.3 | CVE-2023-50930 cve@mitre.org |
ami -- megarac_sp-x | AMI's SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 2024-01-09 | 8.8 | CVE-2023-3043 biossecurity@ami.com |
ami -- megarac_sp-x | AMI's SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 2024-01-09 | 8.8 | CVE-2023-37293 biossecurity@ami.com |
ami -- megarac_sp-x | AMI's SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 2024-01-09 | 8.8 | CVE-2023-37294 biossecurity@ami.com |
ami -- megarac_sp-x | AMI's SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 2024-01-09 | 8.8 | CVE-2023-37295 biossecurity@ami.com |
ami -- megarac_sp-x | AMI's SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 2024-01-09 | 8.8 | CVE-2023-37296 biossecurity@ami.com |
ami -- megarac_sp-x | AMI's SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 2024-01-09 | 8.8 | CVE-2023-37297 biossecurity@ami.com |
ami -- megarac_sp-x | AMI's SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 2024-01-09 | 7.8 | CVE-2023-34332 biossecurity@ami.com |
ami -- megarac_sp-x | AMI's SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 2024-01-09 | 7.8 | CVE-2023-34333 biossecurity@ami.com |
apache -- axis | ** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome. | 2024-01-06 | 7.2 | CVE-2023-51441 security@apache.org security@apache.org |
apollo13themes -- apollo13_framework_extensions | Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1. | 2024-01-05 | 8.8 | CVE-2023-51539 audit@patchstack.com |
apple -- macos | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution. | 2024-01-10 | 7.8 | CVE-2023-42826 product-security@apple.com |
apple -- macos | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents. | 2024-01-10 | 7.1 | CVE-2023-42876 product-security@apple.com |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges. | 2024-01-10 | 7.8 | CVE-2023-42933 product-security@apple.com |
atlassian -- confluence | An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Confluence, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. | 2024-01-09 | 8.3 | CVE-2023-50932 cve@mitre.org |
azure -- ipam | Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0. | 2024-01-10 | 9.1 | CVE-2024-21638 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
azuread -- activedirectory_identitymodel_extensions_for_dotnet | IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher. | 2024-01-10 | 7.1 | CVE-2024-21643 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
backupbliss -- clone | The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path. | 2024-01-08 | 7.5 | CVE-2023-6750 contact@wpscan.com |
basixonline -- nex-forms | Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms - Ultimate Form Builder - Contact forms and much more.This issue affects NEX-Forms - Ultimate Form Builder - Contact forms and much more: from n/a through 8.5.2. | 2024-01-05 | 8.8 | CVE-2023-52120 audit@patchstack.com |
blueastral -- page_builder\ | Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25. | 2024-01-08 | 7.2 | CVE-2023-52206 audit@patchstack.com |
bosch -- bcc101 | Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. | 2024-01-09 | 8.3 | CVE-2023-49722 psirt@bosch.com |
briandgoad -- ptypeconverter | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Brian D. Goad pTypeConverter.This issue affects pTypeConverter: from n/a through 0.2.8.1. | 2024-01-08 | 8.8 | CVE-2023-52201 audit@patchstack.com |
buy-addons -- bazoom_magnifier | SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. | 2024-01-05 | 9.8 | CVE-2023-50027 cve@mitre.org |
byzoro -- smart_s150_firmware | A vulnerability was found in Beijing Baichuo Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 9.8 | CVE-2024-0300 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
canonical -- snapd | Race condition in snap-confine's must_mkdir_and_open_with_perms() | 2024-01-08 | 7 | CVE-2022-3328 security@ubuntu.com security@ubuntu.com |
checkmk -- checkmk | Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials | 2024-01-12 | 8.8 | CVE-2023-31211 security@checkmk.com |
checkmk -- checkmk | Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 2024-01-12 | 8.8 | CVE-2023-6735 security@checkmk.com |
checkmk -- checkmk | Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges | 2024-01-12 | 8.8 | CVE-2023-6740 security@checkmk.com |
chendotjs -- lotos_webserver | Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. | 2024-01-05 | 9.8 | CVE-2024-22088 cve@mitre.org |
cleantalk -- spam_protection\,_antispam\,_firewall | Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. | 2024-01-05 | 8.8 | CVE-2023-51535 audit@patchstack.com |
clerk -- javascript | Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | 2024-01-12 | 9 | CVE-2024-22206 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
cloud_foundry -- routing_release | Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment. | 2024-01-12 | 7.5 | CVE-2023-34061 security@vmware.com |
code-projects -- dormitory_management_system | A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579. | 2024-01-12 | 7.3 | CVE-2024-0474 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- simple_online_hotel_reservation_system | A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability. | 2024-01-10 | 9.8 | CVE-2024-0359 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
constantcontact -- constant_contact_forms | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2. | 2024-01-08 | 7.5 | CVE-2023-52208 audit@patchstack.com |
cozmoslabs -- profile_builder_pro | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0. | 2024-01-13 | 7.1 | CVE-2024-22142 audit@patchstack.com |
dataiku -- data_science_studio | Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. | 2024-01-09 | 9.8 | CVE-2023-51717 cve@mitre.org cve@mitre.org |
dedecms -- dedecms | A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-07 | 9.8 | CVE-2023-7212 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
demon1a -- discord-recon | Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8. | 2024-01-09 | 8.8 | CVE-2024-21663 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
discourse -- discourse | Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. | 2024-01-12 | 8.6 | CVE-2023-48297 security-advisories@github.com |
dtale --dtale | D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users. | 2024-01-05 | 7.5 | CVE-2024-21642 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
engineers_online_portal_project -- engineers_online_portal | A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816. | 2024-01-07 | 7.5 | CVE-2024-0260 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
evernote -- evernote | An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. | 2024-01-09 | 9.8 | CVE-2023-50643 cve@mitre.org cve@mitre.org |
fastify -- reply-from | fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in '@fastify/reply-from` version 9.6.0. | 2024-01-08 | 7.5 | CVE-2023-51701 security-advisories@github.com security-advisories@github.com |
fhs-opensource -- iparking | A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868. | 2024-01-08 | 9.8 | CVE-2024-0301 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
fhs-opensource -- iparking | A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249869 was assigned to this vulnerability. | 2024-01-08 | 9.8 | CVE-2024-0302 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
fit2cloud -- cloudexplorer_lite | Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. | 2024-01-06 | 7.8 | CVE-2023-50612 cve@mitre.org |
flycms_project -- flycms | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. | 2024-01-08 | 8.8 | CVE-2023-52072 cve@mitre.org |
flycms_project -- flycms | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. | 2024-01-08 | 8.8 | CVE-2023-52073 cve@mitre.org |
flycms_project -- flycms | FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. | 2024-01-08 | 8.8 | CVE-2023-52074 cve@mitre.org |
fonttools -- fonttools | fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0. | 2024-01-10 | 7.5 | CVE-2023-45139 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
fortinet -- fortios | An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. | 2024-01-10 | 8.8 | CVE-2023-44250 psirt@fortinet.com |
fortinet -- fortiportal | A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. | 2024-01-10 | 7.2 | CVE-2023-46712 psirt@fortinet.com |
framework --framework | Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe. | 2024-01-05 | 7.5 | CVE-2024-21641 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
ftpdmin_project -- ftpdmin | A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability. | 2024-01-07 | 7.5 | CVE-2024-0261 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gecka -- terms_thumbnails | Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1. | 2024-01-08 | 8.8 | CVE-2023-52219 audit@patchstack.com |
getawesomesupport -- awesome_support | Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support - WordPress HelpDesk & Support Plugin.This issue affects Awesome Support - WordPress HelpDesk & Support Plugin: from n/a through 6.1.5. | 2024-01-05 | 8.8 | CVE-2023-51538 audit@patchstack.com |
gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request. | 2024-01-12 | 7.6 | CVE-2023-4812 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user. | 2024-01-12 | 7.3 | CVE-2023-5356 cve@gitlab.com cve@gitlab.com |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. | 2024-01-12 | 10 | CVE-2023-7028 cve@gitlab.com cve@gitlab.com |
gitpython-developers -- gitpython | GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. | 2024-01-11 | 7.8 | CVE-2024-22190 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
go-git -- go-git | A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli. | 2024-01-12 | 9.8 | CVE-2023-49569 cve-requests@bitdefender.com |
go-git -- go-git | A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli. | 2024-01-12 | 7.5 | CVE-2023-49568 cve-requests@bitdefender.com |
goauthentik -- authentik | Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6. | 2024-01-11 | 7.6 | CVE-2024-21637 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
gofiber -- template | This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. | 2024-01-11 | 9.3 | CVE-2024-22199 security-advisories@github.com security-advisories@github.com |
gpac -- gpac | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. | 2024-01-08 | 9.8 | CVE-2024-0321 security@huntr.dev security@huntr.dev |
gpac -- gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. | 2024-01-08 | 9.1 | CVE-2024-0322 security@huntr.dev security@huntr.dev |
gtkwave -- gtkwave | An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-32650 talos-cna@cisco.com |
gtkwave -- gtkwave | An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-34087 talos-cna@cisco.com |
gtkwave -- gtkwave | An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-34436 talos-cna@cisco.com |
gtkwave -- gtkwave | An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-35004 talos-cna@cisco.com |
gtkwave -- gtkwave | An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-35057 talos-cna@cisco.com |
gtkwave -- gtkwave | An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-35128 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32 function. | 2024-01-08 | 7.8 | CVE-2023-35702 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint64 function. | 2024-01-08 | 7.8 | CVE-2023-35703 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32WithSkip function. | 2024-01-08 | 7.8 | CVE-2023-35704 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `LZ4_decompress_safe_partial`. | 2024-01-08 | 7.8 | CVE-2023-35955 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `fastlz_decompress`. | 2024-01-08 | 7.8 | CVE-2023-35956 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `uncompress`. | 2024-01-08 | 7.8 | CVE-2023-35957 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the copy function `fstFread`. | 2024-01-08 | 7.8 | CVE-2023-35958 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns `.ghw` decompression. | 2024-01-08 | 7.8 | CVE-2023-35959 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in `vcd_main`. | 2024-01-08 | 7.8 | CVE-2023-35960 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in `vcd_recorder_main`. | 2024-01-08 | 7.8 | CVE-2023-35961 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2vzt` utility. | 2024-01-08 | 7.8 | CVE-2023-35962 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt2` utility. | 2024-01-08 | 7.8 | CVE-2023-35963 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt` utility. | 2024-01-08 | 7.8 | CVE-2023-35964 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types. | 2024-01-08 | 7.8 | CVE-2023-35969 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type. | 2024-01-08 | 7.8 | CVE-2023-35970 talos-cna@cisco.com |
gtkwave -- gtkwave | An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-35989 talos-cna@cisco.com |
gtkwave -- gtkwave | An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-35992 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta initialization part. | 2024-01-08 | 7.8 | CVE-2023-35994 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 1. | 2024-01-08 | 7.8 | CVE-2023-35995 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 0. | 2024-01-08 | 7.8 | CVE-2023-35996 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 2 or more. | 2024-01-08 | 7.8 | CVE-2023-35997 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when parsing the time table. | 2024-01-08 | 7 | CVE-2023-36746 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when `beg_time` does not match the start of the time table. | 2024-01-08 | 7 | CVE-2023-36747 talos-cna@cisco.com |
gtkwave -- gtkwave | An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-36861 talos-cna@cisco.com |
gtkwave -- gtkwave | An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-36864 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table` array. | 2024-01-08 | 7.8 | CVE-2023-36915 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array. | 2024-01-08 | 7.8 | CVE-2023-36916 talos-cna@cisco.com |
gtkwave -- gtkwave | An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-37282 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's legacy VCD parsing code. | 2024-01-08 | 7.8 | CVE-2023-37416 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI's interactive VCD parsing code. | 2024-01-08 | 7.8 | CVE-2023-37417 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37418 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37419 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37420 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's default VCD parsing code. | 2024-01-08 | 7.8 | CVE-2023-37442 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's legacy VCD parsing code. | 2024-01-08 | 7.8 | CVE-2023-37443 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI's interactive VCD parsing code. | 2024-01-08 | 7.8 | CVE-2023-37444 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37445 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37446 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37447 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's recoder (default) VCD parsing code. | 2024-01-08 | 7.8 | CVE-2023-37573 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's legacy VCD parsing code. | 2024-01-08 | 7.8 | CVE-2023-37574 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI's interactive VCD parsing code. | 2024-01-08 | 7.8 | CVE-2023-37575 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2vzt conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37576 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt2 conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37577 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37578 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37921 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt2 conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37922 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility. | 2024-01-08 | 7.8 | CVE-2023-37923 talos-cna@cisco.com |
gtkwave -- gtkwave | A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-38583 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array. | 2024-01-08 | 7.8 | CVE-2023-38618 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array. | 2024-01-08 | 7.8 | CVE-2023-38619 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array. | 2024-01-08 | 7.8 | CVE-2023-38620 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array. | 2024-01-08 | 7.8 | CVE-2023-38621 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array. | 2024-01-08 | 7.8 | CVE-2023-38622 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array. | 2024-01-08 | 7.8 | CVE-2023-38623 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop. | 2024-01-08 | 7.8 | CVE-2023-38648 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop. | 2024-01-08 | 7.8 | CVE-2023-38649 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero. | 2024-01-08 | 7.8 | CVE-2023-38650 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero. | 2024-01-08 | 7.8 | CVE-2023-38651 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero. | 2024-01-08 | 7.8 | CVE-2023-38652 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero. | 2024-01-08 | 7.8 | CVE-2023-38653 talos-cna@cisco.com |
gtkwave -- gtkwave | An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 2024-01-08 | 7.8 | CVE-2023-38657 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->numrealfacs`. | 2024-01-08 | 7.8 | CVE-2023-39234 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->num_time_ticks`. | 2024-01-08 | 7.8 | CVE-2023-39235 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array. | 2024-01-08 | 7.8 | CVE-2023-39270 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array. | 2024-01-08 | 7.8 | CVE-2023-39271 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array. | 2024-01-08 | 7.8 | CVE-2023-39272 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array. | 2024-01-08 | 7.8 | CVE-2023-39273 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array. | 2024-01-08 | 7.8 | CVE-2023-39274 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array. | 2024-01-08 | 7.8 | CVE-2023-39275 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_pointers` array. | 2024-01-08 | 7.8 | CVE-2023-39316 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_lens` array. | 2024-01-08 | 7.8 | CVE-2023-39317 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation. | 2024-01-08 | 7.8 | CVE-2023-39413 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation. | 2024-01-08 | 7.3 | CVE-2023-39414 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop. | 2024-01-08 | 7.8 | CVE-2023-39443 talos-cna@cisco.com |
gtkwave -- gtkwave | Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop. | 2024-01-08 | 7.8 | CVE-2023-39444 talos-cna@cisco.com |
hancom -- hcell | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893. | 2024-01-12 | 8.8 | CVE-2023-40250 vuln@krcert.or.kr |
haokekeji -- yiqiniu | A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652. | 2024-01-13 | 7.3 | CVE-2024-0510 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
hayyp -- cherry | handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. | 2024-01-05 | 9.8 | CVE-2024-22086 cve@mitre.org |
hex_workshop -- hex_workshop | A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown. | 2024-01-11 | 7.3 | CVE-2024-0429 cve-coordination@incibe.es |
hyperledger -- aries-cloudagent-python | Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own. This vulnerability has been present since version 0.7.0 and fixed in version 0.10.5. | 2024-01-11 | 9.9 | CVE-2024-21669 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
ibm -- cics_transaction_gateway | IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. IBM X-Force ID: 270259. | 2024-01-08 | 8.1 | CVE-2023-47140 psirt@us.ibm.com psirt@us.ibm.com nvd@nist.gov |
ibm -- db2 | IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | 2024-01-07 | 7.8 | CVE-2023-47145 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. | 2024-01-11 | 8.4 | CVE-2023-31003 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- storage_fusion_hci | IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. | 2024-01-08 | 9.8 | CVE-2023-50948 psirt@us.ibm.com psirt@us.ibm.com |
icegram -- icegram_engage | Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18. | 2024-01-05 | 8.8 | CVE-2023-52119 audit@patchstack.com |
inc2734 -- mw_wp_form | The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the '_single_file_upload' function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-01-11 | 9.8 | CVE-2023-6316 security@wordfence.com security@wordfence.com security@wordfence.com |
inis_project -- inis | A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p_url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249875. | 2024-01-08 | 8.8 | CVE-2024-0308 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
irfanview -- b3d | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. | 2024-01-05 | 9.8 | CVE-2020-13878 cve@mitre.org |
irfanview -- b3d | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. | 2024-01-05 | 9.8 | CVE-2020-13879 cve@mitre.org |
irfanview -- b3d | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. | 2024-01-05 | 9.8 | CVE-2020-13880 cve@mitre.org |
ivanti -- connect_secure | A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. | 2024-01-12 | 9.1 | CVE-2024-21887 support@hackerone.com |
ivanti -- connect_secure | An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. | 2024-01-12 | 8.2 | CVE-2023-46805 support@hackerone.com |
ivanti -- endpoint_manager | An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. | 2024-01-09 | 8.8 | CVE-2023-39336 support@hackerone.com |
javik -- randomize | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3. | 2024-01-08 | 8.8 | CVE-2023-52204 audit@patchstack.com |
juniper_networks -- junos_os | An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2. | 2024-01-12 | 7.5 | CVE-2024-21595 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3. | 2024-01-12 | 7.5 | CVE-2024-21606 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1. | 2024-01-12 | 7.5 | CVE-2024-21611 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS * 22.2 versions earlier than 22.2R2-S2, 22.2R3; * 22.3 versions earlier than 22.3R2, 22.3R3. Juniper Networks Junos OS Evolved * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO. This issue does not affect Juniper Networks: Junos OS versions earlier than 22.2R1; Junos OS Evolved versions earlier than 22.2R1-EVO. | 2024-01-12 | 7.5 | CVE-2024-21614 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. | 2024-01-12 | 7.5 | CVE-2024-21616 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3. | 2024-01-12 | 9.8 | CVE-2024-21591 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os_evolved | A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS. This issue does not happen with IPv6 packets. This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L: * 21.4-EVO versions earlier than 21.4R3-S6-EVO; * 22.1-EVO versions earlier than 22.1R3-S5-EVO; * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO. | 2024-01-12 | 7.5 | CVE-2024-21602 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os_evolved | An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring. The following log messages can be seen when this issue occurs: <host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet This issue affects Juniper Networks Junos OS Evolved: * All versions earlier than 20.4R3-S7-EVO; * 21.2R1-EVO and later versions; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S2-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO; * 22.4-EVO versions earlier than 22.4R2-EVO. | 2024-01-12 | 7.5 | CVE-2024-21604 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os_evolved | An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO. | 2024-01-12 | 7.5 | CVE-2024-21612 sirt@juniper.net sirt@juniper.net |
juniper_networks -- paragon_active_assurance | An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0. | 2024-01-12 | 7.4 | CVE-2024-21589 sirt@juniper.net sirt@juniper.net |
kashipara -- food_management_system | A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848. | 2024-01-07 | 9.8 | CVE-2024-0287 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This affects an unknown part of the file rawstock_used_damaged_submit.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249849 was assigned to this vulnerability. | 2024-01-08 | 9.8 | CVE-2024-0288 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability. | 2024-01-08 | 9.8 | CVE-2024-0289 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851. | 2024-01-08 | 9.8 | CVE-2024-0290 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
korenix -- jetnet_series | An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. | 2024-01-09 | 8.6 | CVE-2023-5376 office@cyberdanube.com office@cyberdanube.com office@cyberdanube.com office@cyberdanube.com |
korenix -- jetnet_series | An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. | 2024-01-09 | 9.8 | CVE-2023-5347 office@cyberdanube.com office@cyberdanube.com office@cyberdanube.com office@cyberdanube.com |
kutethemes -- ovic_responsive_wpbakery | The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks. | 2024-01-08 | 8.8 | CVE-2023-5235 contact@wpscan.com |
likeshop --likeshop | A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120. | 2024-01-09 | 7.3 | CVE-2024-0352 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
linux -- kernel | An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. | 2024-01-12 | 7.8 | CVE-2023-6040 security@ubuntu.com security@ubuntu.com security@ubuntu.com |
linux -- linux_kernel | It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | 2024-01-08 | 7.8 | CVE-2022-2586 security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com |
linux -- linux_kernel | io_uring UAF, Unix SCM garbage collection | 2024-01-08 | 7 | CVE-2022-2602 security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com |
linux --kernel | It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. | 2024-01-08 | 7.8 | CVE-2021-3600 security@ubuntu.com security@ubuntu.com security@ubuntu.com |
linux --kernel | It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. | 2024-01-08 | 7.8 | CVE-2022-2588 security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com |
lopalopa -- dynamic_lab_management_system | A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability. | 2024-01-08 | 7.5 | CVE-2024-0306 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
lopalopa -- dynamic_lab_management_system | A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability. | 2024-01-08 | 7.5 | CVE-2024-0307 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
machothemes -- strong_testimonials | Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10. | 2024-01-05 | 8.8 | CVE-2023-52123 audit@patchstack.com |
manageengine -- adselfservice_plus | ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. | 2024-01-11 | 8.8 | CVE-2024-0252 0fc0942c-577d-436f-ae8e-945763c79b02 |
mariosalexandrou -- republish_old_posts | Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21. | 2024-01-05 | 8.8 | CVE-2023-52145 audit@patchstack.com |
mate-desktop -- atril | Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6. | 2024-01-12 | 9.6 | CVE-2023-51698 security-advisories@github.com security-advisories@github.com |
meowapps -- database_cleaner | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8. | 2024-01-08 | 7.5 | CVE-2023-51508 audit@patchstack.com |
metagauss -- profilegrid | Missing Authorization vulnerability in Profilegrid ProfileGrid - User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid - User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. | 2024-01-08 | 8.8 | CVE-2022-36352 audit@patchstack.com |
microchip -- maxview_storage_manager | In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339). | 2024-01-08 | 9.1 | CVE-2024-22216 cve@mitre.org |
microsoft -- .net | .NET Denial of Service Vulnerability | 2024-01-09 | 7.5 | CVE-2024-20672 secure@microsoft.com |
microsoft -- .net_8.0 | NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | 2024-01-09 | 9.1 | CVE-2024-0057 secure@microsoft.com |
microsoft -- .net_framework | .NET Framework Denial of Service Vulnerability | 2024-01-09 | 7.5 | CVE-2024-21312 secure@microsoft.com |
microsoft -- azure_storage_mover | Azure Storage Mover Remote Code Execution Vulnerability | 2024-01-09 | 8 | CVE-2024-20676 secure@microsoft.com |
microsoft -- azure_uamqp | Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01. | 2024-01-09 | 9.8 | CVE-2024-21646 security-advisories@github.com security-advisories@github.com |
microsoft -- microsoft_office_2019 | <p>A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.</p> <p>3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.</p> <p>This change is effective as of the January 9, 2024 security update.</p> | 2024-01-09 | 7.8 | CVE-2024-20677 secure@microsoft.com |
microsoft -- microsoft_sql_server_2022_(gdr) | Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | 2024-01-09 | 8.7 | CVE-2024-0056 secure@microsoft.com |
microsoft -- microsoft_visual_studio_2017_version_15.9_(includes_15.0_-_15.8) | Visual Studio Elevation of Privilege Vulnerability | 2024-01-09 | 7.8 | CVE-2024-20656 secure@microsoft.com |
microsoft -- printer_metadata_troubleshooter_tool | Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | 2024-01-09 | 7.8 | CVE-2024-21325 secure@microsoft.com |
microsoft -- sharepoint_server | Microsoft SharePoint Server Remote Code Execution Vulnerability | 2024-01-09 | 8.8 | CVE-2024-21318 secure@microsoft.com |
microsoft -- windows_10_1507 | Windows Kerberos Security Feature Bypass Vulnerability | 2024-01-09 | 8.8 | CVE-2024-20674 secure@microsoft.com |
microsoft -- windows_10_1507 | Microsoft Message Queuing Denial of Service Vulnerability | 2024-01-09 | 7.5 | CVE-2024-20661 secure@microsoft.com |
microsoft -- windows_10_1507 | Windows Cryptographic Services Remote Code Execution Vulnerability | 2024-01-09 | 7.8 | CVE-2024-20682 secure@microsoft.com |
microsoft -- windows_10_1507 | Win32k Elevation of Privilege Vulnerability | 2024-01-09 | 7.8 | CVE-2024-20683 secure@microsoft.com |
microsoft -- windows_10_1507 | Microsoft AllJoyn API Denial of Service Vulnerability | 2024-01-09 | 7.5 | CVE-2024-20687 secure@microsoft.com |
microsoft -- windows_10_1507 | Remote Desktop Client Remote Code Execution Vulnerability | 2024-01-09 | 7.5 | CVE-2024-21307 secure@microsoft.com |
microsoft -- windows_10_1809 | Windows Libarchive Remote Code Execution Vulnerability | 2024-01-09 | 7.3 | CVE-2024-20696 secure@microsoft.com |
microsoft -- windows_10_1809 | Windows Kernel Elevation of Privilege Vulnerability | 2024-01-09 | 7.8 | CVE-2024-20698 secure@microsoft.com |
microsoft -- windows_10_1809 | Windows Hyper-V Remote Code Execution Vulnerability | 2024-01-09 | 7.5 | CVE-2024-20700 secure@microsoft.com |
microsoft -- windows_10_1809 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2024-01-09 | 7.8 | CVE-2024-21310 secure@microsoft.com |
microsoft -- windows_10_21h2 | Windows Subsystem for Linux Elevation of Privilege Vulnerability | 2024-01-09 | 7.8 | CVE-2024-20681 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft ODBC Driver Remote Code Execution Vulnerability | 2024-01-09 | 8 | CVE-2024-20654 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows HTML Platforms Security Feature Bypass Vulnerability | 2024-01-09 | 7.5 | CVE-2024-20652 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Windows Group Policy Elevation of Privilege Vulnerability | 2024-01-09 | 7 | CVE-2024-20657 secure@microsoft.com |
microsoft -- windows_10_version_1809 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | 2024-01-09 | 7.8 | CVE-2024-20658 secure@microsoft.com |
microsoft -- windows_11_21h2 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-01-09 | 7.8 | CVE-2024-21309 secure@microsoft.com |
microsoft -- windows_11_22h2 | Windows Libarchive Remote Code Execution Vulnerability | 2024-01-09 | 7.3 | CVE-2024-20697 secure@microsoft.com |
microsoft -- windows_server_2022,23h2_edition_(server_core_installation) | Microsoft Common Log File System Elevation of Privilege Vulnerability | 2024-01-09 | 7.8 | CVE-2024-20653 secure@microsoft.com |
microsoft -- windows_server_2022_23h2 | Win32k Elevation of Privilege Vulnerability | 2024-01-09 | 7.8 | CVE-2024-20686 secure@microsoft.com |
motopress -- getwid_-_gutenberg_blocks | Any unauthenticated user may send e-mail from the site with any title or content to the admin | 2024-01-08 | 7.5 | CVE-2023-6042 contact@wpscan.com |
mtrv -- teachpress | Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. | 2024-01-05 | 8.8 | CVE-2023-52129 audit@patchstack.com |
ncast_project -- ncast | A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872. | 2024-01-08 | 7.5 | CVE-2024-0305 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
netscout -- ngeniusone | An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. | 2024-01-09 | 9.8 | CVE-2023-26999 cve@mitre.org cve@mitre.org cve@mitre.org |
nginx-ui --nginx-ui | Nginx-UI is an online statistic for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9. | 2024-01-11 | 7 | CVE-2024-22196 security-advisories@github.com security-advisories@github.com |
nginx-ui --nginx-ui | Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9. | 2024-01-11 | 7.7 | CVE-2024-22197 security-advisories@github.com security-advisories@github.com |
nginx-ui --nginx-ui | Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9. | 2024-01-11 | 7.1 | CVE-2024-22198 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
ninjateam -- fastdup | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup - Fastest WordPress Migration & Duplicator.This issue affects FastDup - Fastest WordPress Migration & Duplicator: from n/a through 2.1.7. | 2024-01-08 | 7.5 | CVE-2023-51406 audit@patchstack.com |
nitropack -- nitropack | Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack - Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack - Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2. | 2024-01-05 | 8.8 | CVE-2023-52121 audit@patchstack.com |
nvidia -- dgx_a100 | NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service. | 2024-01-12 | 7.5 | CVE-2023-31032 psirt@nvidia.com |
nvidia -- dgx_a100 | NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 2024-01-12 | 7.5 | CVE-2023-31035 psirt@nvidia.com |
nvidia -- dgx_a100 | NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | 2024-01-12 | 9 | CVE-2023-31024 psirt@nvidia.com |
nvidia -- dgx_a100 | NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | 2024-01-12 | 9.3 | CVE-2023-31029 psirt@nvidia.com |
nvidia -- dgx_a100 | NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | 2024-01-12 | 9.3 | CVE-2023-31030 psirt@nvidia.com |
nvidia -- triton_inference_server | NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2024-01-12 | 7.5 | CVE-2023-31036 psirt@nvidia.com |
omron -- cj-series/cs-series_cpu_modules | An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files form the PLC internal memory and memory card. | 2024-01-10 | 8.6 | CVE-2022-45794 ot-cert@dragos.com ot-cert@dragos.com |
onenav -- onenav | A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability. | 2024-01-07 | 9.8 | CVE-2023-7210 nvd@nist.gov cna@vuldb.com cna@vuldb.com cna@vuldb.com |
online_food_ordering_system_project -- online_food_ordering_system | A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. | 2024-01-05 | 9.8 | CVE-2024-0247 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
open-xchange -- ox_app_suite | The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known. | 2024-01-08 | 9.6 | CVE-2023-29050 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
open-xchange -- ox_app_suite | A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known. | 2024-01-08 | 8.8 | CVE-2023-29048 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
open-xchange -- ox_app_suite | User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known. | 2024-01-08 | 8.1 | CVE-2023-29051 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
openvpn -- connect | OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable | 2024-01-08 | 7.8 | CVE-2023-7224 security@openvpn.net |
oretnom23 -- clinic_queuing_system | A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820. | 2024-01-07 | 9.8 | CVE-2024-0264 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
oretnom23 -- clinic_queuing_system | A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability. | 2024-01-07 | 8.8 | CVE-2024-0265 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
ovation -- dynamic_content_for_elementor | Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5. | 2024-01-05 | 8.8 | CVE-2023-52150 audit@patchstack.com |
phome -- empirecms | SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function. | 2024-01-09 | 7.2 | CVE-2023-50162 cve@mitre.org |
phpgurukul -- dairy_farm_shop_management_system | A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. | 2024-01-10 | 9.8 | CVE-2024-0355 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- hospital_management_system | A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127. | 2024-01-10 | 9.8 | CVE-2024-0360 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- hospital_management_system | A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128. | 2024-01-10 | 9.8 | CVE-2024-0361 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- hospital_management_system | A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability. | 2024-01-10 | 9.8 | CVE-2024-0362 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- hospital_management_system | A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability. | 2024-01-10 | 9.8 | CVE-2024-0363 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
phpgurukul -- hospital_management_system | A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131. | 2024-01-10 | 9.8 | CVE-2024-0364 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
presstigers -- simple_job_board | Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. | 2024-01-05 | 8.8 | CVE-2023-52122 audit@patchstack.com |
prestashow -- google_integrator | Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies. | 2024-01-08 | 9.1 | CVE-2023-6921 cvd@cert.pl cvd@cert.pl cvd@cert.pl |
ptc -- kepware_kepserverex | An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. | 2024-01-10 | 7.8 | CVE-2023-29445 ot-cert@dragos.com ot-cert@dragos.com ot-cert@dragos.com |
puma -- puma | Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8. | 2024-01-08 | 7.5 | CVE-2024-21647 security-advisories@github.com security-advisories@github.com |
pyload -- pyload | pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. | 2024-01-08 | 8.8 | CVE-2023-47890 cve@mitre.org cve@mitre.org |
pyload -- pyload | pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77. | 2024-01-08 | 7.5 | CVE-2024-21644 security-advisories@github.com security-advisories@github.com |
qnap -- qcalagent | An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later | 2024-01-05 | 8.8 | CVE-2023-41289 security@qnapsecurity.com.tw |
qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later | 2024-01-05 | 7.2 | CVE-2023-39294 security@qnapsecurity.com.tw |
qnap -- qts | A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later | 2024-01-05 | 7.5 | CVE-2023-39296 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 7.2 | CVE-2023-45039 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 7.2 | CVE-2023-45040 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 7.2 | CVE-2023-45041 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 7.2 | CVE-2023-45042 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 7.2 | CVE-2023-45043 security@qnapsecurity.com.tw |
qnap -- qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later | 2024-01-05 | 7.2 | CVE-2023-45044 security@qnapsecurity.com.tw |
qnap -- qumagie | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | 2024-01-05 | 8.8 | CVE-2023-47219 security@qnapsecurity.com.tw |
qnap -- qumagie | An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | 2024-01-05 | 8.8 | CVE-2023-47560 security@qnapsecurity.com.tw |
qnap -- video_station | A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later | 2024-01-05 | 8.8 | CVE-2023-41287 security@qnapsecurity.com.tw |
qnap -- video_station | An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later | 2024-01-05 | 8.8 | CVE-2023-41288 security@qnapsecurity.com.tw |
redis -- redis | Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. | 2024-01-10 | 8.1 | CVE-2023-41056 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
reputeinfosystems -- armember | Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember - Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember - Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. | 2024-01-08 | 9.8 | CVE-2023-52200 audit@patchstack.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user ("root") via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. | 2024-01-10 | 8.1 | CVE-2023-48243 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. | 2024-01-10 | 8.1 | CVE-2023-48250 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. | 2024-01-10 | 8.1 | CVE-2023-48251 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. | 2024-01-10 | 8.8 | CVE-2023-48252 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users' password hashes or update them with arbitrary values and access their accounts. | 2024-01-10 | 8.8 | CVE-2023-48253 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | 2024-01-10 | 8.1 | CVE-2023-48262 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | 2024-01-10 | 8.1 | CVE-2023-48263 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | 2024-01-10 | 8.1 | CVE-2023-48264 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | 2024-01-10 | 8.1 | CVE-2023-48265 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. | 2024-01-10 | 8.1 | CVE-2023-48266 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request. | 2024-01-10 | 7.8 | CVE-2023-48257 psirt@bosch.com |
sap -- gui_connector | Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality. | 2024-01-09 | 7.5 | CVE-2024-22125 cna@sap.com cna@sap.com |
sap -- lt_replication_server | SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system. | 2024-01-09 | 7.2 | CVE-2024-21735 cna@sap.com cna@sap.com |
sap_se -- sap_application_interface_framework_(file_adapter) | In SAP Application Interface Framework File Adapter - version 702, high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behavior of the application. This leads to considerable impact on confidentiality, integrity and availability. | 2024-01-09 | 8.4 | CVE-2024-21737 cna@sap.com cna@sap.com |
schneider_electric -- easergy_studio | A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. | 2024-01-09 | 7.8 | CVE-2023-7032 cybersecurity@se.com |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-51439 productcert@siemens.com |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-51745 productcert@siemens.com |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-51746 productcert@siemens.com |
siemens -- simatic_cn_4100 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up. | 2024-01-09 | 9.8 | CVE-2023-49251 productcert@siemens.com |
siemens -- simatic_cn_4100 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate installation" system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. | 2024-01-09 | 9.8 | CVE-2023-49621 productcert@siemens.com |
siemens -- simatic_cn_4100 | A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. | 2024-01-09 | 7.5 | CVE-2023-49252 productcert@siemens.com |
siemens -- simatic_ipc1047e | A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish; server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access. | 2F024-01-09 | 10 | CVE-2023-51438 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49121 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49122 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49123 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49124 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49126 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49127 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49128 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49129 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49130 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49131 productcert@siemens.com |
siemens -- solid_edge_se2023 | A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. | 2024-01-09 | 7.8 | CVE-2023-49132 productcert@siemens.com |
siemens -- spectrum_power_7 | A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access. | 2024-01-09 | 7.8 | CVE-2023-44120 productcert@siemens.com |
smartersite -- wp_compress_image_optimizer_[all-in-one] | The WP Compress - Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-01-11 | 9.1 | CVE-2023-6699 security@wordfence.com security@wordfence.com |
smashballoon -- custom_twitter_feeds | Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds - A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds - A Tweets Widget or X Feed Widget: from n/a through 2.1.2. | 2024-01-05 | 8.8 | CVE-2023-52136 audit@patchstack.com |
snapcreek -- duplicator | The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. | 2024-01-08 | 9.8 | CVE-2018-25095 contact@wpscan.com |
studip -- stud.ip | Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. | 2024-01-08 | 9 | CVE-2023-50982 cve@mitre.org cve@mitre.org cve@mitre.org |
stylishpricelist -- stylish_price_list | Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List - Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List - Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17. | 2024-01-05 | 9.8 | CVE-2023-51673 audit@patchstack.com |
subnet -- powersystem_center | PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | 2024-01-08 | 7.8 | CVE-2023-6631 ics-cert@hq.dhs.gov ics-cert@hq.dhs.gov |
surajghosh -- hospital_management_system | A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823. | 2024-01-07 | 9.8 | CVE-2024-0267 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
surajghosh -- hospital_management_system | A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824. | 2024-01-07 | 9.8 | CVE-2024-0268 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
svnlabs -- html5_mp3_player_with_folder_feedburner_playlist_free | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0. | 2024-01-08 | 7.2 | CVE-2023-52202 audit@patchstack.com |
svnlabs -- html5_mp3_player_with_playlist_free | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0. | 2024-01-08 | 8.8 | CVE-2023-52207 audit@patchstack.com |
svnlabs -- html5_soundcloud_player_with_playlist_free | Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0. | 2024-01-08 | 7.2 | CVE-2023-52205 audit@patchstack.com |
taggbox -- taggbox | Deserialization of Untrusted Data vulnerability in Tagbox Tagbox - UGC Galleries, Social Media Widgets, User Reviews & Analytics. This issue affects Tagbox - UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. | 2024-01-08 | 9.8 | CVE-2023-52225 audit@patchstack.com |
taokeyun --taokeyun | A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584. | 2024-01-13 | 7.3 | CVE-2024-0479 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
taokeyun --taokeyun | A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability. | 2024-01-13 | 7.3 | CVE-2024-0480 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tenda -- a18_firmware | Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | 2024-01-09 | 9.8 | CVE-2023-50585 cve@mitre.org |
tenda -- ax12_firmware | Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. | 2024-01-10 | 7.5 | CVE-2023-49427 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. | 2024-01-10 | 9.8 | CVE-2023-51952 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. | 2024-01-10 | 9.8 | CVE-2023-51953 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. | 2024-01-10 | 9.8 | CVE-2023-51954 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. | 2024-01-10 | 9.8 | CVE-2023-51955 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv | 2024-01-10 | 9.8 | CVE-2023-51956 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. | 2024-01-10 | 9.8 | CVE-2023-51957 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. | 2024-01-10 | 9.8 | CVE-2023-51958 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. | 2024-01-10 | 9.8 | CVE-2023-51959 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. | 2024-01-10 | 9.8 | CVE-2023-51960 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. | 2024-01-10 | 9.8 | CVE-2023-51961 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. | 2024-01-10 | 9.8 | CVE-2023-51962 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. | 2024-01-10 | 9.8 | CVE-2023-51963 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. | 2024-01-10 | 9.8 | CVE-2023-51964 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. | 2024-01-10 | 9.8 | CVE-2023-51965 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. | 2024-01-10 | 9.8 | CVE-2023-51966 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo. | 2024-01-10 | 9.8 | CVE-2023-51967 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. | 2024-01-10 | 9.8 | CVE-2023-51968 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo. | 2024-01-10 | 9.8 | CVE-2023-51969 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. | 2024-01-10 | 9.8 | CVE-2023-51970 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. | 2024-01-10 | 9.8 | CVE-2023-51971 cve@mitre.org |
tenda -- ax1803_firmware | Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. | 2024-01-10 | 9.8 | CVE-2023-51972 cve@mitre.org |
tenda -- i29_firmware | Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. | 2024-01-05 | 7.5 | CVE-2023-50991 cve@mitre.org |
themepunch -- slider_revolution | The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. | 2024-01-08 | 8.8 | CVE-2023-6528 contact@wpscan.com |
thimpress -- learnpress_wordpress_lms_plugin | The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-01-11 | 9.8 | CVE-2023-6567 security@wordfence.com security@wordfence.com |
tianocore -- edk2 | EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | 2024-01-09 | 7 | CVE-2022-36763 infosec@edk2.groups.io |
tianocore -- edk2 | EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | 2024-01-09 | 7 | CVE-2022-36764 infosec@edk2.groups.io |
tianocore -- edk2 | EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | 2024-01-09 | 7 | CVE-2022-36765 infosec@edk2.groups.io |
tinowagner -- jupyter_notebook_viewer | nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. | 2024-01-05 | 9.8 | CVE-2023-51277 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
totolink -- lr1200gb_firmware | A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 9.8 | CVE-2024-0292 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- lr1200gb_firmware | A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 9.8 | CVE-2024-0293 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- lr1200gb_firmware | A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 9.8 | CVE-2024-0294 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- lr1200gb_firmware | A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 9.8 | CVE-2024-0295 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- lr1200gb_firmware | A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 8.8 | CVE-2024-0291 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- n200re_firmware | A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 9.8 | CVE-2024-0296 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- n200re_firmware | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 9.8 | CVE-2024-0297 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- n200re_firmware | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 9.8 | CVE-2024-0298 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- n200re_firmware | A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 9.8 | CVE-2024-0299 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- n350rt_firmware | A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-09 | 9.8 | CVE-2023-7219 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- n350rt_firmware | A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-07 | 8.8 | CVE-2023-7213 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- n350rt_firmware | A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-07 | 8.8 | CVE-2023-7214 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- n350rt_firmware | A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-08 | 7.2 | CVE-2023-7218 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- nr1800x_firmware | A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-09 | 9.8 | CVE-2023-7220 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- t6_firmware | A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-09 | 9.8 | CVE-2023-7221 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- x2000r_firmware | A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-07 | 9.8 | CVE-2023-7208 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
totolink -- x2000r_firmware | A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-09 | 9.8 | CVE-2023-7222 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tp-link -- tapo | TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. | 2024-01-09 | 7.5 | CVE-2023-27098 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
trellix -- agent | A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. | 2024-01-09 | 7.8 | CVE-2024-0213 trellixpsirt@trellix.com |
trellix -- anti-malware_engine | A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files | 2024-01-09 | 7.1 | CVE-2024-0206 trellixpsirt@trellix.com |
trendnet -- tv-ip1314pi_firmware | An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command. | 2024-01-09 | 9.8 | CVE-2023-49235 cve@mitre.org cve@mitre.org |
trendnet -- tv-ip1314pi_firmware | A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during a sscanf of a user-entered scale field in the RTSP playback function of davinci. | 2024-01-09 | 9.8 | CVE-2023-49236 cve@mitre.org cve@mitre.org |
uniwayinfo -- uw-302vp_firmware | A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-07 | 8.1 | CVE-2023-7211 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
uniwayinfo -- uw-302vp_firmware | A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boaform/device_reset.cgi of the component Device Reset Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249758 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-07 | 7.5 | CVE-2023-7209 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
wallix -- bastion | WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure. | 2024-01-08 | 7.5 | CVE-2023-49961 cve@mitre.org |
wazuh -- wazuh | Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3. | 2024-01-12 | 7.4 | CVE-2023-42463 security-advisories@github.com |
wiselyhub -- js_help_desk | Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin.This issue affects JS Help Desk - Best Help Desk & Support Plugin: from n/a through 2.7.1. | 2024-01-05 | 9.8 | CVE-2022-46839 audit@patchstack.com |
wordpress -- wordpress | Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway. This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. | 2024-01-05 | 9.8 | CVE-2023-51502 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Simple Inventory Management - just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management - just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1. | 2024-01-08 | 9.8 | CVE-2023-52215 audit@patchstack.com |
wordpress -- wordpress | Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway. This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8. | 2024-01-08 | 9.8 | CVE-2023-52218 audit@patchstack.com |
wordpress -- wordpress | Missing Authorization vulnerability in Rymera Web Co Wholesale Suite - WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite - WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5. | 2024-01-08 | 8.8 | CVE-2022-34344 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1. | 2024-01-05 | 8.8 | CVE-2023-52127 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label - WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label - WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0. | 2024-01-05 | 8.8 | CVE-2023-52128 audit@patchstack.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1. | 2024-01-08 | 8.8 | CVE-2023-52142 audit@patchstack.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. | 2024-01-08 | 8.8 | CVE-2023-52222 audit@patchstack.com |
wordpress -- wordpress | The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user's password via a forged request granted they can trick the user into performing an action such as clicking on a link. | 2024-01-11 | 8.8 | CVE-2023-5448 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site. | 2024-01-11 | 8.7 | CVE-2023-5504 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. | 2024-01-08 | 8.8 | CVE-2023-6140 contact@wpscan.com |
wordpress -- wordpress | The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-01-11 | 8.1 | CVE-2023-6220 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution. | 2024-01-11 | 8.1 | CVE-2023-6634 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks | 2024-01-08 | 8.8 | CVE-2023-6845 contact@wpscan.com contact@wpscan.com |
wordpress -- wordpress | The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. | 2024-01-11 | 8.8 | CVE-2023-6878 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel - Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel - Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3. | 2024-01-08 | 7.5 | CVE-2023-51408 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37. | 2024-01-05 | 7.5 | CVE-2023-52143 audit@patchstack.com |
wordpress -- wordpress | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. | 2024-01-08 | 7.5 | CVE-2023-52190 audit@patchstack.com |
wordpress -- wordpress | The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell. | 2024-01-08 | 7.2 | CVE-2023-5957 contact@wpscan.com |
wordpress -- wordpress | The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data | 2024-01-08 | 7.5 | CVE-2023-6383 contact@wpscan.com |
wordpress -- wordpress | The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files. | 2024-01-08 | 7.5 | CVE-2023-6505 contact@wpscan.com |
wordpress -- wordpress | The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-01-11 | 7.2 | CVE-2023-6558 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-01-11 | 7.2 | CVE-2023-6636 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode. | 2024-01-11 | 7.3 | CVE-2023-6751 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Contact Form, Survey & Popup Form Plugin for WordPress - ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ' arf_http_referrer_url' parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 7.2 | CVE-2023-6828 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-01-11 | 9.8 | CVE-2023-6979 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more. | 2024-01-11 | 7.5 | CVE-2023-6266 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wow-company -- floating_button | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0. | 2024-01-05 | 8.8 | CVE-2023-52149 audit@patchstack.com |
wp-blogs-planetarium_project -- wp-blogs-planetarium | The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2024-01-08 | 8.8 | CVE-2023-6532 contact@wpscan.com contact@wpscan.com |
wpaffiliatemanager -- affiliates_manager | Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. | 2024-01-05 | 8.8 | CVE-2023-52130 audit@patchstack.com |
wpchill -- download_monitor | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. | 2024-01-08 | 7.5 | CVE-2022-45354 audit@patchstack.com |
wpexpertsio -- post_smtp_the_#1_wordpress_smtp_plugin_with_advanced_email_logging_and_delivery_failure_notifications | The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. | 2024-01-11 | 9.8 | CVE-2023-6875 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wpjobportal -- wp_job_portal | Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.This issue affects WP Job Portal - A Complete Job Board: from n/a through 2.0.6. | 2024-01-05 | 8.8 | CVE-2023-52184 audit@patchstack.com |
wpmudev -- defender_security | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security - Malware Scanner, Login Security & Firewall.This issue affects Defender Security - Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. | 2024-01-08 | 7.5 | CVE-2023-51490 audit@patchstack.com |
wpzone -- inline_image_upload_for_bbpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18. | 2024-01-05 | 8.8 | CVE-2023-51668 audit@patchstack.com |
wwbn -- avideo | A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | 2024-01-10 | 8.5 | CVE-2023-48730 talos-cna@cisco.com |
wwbn -- avideo | An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability. | 2024-01-10 | 8.8 | CVE-2023-49589 talos-cna@cisco.com |
wwbn -- avideo | A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | 2024-01-10 | 9 | CVE-2023-47861 talos-cna@cisco.com |
wwbn -- avideo | A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. | 2024-01-10 | 9.8 | CVE-2023-47862 talos-cna@cisco.com |
wwbn -- avideo | A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | 2024-01-10 | 9.6 | CVE-2023-48728 talos-cna@cisco.com |
wwbn -- avideo | An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user. | 2024-01-10 | 9.8 | CVE-2023-49599 talos-cna@cisco.com |
wwbn -- avideo | An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. | 2024-01-10 | 7.5 | CVE-2023-49738 talos-cna@cisco.com |
wwbn -- avideo | A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. | 2024-01-10 | 7.3 | CVE-2023-49810 talos-cna@cisco.com |
xen -- xen | For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn't large enough. | 2024-01-05 | 7.8 | CVE-2023-34322 security@xen.org |
xen -- xen | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. After further analisys the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project ("An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub's XFS file system implementation.") CVE-2023-34325 refers specifically to the vulnerabilities in Xen's copy of libfsimage, which is decended from a very old version of grub. | 2024-01-05 | 7.8 | CVE-2023-34325 security@xen.org |
xen -- xen | The caching invalidation guidelines from the AMD-Vi specification (48882-Rev 3.07-PUB-Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions. | 2024-01-05 | 7.8 | CVE-2023-34326 security@xen.org |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1. | 2024-01-08 | 9.8 | CVE-2024-21650 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. | 2024-01-09 | 8.8 | CVE-2024-21648 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
yevhenkotelnytskyi -- js_\&_css_script_optimizer | Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3. | 2024-01-08 | 8.8 | CVE-2023-52216 audit@patchstack.com |
youke365 -- youke_365 | A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability. | 2024-01-08 | 9.8 | CVE-2024-0303 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
youke365 -- youke_365 | A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871. | 2024-01-08 | 9.8 | CVE-2024-0304 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
zohocorp -- manageengine_firewall_analyzer | A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. | 2024-01-08 | 8.6 | CVE-2023-47211 talos-cna@cisco.com talos-cna@cisco.com |
zoom_video_communications_inc. -- zoom_desktop_client_for_windows/zoom_vdi_client_for_windows/zoom_sdks_for_windows | Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access. | 2024-01-12 | 8.8 | CVE-2023-49647 security@zoom.us |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
react-native-mmkv--react-native-mmkv | react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0. | 2024-01-09 | 4.4 | CVE-2024-21668 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
acritum -- femitter_server | A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability. | 2024-01-12 | 4.3 | CVE-2010-10011 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
adobe -- substance3d_stager | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-01-10 | 5.5 | CVE-2024-20714 psirt@adobe.com |
adobe -- substance3d_stager | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-01-10 | 5.5 | CVE-2024-20715 psirt@adobe.com |
adobe -- substance_3d_stager | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-01-10 | 5.5 | CVE-2024-20710 psirt@adobe.com |
adobe -- substance_3d_stager | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-01-10 | 5.5 | CVE-2024-20711 psirt@adobe.com |
adobe -- substance_3d_stager | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-01-10 | 5.5 | CVE-2024-20712 psirt@adobe.com |
adobe -- substance_3d_stager | Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-01-10 | 5.5 | CVE-2024-20713 psirt@adobe.com |
ajexperience -- 404_solution | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0. | 2024-01-05 | 5.3 | CVE-2023-52146 audit@patchstack.com |
apollo --apollo | A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive. | 2024-01-12 | 4.3 | CVE-2022-4962 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
apple -- macos | This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14. An app may be able to access user-sensitive data. | 2024-01-10 | 5.5 | CVE-2023-40411 product-security@apple.com |
apple -- macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access removable volumes without user consent. | 2024-01-10 | 5.5 | CVE-2023-40430 product-security@apple.com |
apple -- macos | This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | 2024-01-10 | 5.5 | CVE-2023-41987 product-security@apple.com |
apple -- macos | A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. A camera extension may be able to access the camera view from apps other than the app for which it was granted permission. | 2024-01-10 | 5.5 | CVE-2023-41994 product-security@apple.com |
apple -- macos | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to access protected user data. | 2024-01-10 | 5.5 | CVE-2023-42929 product-security@apple.com |
appwrite -- command_line_interface | In Appwrite CLI before 3.0.0, when using the login command, the credentials of the Appwrite user are stored in a ~/.appwrite/prefs.json file with 0644 as UNIX permissions. Any user of the local system can access those credentials. | 2024-01-09 | 5.5 | CVE-2023-50974 cve@mitre.org cve@mitre.org |
arm -- valhall_gpu_kernel_driver | Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. This issue affects Valhall GPU Kernel Driver: from r37p0 through r40p0. | 2024-01-08 | 5.5 | CVE-2023-5091 arm-security@arm.com |
austin --austin | A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619. | 2024-01-13 | 5.5 | CVE-2024-0505 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
autelrobotics -- evo_nano_drone_firmware | Autel EVO NANO drone flight control firmware version 1.6.5 is vulnerable to denial of service (DoS). | 2024-01-06 | 5.7 | CVE-2023-50121 cve@mitre.org |
ava -- teaching_video_application_service_platform | Cross Site Scripting (XSS) vulnerability in AVA teaching video application service platform version 3.1, allows remote attackers to execute arbitrary code via a crafted script to ajax.aspx. | 2024-01-06 | 6.1 | CVE-2023-50609 cve@mitre.org |
blood_bank_&_donor_management --blood_bank_&_donor_management | A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564. | 2024-01-12 | 4.7 | CVE-2024-0459 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
campcodes -- student_information_system | A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250602 is the identifier assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0497 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
cformsii_project -- cformsii | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5. | 2024-01-08 | 4.8 | CVE-2023-52203 audit@patchstack.com |
chanzhaoyu -- chatgpt_web | A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input <image src onerror=prompt(document.domain)> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249779. | 2024-01-08 | 6.1 | CVE-2023-7215 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
chromiumembedded -- cef | CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e. | 2024-01-12 | 5.3 | CVE-2024-21639 security-advisories@github.com security-advisories@github.com |
chromiumembedded -- cef | Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e. | 2024-01-13 | 5.4 | CVE-2024-21640 security-advisories@github.com security-advisories@github.com |
code-projects -- dormitory_management_system | A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability. | 2024-01-12 | 6.3 | CVE-2024-0473 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- dormitory_management_system | A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580. | 2024-01-13 | 6.3 | CVE-2024-0475 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- employee_profile_management_system | A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571. | 2024-01-12 | 5.5 | CVE-2024-0466 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- faculty_management_system | A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability. | 2024-01-12 | 6.3 | CVE-2024-0460 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- fighting_c***_information_system | A vulnerability has been found in code-projects Fighting C*** Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability. | 2024-01-12 | 6.3 | CVE-2024-0468 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- fighting_c***_information_system | A vulnerability has been found in code-projects Fighting C*** Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250582 is the identifier assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0477 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- fighting_c***_information_system | A vulnerability was found in code-projects Fighting C*** Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/edit_chicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250583. | 2024-01-13 | 6.3 | CVE-2024-0478 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- fighting_c***_information_system | A vulnerability, which was classified as critical, has been found in code-projects Fighting C*** Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250589 was assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0484 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- fighting_c***_information_system | A vulnerability, which was classified as critical, was found in code-projects Fighting C*** Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0485 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- fighting_c***_information_system | A vulnerability has been found in code-projects Fighting C*** Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/add_con.php. The manipulation of the argument chicken leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250591. | 2024-01-13 | 6.3 | CVE-2024-0486 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- fighting_c***_information_system | A vulnerability was found in code-projects Fighting C*** Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250592. | 2024-01-13 | 6.3 | CVE-2024-0487 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- fighting_c***_information_system | A vulnerability was found in code-projects Fighting C*** Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument type_feed leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250593 was assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0488 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- fighting_c***_information_system | A vulnerability was found in code-projects Fighting C*** Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0489 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- human_resource_integrated_system | A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability. | 2024-01-12 | 6.3 | CVE-2024-0469 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- human_resource_integrated_system | A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575. | 2024-01-12 | 6.3 | CVE-2024-0470 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- human_resource_integrated_system | A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576. | 2024-01-12 | 6.3 | CVE-2024-0471 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- online_faculty_clearance | A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability. | 2024-01-12 | 6.3 | CVE-2024-0461 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- online_faculty_clearance | A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567. | 2024-01-12 | 6.3 | CVE-2024-0462 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- online_faculty_clearance | A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568. | 2024-01-12 | 6.3 | CVE-2024-0463 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- online_faculty_clearance | A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability. | 2024-01-12 | 6.3 | CVE-2024-0464 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
codecabin -- wp_go_maps | The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site. | 2024-01-08 | 6.1 | CVE-2023-6627 contact@wpscan.com contact@wpscan.com |
deshang -- dscms | A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability. | 2024-01-11 | 5.3 | CVE-2024-0414 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
deshang -- dskms | A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability. | 2024-01-11 | 5.3 | CVE-2024-0413 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
deshang -- dsmall | A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435. | 2024-01-11 | 6.3 | CVE-2024-0415 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
deshang -- dsmall | A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431. | 2024-01-11 | 5.3 | CVE-2024-0411 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
deshang -- dsmall | A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436. | 2024-01-11 | 5.4 | CVE-2024-0416 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
deshang -- dsshop | A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432. | 2024-01-11 | 5.3 | CVE-2024-0412 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
deshang -- dsshop | A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the argument member_info leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250437 was assigned to this vulnerability. | 2024-01-11 | 5.4 | CVE-2024-0417 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
discourse -- discourse | Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4. | 2024-01-12 | 4.3 | CVE-2024-21655 security-advisories@github.com |
dlink -- r15_firmware | D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. This allows attackers to arbitrarily access any services running on the device that may be inadvertently listening via IPv6. | 2024-01-10 | 5.3 | CVE-2023-41603 cve@mitre.org |
download-station --download-station | A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability. | 2024-01-10 | 5.3 | CVE-2024-0354 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
dso2o --dso2o | A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This affects an unknown part of the file /install/install.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250125 was assigned to this vulnerability. | 2024-01-10 | 5.3 | CVE-2024-0358 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
dzzoffice -- dzzoffice | SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. | 2024-01-06 | 6.5 | CVE-2023-39853 cve@mitre.org |
easyxdm -- easyxdm | easyXDM 2.5 allows XSS via the xdm_e parameter. | 2024-01-08 | 6.1 | CVE-2023-27739 cve@mitre.org |
elan -- dell_inspiron | ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform. | 2024-01-12 | 6 | CVE-2024-0454 36106deb-8e95-420b-a0a0-e70af5d245df |
engineers_online_portal_project -- engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability. | 2024-01-09 | 5.3 | CVE-2024-0349 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
eva -- eva | A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250124. | 2024-01-10 | 5.5 | CVE-2024-0357 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
ewels -- cpt_bootstrap_carousel | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS. This issue affects CPT Bootstrap Carousel: from n/a through 1.12. | 2024-01-08 | 6.1 | CVE-2023-52196 audit@patchstack.com |
firefly-iii -- firefly_iii | Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. | 2024-01-05 | 6.1 | CVE-2024-22075 cve@mitre.org |
fortinet -- fortipam | An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency. | 2024-01-10 | 4.3 | CVE-2023-37934 psirt@fortinet.com |
fortinet -- fortiportal | An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | 2024-01-10 | 5.4 | CVE-2023-48783 psirt@fortinet.com |
fortinet -- fortivoice | An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests | 2024-01-10 | 6.5 | CVE-2023-37932 psirt@fortinet.com |
foru -- cms | A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250445 was assigned to this vulnerability. | 2024-01-11 | 6.3 | CVE-2024-0426 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
foru -- cms | A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444. | 2024-01-11 | 5.3 | CVE-2024-0425 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
get-simple -- getsimplecms | A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. | 2024-01-08 | 5.4 | CVE-2023-51246 cve@mitre.org cve@mitre.org |
gitlab -- gitlab | An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. | 2024-01-12 | 6.6 | CVE-2023-6955 cve@gitlab.com |
hamidrezasepehr -- wp_custom_cursors_\|_wordpress_cursor_plugin | The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-01-08 | 4.8 | CVE-2023-5911 contact@wpscan.com |
huaxia -- erp | A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595. | 2024-01-13 | 5.3 | CVE-2024-0490 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
huaxia -- erp | A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596. | 2024-01-13 | 5.3 | CVE-2024-0491 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
i13websolution -- email_subscription_popup | The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-01-08 | 6.1 | CVE-2023-6555 contact@wpscan.com |
ibm -- aix | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the pmsvcs kernel extension to cause a denial of service. IBM X-Force ID: 267967. | 2024-01-11 | 6.2 | CVE-2023-45169 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- aix | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the kernel to cause a denial of service. IBM X-Force ID: 267969. | 2024-01-11 | 6.2 | CVE-2023-45171 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- aix | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971. | 2024-01-11 | 6.2 | CVE-2023-45173 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- aix | IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973. | 2024-01-11 | 6.2 | CVE-2023-45175 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance | IBM Security Access Manager Appliance (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain sensitive configuration information. IBM X-Force ID: 260584. | 2024-01-11 | 6.2 | CVE-2023-38267 psirt@us.ibm.com psirt@us.ibm.com |
ibm -- security_verify_access_appliance | IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) temporarily stores sensitive information in files that could be accessed by a local user. IBM X-Force ID: 254653. | 2024-01-11 | 5.1 | CVE-2023-31001 psirt@us.ibm.com psirt@us.ibm.com |
icewarp -- icewarp | A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-05 | 6.1 | CVE-2024-0246 cna@vuldb.com cna@vuldb.com |
iframe_project -- iframe | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8. | 2024-01-05 | 5.4 | CVE-2023-52125 audit@patchstack.com |
impactpixel -- ads_invalid_click_protection | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.This issue affects Ads Invalid Click Protection: from n/a through 1.0. | 2024-01-08 | 4.8 | CVE-2023-52197 audit@patchstack.com |
infoblox -- nios | A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. | 2024-01-09 | 5.4 | CVE-2022-28975 cve@mitre.org cve@mitre.org |
inis -- inis | A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown function of the file /app/api/controller/default/Sqlite.php. The manipulation of the argument sql leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250110 is the identifier assigned to this vulnerability. | 2024-01-09 | 6.3 | CVE-2024-0342 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
isharer_and_upredsun -- file_sharing_wizard | A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability. | 2024-01-11 | 5.3 | CVE-2024-0418 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
jasper -- httpdx | A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439. | 2024-01-11 | 5.3 | CVE-2024-0419 cna@vuldb.com cna@vuldb.com cna@vuldb.com cna@vuldb.com |
jetbrains -- youtrack | In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible | 2024-01-09 | 5.4 | CVE-2024-22370 cve@jetbrains.com |
juniper_networks -- junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R2. | 2024-01-12 | 6.5 | CVE-2023-36842 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation. user@junos> show system processes extensive | match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive | match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. | 2024-01-12 | 6.5 | CVE-2024-21587 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2. | 2024-01-12 | 6.5 | CVE-2024-21599 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover. Please note that this issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x. Other PTX Series devices and Line Cards (LC) are not affected. The following log message can be seen when the issue occurs: Cmerror Op Set: Host Loopback: HOST LOOPBACK WEDGE DETECTED IN PATH ID <id> (URI: /fpc/<fpc>/pfe/<pfe>/cm/<cm>/Host_Loopback/<cm>/HOST_LOOPBACK_MAKE_CMERROR_ID[<id>]) This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S8; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R2-S2, 22.1R3; * 22.2 versions earlier than 22.2R2-S1, 22.2R3. | 2024-01-12 | 6.5 | CVE-2024-21600 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU statistics are gathered by executing specific SNMP requests or CLI commands, a 'vmcore' for the RE kernel will be seen which leads to a device restart. Continued exploitation of this issue will lead to a sustained DoS. This issue only affects MX Series devices with MPC10, MPC11 or LC9600, and MX304. No other MX Series devices are affected. This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R2; * 22.3 versions earlier than 22.3R2. | 2024-01-12 | 6.5 | CVE-2024-21603 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services. The memory usage can be monitored using the below commands. user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects: Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2. This issue does not affect Junos OS versions earlier than 20.4R3-S7. | 2024-01-12 | 6.5 | CVE-2024-21617 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. | 2024-01-12 | 5.5 | CVE-2024-21594 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. | 2024-01-12 | 5.3 | CVE-2024-21597 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1. | 2024-01-12 | 5.9 | CVE-2024-21601 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os | An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3. | 2024-01-12 | 5.3 | CVE-2024-21607 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os/junos_os_evolved | A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can be monitored using the below command. user@host> show task memory detail | match patroot This issue affects: Juniper Networks Junos OS * All versions earlier than 21.2R3-S3; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-EVO; * 22.1 versions earlier than 22.1R3-EVO; * 22.2 versions earlier than 22.2R3-EVO. | 2024-01-12 | 6.5 | CVE-2024-21613 sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os/junos_os_evolved | An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition. This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable. When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO. | 2024-01-12 | 5.9 | CVE-2024-21585 sirt@juniper.net sirt@juniper.net sirt@juniper.net |
juniper_networks -- junos_os/junos_os_evolved | A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR enabled. This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO. | 2024-01-12 | 5.3 | CVE-2024-21596 sirt@juniper.net sirt@juniper.net |
juzaweb -- cms | juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated. | 2024-01-09 | 4.9 | CVE-2023-46906 cve@mitre.org cve@mitre.org |
jwx -- jwx | jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in version 2.0.19. | 2024-01-09 | 4.3 | CVE-2024-21664 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
kashipara -- billing_software | A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250597 was assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0492 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- billing_software | A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of the argument customer_details leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250598 is the identifier assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0493 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- billing_software | A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file material_bill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250599. | 2024-01-13 | 6.3 | CVE-2024-0494 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- billing_software | A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250600. | 2024-01-13 | 6.3 | CVE-2024-0495 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- billing_software | A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250601 was assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0496 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file item_list_submit.php. The manipulation of the argument item_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249825 was assigned to this vulnerability. | 2024-01-07 | 6.5 | CVE-2024-0270 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file addmaterial_edit.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249826 is the identifier assigned to this vulnerability. | 2024-01-07 | 6.5 | CVE-2024-0271 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827. | 2024-01-07 | 6.5 | CVE-2024-0272 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828. | 2024-01-07 | 6.5 | CVE-2024-0273 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument item_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249829 was assigned to this vulnerability. | 2024-01-07 | 6.5 | CVE-2024-0274 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file item_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249830 is the identifier assigned to this vulnerability. | 2024-01-07 | 6.5 | CVE-2024-0275 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file rawstock_used_damaged_smt.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249831. | 2024-01-07 | 6.5 | CVE-2024-0276 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This vulnerability affects unknown code of the file party_submit.php. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249832. | 2024-01-07 | 6.5 | CVE-2024-0277 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability, which was classified as critical, has been found in Kashipara Food Management System up to 1.0. This issue affects some unknown processing of the file partylist_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249833 was assigned to this vulnerability. | 2024-01-07 | 6.5 | CVE-2024-0278 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file item_list_edit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249834 is the identifier assigned to this vulnerability. | 2024-01-07 | 6.5 | CVE-2024-0279 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835. | 2024-01-07 | 6.5 | CVE-2024-0280 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836. | 2024-01-07 | 6.5 | CVE-2024-0281 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability. | 2024-01-07 | 6.1 | CVE-2024-0282 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability. | 2024-01-07 | 6.1 | CVE-2024-0283 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kashipara -- food_management_system | A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839. | 2024-01-07 | 6.1 | CVE-2024-0284 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
kofax -- capture | The application is vulnerable to Stored Cross-Site Scripting (XSS) in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious JavaScript code. The vulnerability was identified in the function for adding new annotations while editing document content. Reporters inform that the vulnerability has been removed in software versions above 11.1.x. Previous versions may also be vulnerable, but this has not been confirmed. | 2024-01-11 | 5.4 | CVE-2023-5118 cvd@cert.pl cvd@cert.pl |
lif-platforms -- lif-auth-server | Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. The issue relates to the `get_pfp` and `get_banner` routes on Auth Server. The issue is that there is no check to ensure that the file that Auth Server is receiving through these URLs is correct. This could allow an attacker access to files they shouldn't have access to. This issue has been patched in version 1.4.0. | 2024-01-12 | 4.2 | CVE-2023-49801 security-advisories@github.com security-advisories@github.com |
linux -- kernel | It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | 2024-01-08 | 5.3 | CVE-2022-2585 security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com |
linux --kernel | The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067. | 2024-01-08 | 5.5 | CVE-2023-1032 security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com security@ubuntu.com |
linux --kernel | Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g. triggered by removal of a paravirtual device on the other side. As this action will cause console messages to be issued on the other side quite often, the chance of triggering the deadlock is not neglectable. Note that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel on Arm doesn't use queued-RW-locks, which are required to trigger the issue (on Arm32 a waiting writer doesn't block further readers to get the lock). | 2024-01-05 | 4.9 | CVE-2023-34324 security@xen.org security@xen.org security@xen.org |
linux --kernel | A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. | 2024-01-09 | 4.4 | CVE-2024-0340 secalert@redhat.com secalert@redhat.com secalert@redhat.com |
linux --kernel | A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error. | 2024-01-12 | 5.5 | CVE-2024-0443 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
mailmunch -- constant_contact_forms_by_mailmunch | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11. | 2024-01-13 | 6.5 | CVE-2024-22137 audit@patchstack.com |
mapster -- mapster_wp_maps | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Mapster WP Maps allows Stored XSS.This issue affects Mapster WP Maps: from n/a through 1.2.38. | 2024-01-08 | 5.4 | CVE-2024-21744 audit@patchstack.com |
meetyoucrop -- big-whale | A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232. | 2024-01-11 | 6.3 | CVE-2023-7226 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
michielvaneerd -- private_google_calendars | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS.This issue affects Private Google Calendars: from n/a through 20231125. | 2024-01-08 | 5.4 | CVE-2023-52198 audit@patchstack.com |
microsoft -- .net_6.0 | Microsoft Identity Denial of service vulnerability | 2024-01-09 | 6.8 | CVE-2024-21319 secure@microsoft.com |
microsoft -- microsoft_edge_(chromium-based) | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2024-01-11 | 6.3 | CVE-2024-20675 secure@microsoft.com |
microsoft -- microsoft_edge_(chromium-based) | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2024-01-11 | 5.2 | CVE-2024-21337 secure@microsoft.com |
microsoft -- windows_10_1507 | Microsoft Message Queuing Information Disclosure Vulnerability | 2024-01-09 | 6.5 | CVE-2024-20660 secure@microsoft.com |
microsoft -- windows_10_1507 | Windows Message Queuing Client (MSMQC) Information Disclosure | 2024-01-09 | 6.5 | CVE-2024-20663 secure@microsoft.com |
microsoft -- windows_10_1507 | Microsoft Message Queuing Information Disclosure Vulnerability | 2024-01-09 | 6.5 | CVE-2024-20664 secure@microsoft.com |
microsoft -- windows_10_1507 | BitLocker Security Feature Bypass Vulnerability | 2024-01-09 | 6.6 | CVE-2024-20666 secure@microsoft.com |
microsoft -- windows_10_1507 | Windows Message Queuing Client (MSMQC) Information Disclosure | 2024-01-09 | 6.5 | CVE-2024-20680 secure@microsoft.com |
microsoft -- windows_10_1507 | Microsoft Message Queuing Information Disclosure Vulnerability | 2024-01-09 | 6.5 | CVE-2024-21314 secure@microsoft.com |
microsoft -- windows_10_1507 | Windows Themes Spoofing Vulnerability | 2024-01-09 | 6.5 | CVE-2024-21320 secure@microsoft.com |
microsoft -- windows_10_1507 | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 2024-01-09 | 5.7 | CVE-2024-20692 secure@microsoft.com |
microsoft -- windows_10_1507 | Windows Cryptographic Services Information Disclosure Vulnerability | 2024-01-09 | 5.5 | CVE-2024-21311 secure@microsoft.com |
microsoft -- windows_10_1507 | Windows TCP/IP Information Disclosure Vulnerability | 2024-01-09 | 5.3 | CVE-2024-21313 secure@microsoft.com |
microsoft -- windows_10_1507 | Windows Themes Information Disclosure Vulnerability | 2024-01-09 | 4.7 | CVE-2024-20691 secure@microsoft.com |
microsoft -- windows_10_1607 | Windows Server Key Distribution Service Security Feature Bypass | 2024-01-09 | 6.1 | CVE-2024-21316 secure@microsoft.com |
microsoft -- windows_10_1607 | Windows CoreMessaging Information Disclosure Vulnerability | 2024-01-09 | 5.5 | CVE-2024-20694 secure@microsoft.com |
microsoft -- windows_10_1809 | Windows Nearby Sharing Spoofing Vulnerability | 2024-01-09 | 6.5 | CVE-2024-20690 secure@microsoft.com |
microsoft -- windows_10_1809 | Windows Hyper-V Denial of Service Vulnerability | 2024-01-09 | 5.5 | CVE-2024-20699 secure@microsoft.com |
microsoft -- windows_10_1809 | Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | 2024-01-09 | 4.4 | CVE-2024-21305 secure@microsoft.com |
microsoft -- windows_10_21h2 | Microsoft Bluetooth Driver Spoofing Vulnerability | 2024-01-09 | 5.7 | CVE-2024-21306 secure@microsoft.com |
microsoft -- windows_server_2008 | Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | 2024-01-09 | 4.9 | CVE-2024-20662 secure@microsoft.com |
microsoft -- windows_server_2019 | Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | 2024-01-09 | 6.6 | CVE-2024-20655 secure@microsoft.com |
mojofywp -- wp_affiliate_disclosure | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: from n/a through 1.2.7. | 2024-01-05 | 5.4 | CVE-2023-52178 audit@patchstack.com |
mongodb_inc -- mongodb_c_driver | When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0. | 2024-01-12 | 5.3 | CVE-2023-0437 cna@mongodb.com |
netapp -- ontap_9 | ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user. | 2024-01-12 | 4.8 | CVE-2024-21982 security-alert@netapp.com |
netscout -- ngeniusone | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s). | 2024-01-09 | 6.1 | CVE-2023-27000 cve@mitre.org cve@mitre.org cve@mitre.org |
netscout -- ngeniusone | Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page. | 2024-01-09 | 5.4 | CVE-2023-26998 cve@mitre.org cve@mitre.org cve@mitre.org |
nvidia -- dgx_a100 | NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure. | 2024-01-12 | 6.5 | CVE-2023-31025 psirt@nvidia.com |
nvidia -- dgx_a100 | NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering. | 2024-01-12 | 6.8 | CVE-2023-31033 psirt@nvidia.com |
nvidia -- dgx_a100 | NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering. | 2024-01-12 | 6.6 | CVE-2023-31034 psirt@nvidia.com |
nvidia -- dgx_a100 | NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering. | 2024-01-12 | 4.2 | CVE-2023-31031 psirt@nvidia.com |
omron -- sysmac_studio | [PROBLEMTYPE] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT]. | 2024-01-10 | 5.5 | CVE-2022-45793 ot-cert@dragos.com ot-cert@dragos.com ot-cert@dragos.com |
online_job_portal -- online_job_portal | A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability. | 2024-01-07 | 4.8 | CVE-2024-0262 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
open-xchange -- ox_app_suite | The "upsell" widget at the portal page could be abused to inject arbitrary script code. Attackers that manage to lure users to a compromised account, or gain temporary access to a legitimate account, could inject script code to gain persistent code execution capabilities under a trusted domain. User input for this widget is now sanitized to avoid malicious content the be processed. No publicly available exploits are known. | 2024-01-08 | 6.1 | CVE-2023-29049 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
open-xchange -- ox_app_suite | Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known. | 2024-01-08 | 5.4 | CVE-2023-29052 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
open-xchange -- ox_app_suite | User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM. Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. We added sanitization for this content. No publicly available exploits are known. | 2024-01-08 | 5.4 | CVE-2023-41710 security@open-xchange.com security@open-xchange.com security@open-xchange.com security@open-xchange.com |
openedx -- edx-platform | Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f. | 2024-01-13 | 6.4 | CVE-2024-22209 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
pallets -- jinja | Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. | 2024-01-11 | 5.4 | CVE-2024-22195 security-advisories@github.com security-advisories@github.com |
phpgurukul -- hospital_management_system | A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843. | 2024-01-07 | 6.1 | CVE-2024-0286 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
pimcore -- customer-data-framework | The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6. | 2024-01-11 | 6.5 | CVE-2024-21666 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
pimcore -- customer-data-framework | pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6. | 2024-01-11 | 6.5 | CVE-2024-21667 security-advisories@github.com security-advisories@github.com security-advisories@github.com |
pimcore -- ecommerce-framework-bundle | ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10. | 2024-01-11 | 4.3 | CVE-2024-21665 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
preh_gmbh -- mib3_infotainment_unit | The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | 2024-01-12 | 5.3 | CVE-2023-28898 cve@asrg.io |
preh_gmbh -- mib3_infotainment_unit | The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022. | 2024-01-12 | 4 | CVE-2023-28897 cve@asrg.io |
project_worlds -- lawyer_management_system | A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250603. | 2024-01-13 | 6.3 | CVE-2024-0498 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
proofpoint -- proofpoint_enterprise_protection | Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded HTML into the email body of a message through the email subject. The vulnerability is caused by inappropriate encoding when rewriting the email before delivery.This issue affects Proofpoint Enterprise Protection: from 8.20.2 before patch 4809, from 8.20.0 before patch 4805, from 8.18.6 before patch 4804 and all other prior versions. | 2024-01-09 | 5.3 | CVE-2023-5770 security@proofpoint.com |
ptc -- kepware_kepserverex | An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their malicious version to gain initial access and code execution. | 2024-01-10 | 6.3 | CVE-2023-29444 ot-cert@dragos.com ot-cert@dragos.com |
ptc -- kepware_kepserverex | An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. | 2024-01-10 | 5.7 | CVE-2023-29447 ot-cert@dragos.com ot-cert@dragos.com ot-cert@dragos.com |
ptc -- kepware_kepserverex | An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline. | 2024-01-10 | 4.7 | CVE-2023-29446 ot-cert@dragos.com ot-cert@dragos.com ot-cert@dragos.com |
pycryptodome -- pycryptodome | PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | 2024-01-05 | 5.9 | CVE-2023-52323 cve@mitre.org cve@mitre.org |
pyload -- pyload | pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77. | 2024-01-08 | 5.3 | CVE-2024-21645 security-advisories@github.com security-advisories@github.com |
qnap -- qumagie | A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later | 2024-01-05 | 5.4 | CVE-2023-47559 security@qnapsecurity.com.tw |
qualys -- policy_compliance | Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data | 2024-01-09 | 6.5 | CVE-2023-6147 bugreport@qualys.com |
qualys -- policy_compliance | Qualys Jenkins Plugin for Policy Compliance prior to version and including 1.0.5 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access and access to configure or edit jobs to utilize the plugin to configure a potential rouge endpoint via which it was possible to control response for certain request which could be injected with XSS payloads leading to XSS while processing the response data | 2024-01-09 | 5.4 | CVE-2023-6148 bugreport@qualys.com |
qualys -- web_application_screening | Qualys Jenkins Plugin for WAS prior to version and including 2.0.11 was identified to be affected by a security flaw, which was missing a permission check while performing a connectivity check to Qualys Cloud Services. This allowed any user with login access to configure or edit jobs to utilize the plugin and configure potential a rouge endpoint via which it was possible to control response for certain request which could be injected with XXE payloads leading to XXE while processing the response data | 2024-01-09 | 6.5 | CVE-2023-6149 bugreport@qualys.com |
quic-go -- quic-go | quic-go is an implementation of the QUIC protocol (RFC 9000, RFC 9001, RFC 9002) in Go. An attacker can cause its peer to run out of memory sending a large number of PATH_CHALLENGE frames. The receiver is supposed to respond to each PATH_CHALLENGE frame with a PATH_RESPONSE frame. The attacker can prevent the receiver from sending out (the vast majority of) these PATH_RESPONSE frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. This vulnerability has been patched in versions 0.37.7, 0.38.2 and 0.39.4. | 2024-01-10 | 6.4 | CVE-2023-49295 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
red_hat -- multiple_products | A Cross-site request forgery vulnerability exists in ipa/session/login_password in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions as the user, resulting in a loss of confidentiality and system integrity. During community penetration testing it was found that for certain HTTP end-points FreeIPA does not ensure CSRF protection. Due to implementation details one cannot use this flaw for reflection of a cookie representing already logged-in user. An attacker would always have to go through a new authentication attempt. | 2024-01-10 | 6.5 | CVE-2023-5455 secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com secalert@redhat.com |
red_hat -- multiple_products | A flaw was found in CRI-O that involves an experimental annotation leading to a container being unconfined. This may allow a pod to specify and get any amount of memory/cpu, circumventing the kubernetes scheduler and potentially resulting in a denial of service in the node. | 2024-01-09 | 6.5 | CVE-2023-6476 secalert@redhat.com secalert@redhat.com |
red_hat -- multiple_products | A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service. | 2024-01-12 | 6.5 | CVE-2023-6683 secalert@redhat.com secalert@redhat.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user ("root") via a crafted HTTP request. | 2024-01-10 | 6.5 | CVE-2023-48242 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user ("root") via a crafted HTTP request. | 2024-01-10 | 6.5 | CVE-2023-48245 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user ("root") via a crafted HTTP request. | 2024-01-10 | 6.5 | CVE-2023-48246 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user ("root") via a crafted HTTP request. By abusing this vulnerability, it is possible to steal session cookies of other active users. | 2024-01-10 | 6.5 | CVE-2023-48249 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim's session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned log. | 2024-01-10 | 6.3 | CVE-2023-48255 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim's session via a crafted URL or HTTP request. | 2024-01-10 | 5.3 | CVE-2023-48244 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user ("root") via a crafted HTTP request. | 2024-01-10 | 5.3 | CVE-2023-48247 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim's session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file. | 2024-01-10 | 5.5 | CVE-2023-48248 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim's session via a crafted URL or HTTP request. | 2024-01-10 | 5.3 | CVE-2023-48254 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim's session via a crafted URL or HTTP request. | 2024-01-10 | 5.3 | CVE-2023-48256 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim's session. | 2024-01-10 | 5.5 | CVE-2023-48258 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | 2024-01-10 | 5.3 | CVE-2023-48259 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | 2024-01-10 | 5.3 | CVE-2023-48260 psirt@bosch.com |
rexroth -- nexo_cordless_nutrunner_nxa015s-36v | The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. | 2024-01-10 | 5.3 | CVE-2023-48261 psirt@bosch.com |
rubygems -- rubygems | Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a. | 2024-01-12 | 4.8 | CVE-2024-21654 security-advisories@github.com security-advisories@github.com |
sap -- marketing | SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. | 2024-01-09 | 5.4 | CVE-2024-21734 cna@sap.com cna@sap.com |
sap -- netweaver_application_server_abap | SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. | 2024-01-09 | 5.4 | CVE-2024-21738 cna@sap.com cna@sap.com |
sap_se -- sap_netweaver_(internet_communication_manager) | Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality. | 2024-01-09 | 4.1 | CVE-2024-22124 cna@sap.com cna@sap.com |
sap_se -- sap_s/4hana_finance_(advanced_payment_management) | SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application. | 2024-01-09 | 6.4 | CVE-2024-21736 cna@sap.com cna@sap.com |
siemens -- cp-8031_master_module | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.20), CP-8050 MASTER MODULE (All versions < CPCI85 V05.20). The network configuration service of affected devices contains a flaw in the conversion of ipv4 addresses that could lead to an uninitialized variable being used in succeeding validation steps. By uploading specially crafted network configuration, an authenticated remote attacker could be able to inject commands that are executed on the device with root privileges during device startup. | 2024-01-09 | 6.6 | CVE-2023-42797 productcert@siemens.com |
siemens -- jt2go | A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. | 2024-01-09 | 5.5 | CVE-2023-51744 productcert@siemens.com |
sourcecodester -- engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116. | 2024-01-09 | 6.5 | CVE-2024-0348 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability. | 2024-01-09 | 6.5 | CVE-2024-0350 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- house_rental_management_system | A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability. | 2024-01-13 | 4.7 | CVE-2024-0502 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- simple_house_rental_system | A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6. Affected by this vulnerability is an unknown functionality of the component Login Panel. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250111. | 2024-01-09 | 6.1 | CVE-2024-0343 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- student_attendance_system | A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Affected is an unknown function of the file attendance_report.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250230 is the identifier assigned to this vulnerability. | 2024-01-10 | 6.3 | CVE-2024-0389 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
soxft -- timemail | A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250112. | 2024-01-09 | 5.5 | CVE-2024-0344 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
splunk -- splunk_enterprise_security_(es) | In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users. | 2024-01-09 | 6.5 | CVE-2024-22165 prodsec@splunk.com prodsec@splunk.com |
splunk -- splunk_enterprise_security_(es) | In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. | 2024-01-09 | 4.3 | CVE-2024-22164 prodsec@splunk.com prodsec@splunk.com |
ssm_shiro_blog --ssm_shiro_blog | A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123. | 2024-01-10 | 4.3 | CVE-2024-0356 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sumanbhattarai -- send_users_email | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3. | 2024-01-05 | 5.3 | CVE-2023-52126 audit@patchstack.com |
synopsys -- devise-two-factor | Devise-Two-Factor does not throttle or otherwise restrict login attempts at the server by default. When combined with the Time-based One Time Password algorithm's (TOTP) inherent entropy limitations, it's possible for an attacker to bypass the 2FA mechanism through brute-force attacks. | 2024-01-11 | 5 | CVE-2024-0227 disclosure@synopsys.com |
synopsys -- seeker | Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload. | 2024-01-09 | 5.4 | CVE-2024-0226 disclosure@synopsys.com |
taokeyun --taokeyun | A vulnerability was found in Taokeyun up to 1.0.5. It has been rated as critical. Affected by this issue is the function shopGoods of the file application/index/controller/app/store/Goods.php of the component HTTP POST Request Handler. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250586 is the identifier assigned to this vulnerability. | 2024-01-13 | 6.3 | CVE-2024-0481 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
taokeyun --taokeyun | A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. This affects the function index of the file application/index/controller/app/Video.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250587. | 2024-01-13 | 6.3 | CVE-2024-0482 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
taokeyun --taokeyun | A vulnerability classified as critical was found in Taokeyun up to 1.0.5. This vulnerability affects the function index of the file application/index/controller/app/Task.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250588. | 2024-01-13 | 6.3 | CVE-2024-0483 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
tasmoadmin -- tasmoadmin | Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability. | 2024-01-08 | 6.1 | CVE-2023-6552 cvd@cert.pl cvd@cert.pl cvd@cert.pl |
themeisle -- rss_aggregator_by_feedzy | The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check when updating settings in all versions up to, and including, 4.3.2. This makes it possible for authenticated attackers, with author-level access or above to change the plugin's settings including proxy settings, which are also exposed to authors. | 2024-01-06 | 5.4 | CVE-2023-6798 security@wordfence.com security@wordfence.com |
themeisle -- rss_aggregator_by_feedzy | The RSS Aggregator by Feedzy - Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-06 | 5.4 | CVE-2023-6801 security@wordfence.com security@wordfence.com |
themeum -- wp_crowdfunding | The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2024-01-08 | 6.1 | CVE-2023-6161 contact@wpscan.com |
topazevolution -- antifraud | The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time). | 2024-01-08 | 6.5 | CVE-2023-52271 cve@mitre.org cve@mitre.org |
totolink -- t6_firmware | A vulnerability classified as problematic has been found in Totolink T6 4.1.9cu.5241_B20210923. This affects an unknown part of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249867. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-01-09 | 6.5 | CVE-2023-7223 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
trellix -- trellix_endpoint_security_(ens)_web_control | A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. | 2024-01-10 | 6.1 | CVE-2024-0310 trellixpsirt@trellix.com |
uncannyowl -- uncanny_automator | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator - Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator - Automate everything with the #1 no-code automation and integration plugin: from n/a through 5.1.0.2. | 2024-01-05 | 5.3 | CVE-2023-52151 audit@patchstack.com |
vehicle_booking_system --vehicle_booking_system | A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250113 was assigned to this vulnerability. | 2024-01-09 | 4.3 | CVE-2024-0345 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
videowhisper -- rate_star_review | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review - AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review - AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1. | 2024-01-08 | 6.1 | CVE-2023-52213 audit@patchstack.com |
weitong -- mall | A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243. | 2024-01-12 | 5.5 | CVE-2022-4961 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
wordpress -- wordpress | The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'esi' shortcode in versions up to, and including, 5.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-4372 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfm_stores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-4960 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search. This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33. | 2024-01-05 | 6.5 | CVE-2023-51678 audit@patchstack.com |
wordpress -- wordpress | The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks. | 2024-01-08 | 6.5 | CVE-2023-6139 contact@wpscan.com |
wordpress -- wordpress | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection. | 2024-01-10 | 6.5 | CVE-2023-6158 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the evo_eventpost_update_meta function. This makes it possible for unauthenticated attackers to update arbitrary post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-11 | 6.5 | CVE-2023-6242 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-11 | 6.5 | CVE-2023-6244 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities. | 2024-01-08 | 6.1 | CVE-2023-6529 contact@wpscan.com |
wordpress -- wordpress | The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the featured image alt text in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-6561 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Import and export users and customers plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.24.2 via the Recurring Import functionality. This makes it possible for authenticated attackers, with administrator access and above, to read and delete the contents of arbitrary files on the server including wp-config.php, which can contain sensitive information. | 2024-01-11 | 6.6 | CVE-2023-6583 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Happy Addons for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via DOM in all versions up to and including 3.9.1.1 (versions up to 2.9.1.1 in Happy Addons for Elementor Pro) due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-01-11 | 6.1 | CVE-2023-6632 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The CAOS | Host Google Analytics Locally plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 4.7.14. This makes it possible for unauthenticated attackers to update plugin settings. | 2024-01-11 | 6.5 | CVE-2023-6637 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The GTG Product Feed for Shopping plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_settings' function in versions up to, and including, 1.2.4. This makes it possible for unauthenticated attackers to update plugin settings. | 2024-01-11 | 6.5 | CVE-2023-6638 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Post Grid Combo - 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS parameter in all versions up to, and including, 2.2.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-6645 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Ibtana - WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ive' shortcode in versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on 'width' and 'height' user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-6684 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Ready Function' field in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-6776 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom fields in all versions up to, and including, 2.10.26 due to insufficient input sanitization and output escaping on user supplied values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-6781 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The AMP for WP - Accelerated Mobile Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.0.92 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-6782 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Formidable Forms plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 6.7. This vulnerability allows unauthenticated users to inject arbitrary HTML code into form fields. When the form data is viewed by an administrator in the Entries View Page, the injected HTML code is rendered, potentially leading to admin area defacement or redirection to malicious websites. | 2024-01-09 | 6.5 | CVE-2023-6830 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Simple Membership plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'environment_mode' parameter in all versions up to, and including, 4.3.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-01-11 | 6.1 | CVE-2023-6882 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Limit Login Attempts Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.25.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-6934 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Oxygen Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a custom field in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Version 4.8.1 of the Oxygen Builder plugin for WordPress addresses this vulnerability by implementing an optional filter to provide output escaping for dynamic data. Please see https://oxygenbuilder.com/documentation/other/security/#filtering-dynamic-data for more details. | 2024-01-11 | 6.4 | CVE-2023-6938 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's extend_builder_render_js shortcode in all versions up to, and including, 1.0.239 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-6988 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The List category posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catlist' shortcode in all versions up to, and including, 0.89.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.5 | CVE-2023-6994 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Email Encoder - Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's eeb_mailto shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-7070 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Essential Blocks - Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Table of Contents block in all versions up to, and including, 4.4.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-7071 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed. | 2024-01-13 | 6.1 | CVE-2024-0251 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_disconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-11 | 5.4 | CVE-2023-4247 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it possible for unauthenticated attackers to deactivate the plugin's stripe integration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-11 | 5.4 | CVE-2023-4248 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs - Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs - Responsive Tabs Plugin for WordPress: from n/a through 2.2.0. | 2024-01-05 | 5.4 | CVE-2023-52124 audit@patchstack.com |
wordpress -- wordpress | The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks. | 2024-01-08 | 5.4 | CVE-2023-6141 contact@wpscan.com |
wordpress -- wordpress | The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple AJAX actions in all versions up to, and including, 2.1.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to disclose sensitive information or perform unauthorized actions, such as saving advanced plugin settings. | 2024-01-11 | 5.4 | CVE-2023-6369 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the card_famne_export_settings function. This makes it possible for unauthenticated attackers to obtain plugin settings. | 2024-01-11 | 5.3 | CVE-2023-6496 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The FOX - Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via currency options in all versions up to, and including, 1.4.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 5.4 | CVE-2023-6556 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The ElementsKit Elementor addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.3 via the ekit_widgetarea_content function. This makes it possible for unauthenticated attackers to obtain contents of posts in draft, private or pending review status that should not be visible to the general public. This applies to posts created with Elementor only. | 2024-01-11 | 5.3 | CVE-2023-6582 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9. | 2024-01-08 | 5.4 | CVE-2024-21745 audit@patchstack.com |
wordpress -- wordpress | The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-01-11 | 4.3 | CVE-2023-4246 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Chatbot for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 2.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-11 | 4.4 | CVE-2023-5691 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve the details of another user's course progress. | 2024-01-11 | 4.3 | CVE-2023-6223 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-01-11 | 4.4 | CVE-2023-6446 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Depicter Slider - Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue. | 2024-01-05 | 4.3 | CVE-2023-6493 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wppb_toolbox_usermeta_handler function in all versions up to, and including, 3.10.7. This makes it possible for authenticated attackers, with contributor-level access and above, to expose sensitive information within user metadata. | 2024-01-11 | 4.3 | CVE-2023-6504 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP 2FA - Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site. | 2024-01-11 | 4.3 | CVE-2023-6506 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WP 2FA - Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the send_backup_codes_email function. This makes it possible for unauthenticated attackers to send emails with arbitrary content to registered users via a forged request granted they can trick a site administrator or other registered user into performing an action such as clicking on a link. While a nonce check is present, it is only executed if a nonce is set. By omitting a nonce from the request, the check can be bypassed. | 2024-01-11 | 4.3 | CVE-2023-6520 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The WordPress Button Plugin MaxButtons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. Administrators can give button creation privileges to users with lower levels (contributor+) which would allow those lower-privileged users to carry out attacks. | 2024-01-09 | 4.8 | CVE-2023-6594 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Import and export users and customers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.24.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 4.9 | CVE-2023-6624 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Contact Form 7 - Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor access or higher to access arbitrary metadata of any post type, referencing the post by id and the meta by key. | 2024-01-11 | 4.3 | CVE-2023-6630 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Enable Media Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the SHORTPIXEL_DEBUG parameter in all versions up to, and including, 4.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Exploiting this vulnerability requires the attacker to know the ID of an attachment uploaded by the user they are attacking. | 2024-01-11 | 4.7 | CVE-2023-6737 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Gallery Plugin for WordPress - Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'envira_gallery_insert_images' function in all versions up to, and including, 1.8.7.1. This makes it possible for authenticated attackers, with contributor access and above, to modify galleries on other users' posts. | 2024-01-11 | 4.3 | CVE-2023-6742 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Formidable Forms - Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the name field label and description field label parameter in all versions up to 6.7 (inclusive) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this only affects multi-site installations and installations where unfiltered_html has been disabled. However, in the formidable settings admins can extend form creation, deletion and other management permissions to other user types, which makes it possible for this vulnerability to be exploited by lower level user types as long as they have been granted the proper permissions. | 2024-01-09 | 4.4 | CVE-2023-6842 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform unauthorized actions, such as modifying the plugin's Facebook and Instagram access tokens and updating group IDs. | 2024-01-11 | 4.3 | CVE-2023-6883 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Photo Gallery by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widgets in versions up to, and including, 1.8.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with administrator-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It can also be exploited with a contributor-level permission with a page builder plugin. | 2024-01-11 | 4.4 | CVE-2023-6924 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The LightStart - Maintenance Mode, Coming Soon and Landing Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the insert_template function in all versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to change page designs. | 2024-01-11 | 4.3 | CVE-2023-7019 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting: from n/a through 1.12.8. | 2024-01-08 | 4.9 | CVE-2024-21747 audit@patchstack.com |
wordpress -- wordpress | The Video PopUp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'video_popup' shortcode in versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 6.4 | CVE-2023-4962 security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Paid Memberships Pro - Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to unauthorized modification of membership levels created by the plugin due to an incorrectly implemented capability check in the pmpro_rest_api_get_permissions_check function in all versions up to 2.12.5 (inclusive). This makes it possible for unauthenticated attackers to change membership levels including prices. | 2024-01-11 | 5.3 | CVE-2023-6855 security@wordfence.com security@wordfence.com security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The Weaver Xtreme theme for WordPress is vulnerable to Stored Cross-Site Scripting via custom post meta in all versions up to, and including, 6.3.0 due to insufficient input sanitization and output escaping on user supplied meta (page-head-code). This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-01-11 | 5.4 | CVE-2023-6990 security@wordfence.com security@wordfence.com |
wordpress -- wordpress | The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycache_save_varniship, speedycache_img_update_settings, speedycache_preloading_add_settings, and speedycache_preloading_delete_resource functions in all versions up to, and including, 1.1.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin options. | 2024-01-11 | 4.3 | CVE-2023-6598 security@wordfence.com security@wordfence.com |
wpaffiliatemanager -- affiliates_manager | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30. | 2024-01-05 | 5.3 | CVE-2023-52148 audit@patchstack.com |
wpmet -- metform_elementor_contact_form_builder | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on the contents function. This makes it possible for unauthenticated attackers to update the options "mf_hubsopt_token", "mf_hubsopt_refresh_token", "mf_hubsopt_token_type", and "mf_hubsopt_expires_in" via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This would allow an attacker to connect their own Hubspot account to a victim site's metform to obtain leads and contacts. | 2024-01-09 | 5.4 | CVE-2023-6788 security@wordfence.com security@wordfence.com security@wordfence.com |
wwbn -- avideo | An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. | 2024-01-10 | 6.5 | CVE-2023-47171 talos-cna@cisco.com |
wwbn -- avideo | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_gifimage` parameter. | 2024-01-10 | 6.5 | CVE-2023-49862 talos-cna@cisco.com |
wwbn -- avideo | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_webpimage` parameter. | 2024-01-10 | 6.5 | CVE-2023-49863 talos-cna@cisco.com |
wwbn -- avideo | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the `downloadURL_image` parameter. | 2024-01-10 | 6.5 | CVE-2023-49864 talos-cna@cisco.com |
wwbn -- avideo | A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user. | 2024-01-10 | 5.3 | CVE-2023-50172 talos-cna@cisco.com |
wwbn -- avideo | A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP requests to trigger this vulnerability. | 2024-01-10 | 4.3 | CVE-2023-49715 talos-cna@cisco.com |
xen -- xen | When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default). | 2024-01-05 | 5.5 | CVE-2023-34323 security@xen.org |
xen -- xen | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. | 2024-01-05 | 5.5 | CVE-2023-34327 security@xen.org |
xen -- xen | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT. This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock up the CPU entirely. | 2024-01-05 | 5.5 | CVE-2023-34328 security@xen.org |
xen -- xen | The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels. However dom_io being a PV domain gets the AMD-Vi IOMMU page tables levels based on the maximum (hot pluggable) RAM address, and hence on systems with no RAM above the 512GB mark only 3 page-table levels are configured in the IOMMU. On systems without RAM above the 512GB boundary amd_iommu_quarantine_init() will setup page tables for the scratch page with 4 levels, while the IOMMU will be configured to use 3 levels only, resulting in the last page table directory (PDE) effectively becoming a page table entry (PTE), and hence a device in quarantine mode gaining write access to the page destined to be a PDE. Due to this page table level mismatch, the sink page the device gets read/write access to is no longer cleared between device assignment, possibly leading to data leaks. | 2024-01-05 | 5.5 | CVE-2023-46835 security@xen.org |
xen -- xen | The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. It was believed that the mitigations always operated in contexts with IRQs disabled. However, the original XSA-254 fix for Meltdown (XPTI) deliberately left interrupts enabled on two entry paths; one unconditionally, and one conditionally on whether XPTI was active. As BTC/SRSO and Meltdown affect different CPU vendors, the mitigations are not active together by default. Therefore, there is a race condition whereby a malicious PV guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen. | 2024-01-05 | 4.7 | CVE-2023-46836 security@xen.org |
xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1. | 2024-01-09 | 6.5 | CVE-2024-21651 security-advisories@github.com security-advisories@github.com |
yugeshverma -- online_lawyer_management_system | A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability. | 2024-01-07 | 5.4 | CVE-2024-0266 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
zte -- mf258 | There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered. | 2024-01-10 | 5.7 | CVE-2023-41781 psirt@zte.com.cn |
zte -- zxcloud_irai_firmware | There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. | 2024-01-05 | 4.8 | CVE-2023-41782 psirt@zte.com.cn |
škoda -- superb_iii | By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is moving at a high speed. No safety critical functions affected. | 2024-01-12 | 4.7 | CVE-2023-28899 cve@asrg.io |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
blood_bank_&_donor_management --blood_bank_&_donor_management | A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability. | 2024-01-13 | 2.4 | CVE-2024-0476 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
cdo-utility-local-uuid --cdo-utility-local-uuid | cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. | 2024-01-11 | 2.2 | CVE-2024-22194 security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com security-advisories@github.com |
cloudfavorites -- favorites-web | A vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250238 is the identifier assigned to this vulnerability. | 2024-01-12 | 3.5 | CVE-2022-4960 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- dormitory_management_system | A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability. | 2024-01-12 | 3.5 | CVE-2024-0472 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- online_fir_system | A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611. | 2024-01-13 | 3.5 | CVE-2024-0503 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
code-projects -- simple_online_hotel_reservation_system | A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250618 is the identifier assigned to this vulnerability. | 2024-01-13 | 3.5 | CVE-2024-0504 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
discourse -- discourse | Discourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4. | 2024-01-12 | 3.1 | CVE-2023-49099 security-advisories@github.com security-advisories@github.com |
discourse -- discourse-reactions | Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939. | 2024-01-12 | 3.5 | CVE-2023-49098 security-advisories@github.com security-advisories@github.com |
employee_profile_management_system --employee_profile_management_system | A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability. | 2024-01-12 | 3.5 | CVE-2024-0465 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
employee_profile_management_system --employee_profile_management_system | A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572. | 2024-01-12 | 3.5 | CVE-2024-0467 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits. | 2024-01-12 | 3.5 | CVE-2023-2030 cve@gitlab.com cve@gitlab.com |
inis -- inis | A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability. | 2024-01-09 | 3.5 | CVE-2024-0341 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
online_food_ordering_system -- online_food_ordering_system | A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability. | 2024-01-11 | 3.5 | CVE-2024-0423 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
pos_and_inventory_management_system --pos_and_inventory_management_system | A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /new_item of the component New Item Creation Page. The manipulation of the argument new_item leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250441 was assigned to this vulnerability. | 2024-01-11 | 3.5 | CVE-2024-0422 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
qkmc-rk -- redbbs | A vulnerability classified as problematic has been found in qkmc-rk redbbs 1.0. Affected is an unknown function of the component Post Handler. The manipulation of the argument title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250236. | 2024-01-11 | 3.5 | CVE-2022-4958 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
qkmc-rk -- redbbs | A vulnerability classified as problematic was found in qkmc-rk redbbs 1.0. Affected by this vulnerability is an unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250237 was assigned to this vulnerability. | 2024-01-11 | 3.5 | CVE-2022-4959 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
simple_banking_system --simple_banking_system | A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250443. | 2024-01-11 | 3.5 | CVE-2024-0424 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- engineers_online_portal | A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115. | 2024-01-09 | 3.7 | CVE-2024-0347 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- engineers_online_portal | A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250119. | 2024-01-09 | 3.5 | CVE-2024-0351 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- house_rental_management_system | A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607. | 2024-01-13 | 2.4 | CVE-2024-0499 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- house_rental_management_system | A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608. | 2024-01-13 | 2.4 | CVE-2024-0500 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
sourcecodester -- house_rental_management_system | A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability. | 2024-01-13 | 2.4 | CVE-2024-0501 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
vehicle_booking_system --vehicle_booking_system | A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability. | 2024-01-09 | 3.5 | CVE-2024-0346 cna@vuldb.com cna@vuldb.com cna@vuldb.com |
wordpress -- wordpress | The My Sticky Bar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.6. This is due to missing or incorrect nonce validation in mystickymenu-contact-leads.php. This makes it possible for unauthenticated attackers to trigger the export of a CSV file containing contact leads via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Because the CSV file is exported to a public location, it can be downloaded during a very short window of time before it is automatically deleted by the export function. | 2024-01-11 | 3.1 | CVE-2023-7048 security@wordfence.com security@wordfence.com |
xen -- xen | Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. | 2024-01-05 | 3.3 | CVE-2023-34321 security@xen.org |
xen -- xen | Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-437, but the approach was not sufficient. | 2024-01-05 | 3.3 | CVE-2023-46837 security@xen.org |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
amd -- 3rd_gen_amd_epyc_processors | A privileged attacker can prevent delivery of debug exceptions to SEV-SNP guests potentially resulting in guests not receiving expected debug information. | 2024-01-11 | not yet calculated | CVE-2023-20573 psirt@amd.com |
andriod -- android_nfc | The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read. | 2024-01-09 | not yet calculated | CVE-2023-36629 cve@mitre.org cve@mitre.org cve@mitre.org |
apache_software_foundation -- apache_answer | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer. This issue affects Apache Answer: through 1.2.0. Under normal circumstances, a user can only bookmark a question once, and will only increase the number of questions bookmarked once. However, repeat submissions through the script can increase the number of collection of the question many times. Users are recommended to upgrade to version [1.2.1], which fixes the issue. | 2024-01-10 | not yet calculated | CVE-2023-49619 security@apache.org security@apache.org |
apple -- ios_and_ipados | An integer overflow was addressed through improved input validation. This issue is fixed in tvOS 16.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4, watchOS 9.4, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to cause a denial-of-service. | 2024-01-10 | not yet calculated | CVE-2023-28185 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4, watchOS 9.4. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | 2024-01-10 | not yet calculated | CVE-2023-32424 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | A memory corruption issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to cause unexpected system termination or write kernel memory. | 2024-01-10 | not yet calculated | CVE-2023-38610 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14, macOS Ventura 13.6. An app may be able to access protected user data. | 2024-01-10 | not yet calculated | CVE-2023-38612 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. A remote attacker may be able to view leaked DNS queries with Private Relay turned on. | 2024-01-10 | not yet calculated | CVE-2023-40385 product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | The issue was addressed with improved validation of environment variables. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to access sensitive user data. | 2024-01-10 | not yet calculated | CVE-2023-40394 product-security@apple.com |
apple -- ios_and_ipados | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 10, iOS 17 and iPadOS 17, tvOS 17, macOS Sonoma 14, Safari 17. Processing web content may lead to arbitrary code execution. | 2024-01-10 | not yet calculated | CVE-2023-40414 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | 2024-01-10 | not yet calculated | CVE-2023-40437 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14, iOS 16.7 and iPadOS 16.7. An app may be able to access edited photos saved to a temporary directory. | 2024-01-10 | not yet calculated | CVE-2023-40438 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to read sensitive location information. | 2024-01-10 | not yet calculated | CVE-2023-40439 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 17 and iPadOS 17. A person with physical access to a device may be able to use VoiceOver to access private calendar information. | 2024-01-10 | not yet calculated | CVE-2023-40529 product-security@apple.com |
apple -- ios_and_ipados | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. A remote user may be able to cause kernel code execution. | 2024-01-10 | not yet calculated | CVE-2023-41060 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 17 and iPadOS 17. A 3D model constructed to look like the enrolled user may authenticate via Face ID. | 2024-01-10 | not yet calculated | CVE-2023-41069 product-security@apple.com |
apple -- ios_and_ipados | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-10 | not yet calculated | CVE-2023-41974 product-security@apple.com |
apple -- ios_and_ipados | A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14, Safari 17, iOS 17 and iPadOS 17. Processing web content may lead to arbitrary code execution. | 2024-01-10 | not yet calculated | CVE-2023-42833 product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-10 | not yet calculated | CVE-2023-42870 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-10 | not yet calculated | CVE-2023-42871 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app may be able to access sensitive user data. | 2024-01-10 | not yet calculated | CVE-2023-42872 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14, iOS 17 and iPadOS 17. An app with root privileges may be able to access private information. | 2024-01-10 | not yet calculated | CVE-2023-42934 product-security@apple.com product-security@apple.com |
apple -- ios_and_ipados | The issue was addressed with improved checks. This issue is fixed in iOS 17.2 and iPadOS 17.2. An attacker in a privileged network position may be able to perform a denial-of-service attack using crafted Bluetooth packets. | 2024-01-10 | not yet calculated | CVE-2023-42941 product-security@apple.com product-security@apple.com |
apple -- macos | The issue was addressed with improved UI handling. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Visiting a website that frames malicious content may lead to UI spoofing. | 2024-01-10 | not yet calculated | CVE-2022-32919 product-security@apple.com product-security@apple.com |
apple -- macos | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. | 2024-01-10 | not yet calculated | CVE-2022-32931 product-security@apple.com |
apple -- macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system. | 2024-01-10 | not yet calculated | CVE-2022-42816 product-security@apple.com |
apple -- macos | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to read sensitive location information. | 2024-01-10 | not yet calculated | CVE-2022-42839 product-security@apple.com product-security@apple.com |
apple -- macos | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet. | 2024-01-10 | not yet calculated | CVE-2022-46710 product-security@apple.com product-security@apple.com |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-10 | not yet calculated | CVE-2022-46721 product-security@apple.com |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-10 | not yet calculated | CVE-2022-47915 product-security@apple.com |
apple -- macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-10 | not yet calculated | CVE-2022-47965 product-security@apple.com |
apple -- macos | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | 2024-01-10 | not yet calculated | CVE-2022-48504 product-security@apple.com |
apple -- macos | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13. An app may be able to access user-sensitive data. | 2024-01-10 | not yet calculated | CVE-2022-48577 product-security@apple.com |
apple -- macos | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to access user-sensitive data. | 2024-01-10 | not yet calculated | CVE-2023-28197 product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. Processing a font file may lead to arbitrary code execution. | 2024-01-10 | not yet calculated | CVE-2023-32366 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-10 | not yet calculated | CVE-2023-32378 product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | This issue was addressed by forcing hardened runtime on the affected binaries at the system level. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. An app may be able to inject code into sensitive binaries bundled with Xcode. | 2024-01-10 | not yet calculated | CVE-2023-32383 product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.6.6, macOS Big Sur 11.7.7, macOS Ventura 13.4. Parsing an office document may lead to an unexpected app termination or arbitrary code execution. | 2024-01-10 | not yet calculated | CVE-2023-32401 product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | 2024-01-10 | not yet calculated | CVE-2023-32436 product-security@apple.com |
apple -- macos | The issue was addressed with improved handling of caches. This issue is fixed in macOS Sonoma 14. An app may be able to modify Printer settings. | 2024-01-10 | not yet calculated | CVE-2023-38607 product-security@apple.com |
apple -- macos | A path handling issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data. | 2024-01-10 | not yet calculated | CVE-2023-40383 product-security@apple.com |
apple -- macos | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. Photos in the Hidden Photos Album may be viewed without authentication. | 2024-01-10 | not yet calculated | CVE-2023-40393 product-security@apple.com |
apple -- macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks. | 2024-01-10 | not yet calculated | CVE-2023-40433 product-security@apple.com |
apple -- macos | A type confusion issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4. An app may be able to execute arbitrary code with kernel privileges. | 2024-01-10 | not yet calculated | CVE-2023-41075 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.5. An app may be able to gain root privileges. | 2024-01-10 | not yet calculated | CVE-2023-42828 product-security@apple.com |
apple -- macos | The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to access SSH passphrases. | 2024-01-10 | not yet calculated | CVE-2023-42829 product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information. | 2024-01-10 | not yet calculated | CVE-2023-42830 product-security@apple.com product-security@apple.com |
apple -- macos | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to fingerprint the user. | 2024-01-10 | not yet calculated | CVE-2023-42831 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to gain root privileges. | 2024-01-10 | not yet calculated | CVE-2023-42832 product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory. | 2024-01-10 | not yet calculated | CVE-2023-42862 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing an image may result in disclosure of process memory. | 2024-01-10 | not yet calculated | CVE-2023-42865 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- macos | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5. Multiple issues in libxml2. | 2024-01-10 | not yet calculated | CVE-2023-42869 product-security@apple.com product-security@apple.com |
apple -- magic_keyboard_firmware | A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic. | 2024-01-12 | not yet calculated | CVE-2024-0230 product-security@apple.com |
apple -- safari | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, tvOS 16.6, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | 2024-01-10 | not yet calculated | CVE-2023-42866 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
apple -- tvos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1. | 2024-01-09 | not yet calculated | CVE-2022-48618 product-security@apple.com product-security@apple.com product-security@apple.com product-security@apple.com |
atos -- soap_server | A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system. | 2024-01-12 | not yet calculated | CVE-2023-48166 cve@mitre.org cve@mitre.org |
buffalo -- ls210D | An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. | 2024-01-11 | not yet calculated | CVE-2023-51073 cve@mitre.org cve@mitre.org |
cassia -- gateway | In Cassia Gateway firmware XC1000_2.1.1.2303082218 and XC2000_2.1.1.2303090947, the queueUrl parameter in /bypass/config is not sanitized. This leads to injecting Bash code and executing it with root privileges on device startup. | 2024-01-10 | not yet calculated | CVE-2023-31446 cve@mitre.org cve@mitre.org |
cisco -- multiple_products | Hyland Perceptive Filters releases before 2023-12-08 (e.g., 11.4.0.2647), as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document. | 2024-01-10 | not yet calculated | CVE-2023-31488 cve@mitre.org |
click2gov-- centralsquare | An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known. | 2024-01-12 | not yet calculated | CVE-2023-40362 cve@mitre.org cve@mitre.org |
d-link_dir-822+ --d-link_dir-822+ | D-Link DIR-822+ V1.0.2 was found to contain a command injection in SetStaticRouteSettings function. allows remote attackers to execute arbitrary commands via shell. | 2024-01-11 | not yet calculated | CVE-2023-51984 cve@mitre.org |
d-link_dir-822+ --d-link_dir-822+ | D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | 2024-01-11 | not yet calculated | CVE-2023-51987 cve@mitre.org |
d-link_dir-822+ --d-link_dir-822+ | D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to log in to administrator accounts with empty passwords. | 2024-01-11 | not yet calculated | CVE-2023-51989 cve@mitre.org |
dir815 --dir815 | An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component. | 2024-01-10 | not yet calculated | CVE-2023-51123 cve@mitre.org |
elite-- crm | Cross Site Scripting Vulnerability in Elite CRM v1.2.11 allows attacker to execute arbitrary code via the language parameter to the /ngs/login endpoint. | 2024-01-11 | not yet calculated | CVE-2022-40361 cve@mitre.org cve@mitre.org |
flaskcode_for_python --flaskcode_for_python | An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files. | 2024-01-13 | not yet calculated | CVE-2023-52288 cve@mitre.org |
flaskcode_for_python --flaskcode_for_python | An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files. | 2024-01-13 | not yet calculated | CVE-2023-52289 cve@mitre.org |
flient -- smart_door_lock | Flient Smart Door Lock v1.0 is vulnerable to Use of Default Credentials. Due to default credentials on a debug interface, in combination with certain design choices, an attacker can unlock the Flient Smart Door Lock by replacing the fingerprint that is stored on the scanner. | 2024-01-11 | not yet calculated | CVE-2023-50124 cve@mitre.org |
flient -- smart_door_lock | Missing encryption in the NFC tags of the Flient Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original tags, which results in an attacker gaining access to the perimeter. | 2024-01-11 | not yet calculated | CVE-2023-50129 cve@mitre.org |
flir -- ax8 | Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter. | 2024-01-10 | not yet calculated | CVE-2023-51126 cve@mitre.org |
flir -- ax8_thermal_sensor_cameras | FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file. | 2024-01-10 | not yet calculated | CVE-2023-51127 cve@mitre.org |
follet_school_solutions--follet_school_solutions_destiny | Cross Site Scripting vulnerability in Follet School Solutions Destiny v.20_0_1_AU4 and later allows a remote attacker to run arbitrary code via presentonesearchresultsform.do. | 2024-01-09 | not yet calculated | CVE-2023-38827 cve@mitre.org |
freeimage-- memoryreadproc | An integer overflow vulnerability in FreeImageIO.cpp:: MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code. | 2024-01-09 | not yet calculated | CVE-2023-47992 cve@mitre.org |
freeimage_project-- freeimage | A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service. | 2024-01-09 | not yet calculated | CVE-2023-47993 cve@mitre.org |
freeimage_project-- freeimage | An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code. | 2024-01-09 | not yet calculated | CVE-2023-47994 cve@mitre.org |
freeimage_project-- freeimage | Buffer Overflow vulnerability in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service. | 2024-01-09 | not yet calculated | CVE-2023-47995 cve@mitre.org |
freeimage_project-- freeimage | An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service. | 2024-01-09 | not yet calculated | CVE-2023-47996 cve@mitre.org |
freeimage_project-- freeimage | An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service. | 2024-01-10 | not yet calculated | CVE-2023-47997 cve@mitre.org |
gentoo -- portage | In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. | 2024-01-12 | not yet calculated | CVE-2016-20021 cve@mitre.org cve@mitre.org cve@mitre.org |
gl.inet --gl.inet | An issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | 2024-01-12 | not yet calculated | CVE-2023-50919 cve@mitre.org |
gl.inet --gl.inet | An issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7. | 2024-01-12 | not yet calculated | CVE-2023-50920 cve@mitre.org |
google -- chrome | Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) | 2024-01-10 | not yet calculated | CVE-2024-0333 chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com chrome-cve-admin@google.com |
gradle_enterprise-- gradle_enterprise | In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in. | 2024-01-09 | not yet calculated | CVE-2023-49238 cve@mitre.org cve@mitre.org |
hongdian -- h8951-4g-esp | Root user password is hardcoded into the device and cannot be changed in the user interface. | 2024-01-12 | not yet calculated | CVE-2023-49253 cvd@cert.pl cvd@cert.pl |
hongdian -- h8951-4g-esp | Authenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly. | 2024-01-12 | not yet calculated | CVE-2023-49254 cvd@cert.pl cvd@cert.pl |
hongdian -- h8951-4g-esp | The router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated one. If the logged in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password. | 2024-01-12 | not yet calculated | CVE-2023-49255 cvd@cert.pl cvd@cert.pl |
hongdian -- h8951-4g-esp | It is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key. | 2024-01-12 | not yet calculated | CVE-2023-49256 cvd@cert.pl cvd@cert.pl |
hongdian -- h8951-4g-esp | An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. | 2024-01-12 | not yet calculated | CVE-2023-49257 cvd@cert.pl cvd@cert.pl |
hongdian -- h8951-4g-esp | User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter. | 2024-01-12 | not yet calculated | CVE-2023-49258 cvd@cert.pl cvd@cert.pl |
hongdian -- h8951-4g-esp | The authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time. | 2024-01-12 | not yet calculated | CVE-2023-49259 cvd@cert.pl cvd@cert.pl |
hongdian -- h8951-4g-esp | An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255. | 2024-01-12 | not yet calculated | CVE-2023-49260 cvd@cert.pl cvd@cert.pl |
hongdian -- h8951-4g-esp | The "tokenKey" value used in user authorization is visible in the HTML source of the login page. | 2024-01-12 | not yet calculated | CVE-2023-49261 cvd@cert.pl cvd@cert.pl |
hongdian -- h8951-4g-esp | The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session. | 2024-01-12 | not yet calculated | CVE-2023-49262 cvd@cert.pl cvd@cert.pl |
hospital_management_system--hospital_management_system | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries -> Unread Query' tab. | 2024-01-10 | not yet calculated | CVE-2020-26627 cve@mitre.org |
hospital_management_system--hospital_management_system | A Cross-Site Scripting (XSS) vulnerability was discovered in Hospital Management System V4.0 which allows an attacker to execute arbitrary web scripts or HTML code via a malicious payload appended to a username on the 'Edit Profile" page and triggered by another user visiting the profile. | 2024-01-10 | not yet calculated | CVE-2020-26628 cve@mitre.org |
hospital_management_system--hospital_management_system | A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server. | 2024-01-10 | not yet calculated | CVE-2020-26629 cve@mitre.org |
hospital_management_system--hospital_management_system | A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin. | 2024-01-10 | not yet calculated | CVE-2020-26630 cve@mitre.org |
hozard -- alarmsysteem | A default engineer password set on the Hozard alarm system (Alarmsysteem) v1.0 allows an attacker to bring the alarm system to a disarmed state. | 2024-01-11 | not yet calculated | CVE-2023-50125 cve@mitre.org |
hozard -- alarmsysteem | Missing encryption in the RFID tags of the Hozard alarm system (Alarmsysteem) v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state. | 2024-01-11 | not yet calculated | CVE-2023-50126 cve@mitre.org |
hozard -- alarmsysteem | Hozard alarm system (Alarmsysteem) v1.0 is vulnerable to Improper Authentication. Commands sent via the SMS functionality are accepted from random phone numbers, which allows an attacker to bring the alarm system to a disarmed state from any given phone number. | 2024-01-11 | not yet calculated | CVE-2023-50127 cve@mitre.org |
hozard -- alarmsysteem | The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state. | 2024-01-11 | not yet calculated | CVE-2023-50128 cve@mitre.org cve@mitre.org |
hozard --alarmsystemen | The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. This could allow an attacker to perform a brute force on the SMS authentication, to bring the alarm system to a disarmed state. | 2024-01-11 | not yet calculated | CVE-2023-50123 cve@mitre.org |
jave2 -- ffmpeg | An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function. | 2024-01-12 | not yet calculated | CVE-2023-48909 cve@mitre.org cve@mitre.org |
jfinalcms -- jfinalcms | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. | 2024-01-12 | not yet calculated | CVE-2024-22492 cve@mitre.org |
jfinalcms -- jfinalcms | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. | 2024-01-12 | not yet calculated | CVE-2024-22493 cve@mitre.org |
jfinalcms -- jfinalcms | A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. | 2024-01-12 | not yet calculated | CVE-2024-22494 cve@mitre.org |
jfinalcms -- jfinalcms | Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the name field when creating a new custom table. | 2024-01-09 | not yet calculated | CVE-2023-50136 cve@mitre.org |
judging_management_system --oretnom23 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php. | 2024-01-12 | not yet calculated | CVE-2023-30014 cve@mitre.org |
judging_management_system --oretnom23 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php. | 2024-01-12 | not yet calculated | CVE-2023-30015 cve@mitre.org |
judging_management_system --oretnom23 | SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php. | 2024-01-12 | not yet calculated | CVE-2023-30016 cve@mitre.org |
karlomikus -- karlomikus_bar_assistant | Blind Server-Side Request Forgery (SSRF) vulnerability in karlomikus Bar Assistant before version 3.2.0 does not validate a parameter before making a request through Image::make(), which could allow authenticated remote attackers to execute arbitrary code. | 2024-01-10 | not yet calculated | CVE-2023-49471 cve@mitre.org |
kyocera_device -- kyocera_device_manager | Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a UNC path via the GUI is rejected due to the use of a \ (backslash) character, which is supposed to be disallowed in a pathname. Intercepting and modifying this request via a proxy, or sending the request directly to the application endpoint, allows UNC paths to be set for the backup location. Once such a location is set, Kyocera Device Manager attempts to confirm access and will try to authenticate to the UNC path; depending on the configuration of the environment, this may authenticate to the UNC with Windows NTLM hashes. This could allow NTLM credential relaying or cracking attacks. | 2024-01-10 | not yet calculated | CVE-2023-50916 cve@mitre.org cve@mitre.org cve@mitre.org |
libebml --libebml | In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows. | 2024-01-12 | not yet calculated | CVE-2023-52339 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
linux --kernel | An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition. | 2024-01-11 | not yet calculated | CVE-2023-51_ker780 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
linux --kernel | An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition. | 2024-01-11 | not yet calculated | CVE-2023-51781 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
linux --kernel | An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition. | 2024-01-11 | not yet calculated | CVE-2023-51782 cve@mitre.org cve@mitre.org cve@mitre.org cve@mitre.org |
linux --kernel | An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. | 2024-01-12 | not yet calculated | CVE-2022-48619 cve@mitre.org cve@mitre.org |
live555-- live555 | A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP. | 2024-01-12 | not yet calculated | CVE-2023-37117 cve@mitre.org cve@mitre.org |
mediawiki -- mediawiki | An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n). | 2024-01-12 | not yet calculated | CVE-2024-23171 cve@mitre.org cve@mitre.org |
mediawiki -- mediawiki | An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog. | 2024-01-12 | not yet calculated | CVE-2024-23172 cve@mitre.org cve@mitre.org |
mediawiki -- mediawiki | An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php. | 2024-01-12 | not yet calculated | CVE-2024-23173 cve@mitre.org cve@mitre.org |
mediawiki -- mediawiki | An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message. | 2024-01-12 | not yet calculated | CVE-2024-23174 cve@mitre.org cve@mitre.org |
mediawiki -- mediawiki | An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter. | 2024-01-12 | not yet calculated | CVE-2024-23177 cve@mitre.org cve@mitre.org |
mediawiki -- mediawiki | An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message. | 2024-01-12 | not yet calculated | CVE-2024-23178 cve@mitre.org cve@mitre.org |
mediawiki -- mediawiki | An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks. | 2024-01-12 | not yet calculated | CVE-2024-23179 cve@mitre.org cve@mitre.org |
mp4box --mp4box_gpac | MP4Box GPAC version 2.3-DEV-rev636-gfbd7e13aa-master was discovered to contain an infinite loop in the function av1_uvlc at media_tools/av_parsers.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | 2024-01-10 | not yet calculated | CVE-2023-50120 cve@mitre.org |
nikon -- exiftags | In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. | 2024-01-11 | not yet calculated | CVE-2023-50671 cve@mitre.org cve@mitre.org |
npm -- package@evershop/evershop | Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. | 2024-01-13 | not yet calculated | CVE-2023-46942 cve@mitre.org cve@mitre.org |
npm -- package@evershop/evershop | An issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application. | 2024-01-13 | not yet calculated | CVE-2023-46943 cve@mitre.org |
openkm -- openkm | A Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS. | 2024-01-13 | not yet calculated | CVE-2023-50072 cve@mitre.org |
openssl -- openssl | Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL for PowerPC CPUs restores the contents of vector registers in a different order than they are saved. Thus the contents of some of these vector registers are corrupted when returning to the caller. The vulnerable code is used only on newer PowerPC processors supporting the PowerISA 2.07 instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However unless the compiler uses the vector registers for storing pointers, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3. If this cipher is enabled on the server a malicious client can influence whether this AEAD cipher is used. This implies that TLS server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. | 2024-01-09 | not yet calculated | CVE-2023-6129 openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org openssl-security@openssl.org |
parsexlsx_for_perl --parsexlsx_for_perl | The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells. | 2024-01-09 | not yet calculated | CVE-2024-22368 cve@mitre.org cve@mitre.org cve@mitre.org |
phpgurukul_art_gallery_management_system -- phpgurukul_art_gallery_management_system | In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. | 2024-01-12 | not yet calculated | CVE-2023-51978 cve@mitre.org |
piwigo -- piwigo | Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. | 2024-01-12 | not yet calculated | CVE-2023-51790 cve@mitre.org cve@mitre.org |
pmb -- pmb | File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. | 2024-01-11 | not yet calculated | CVE-2023-46474 cve@mitre.org cve@mitre.org |
publiccms -- publiccms | PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing. | 2024-01-10 | not yet calculated | CVE-2023-51252 cve@mitre.org |
qstar -- archive_solutions | An unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command. | 2024-01-13 | not yet calculated | CVE-2023-51062 cve@mitre.org |
qstar -- archive_solutions | QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level. | 2024-01-13 | not yet calculated | CVE-2023-51063 cve@mitre.org |
qstar -- archive_solutions | QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table. | 2024-01-13 | not yet calculated | CVE-2023-51064 cve@mitre.org |
qstar -- archive_solutions | Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server. | 2024-01-13 | not yet calculated | CVE-2023-51065 cve@mitre.org |
qstar -- archive_solutions | An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands. | 2024-01-13 | not yet calculated | CVE-2023-51066 cve@mitre.org |
qstar -- archive_solutions | An unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | 2024-01-13 | not yet calculated | CVE-2023-51067 cve@mitre.org |
qstar -- archive_solutions | An authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link. | 2024-01-13 | not yet calculated | CVE-2023-51068 cve@mitre.org |
qstar -- archive_solutions | An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. | 2024-01-13 | not yet calculated | CVE-2023-51070 cve@mitre.org |
qstar -- archive_solutions | An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link. | 2024-01-13 | not yet calculated | CVE-2023-51071 cve@mitre.org |
relax-and-recover -- relax-and-recover | Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. | 2024-01-12 | not yet calculated | CVE-2024-23301 cve@mitre.org cve@mitre.org |
rymcu_forest | An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file. | 2024-01-13 | not yet calculated | CVE-2023-51804 cve@mitre.org |
scada -- lts | An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function. | 2024-01-13 | not yet calculated | CVE-2023-33472 cve@mitre.org |
scalefusion -- edge | ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. | 2024-01-11 | not yet calculated | CVE-2023-51748 cve@mitre.org cve@mitre.org |
scalefusion -- edge | ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. | 2024-01-11 | not yet calculated | CVE-2023-51749 cve@mitre.org cve@mitre.org |
scalefusion -- edge | ScaleFusion 10.5.2 does not properly limit users to the Edge application because file downloads can occur. | 2024-01-11 | not yet calculated | CVE-2023-51750 cve@mitre.org cve@mitre.org |
scalefusion -- edge | ScaleFusion 10.5.2 does not properly limit users to the Edge application because Alt-F4 can be used. | 2024-01-11 | not yet calculated | CVE-2023-51751 cve@mitre.org cve@mitre.org |
semcms -- semcms | SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. | 2024-01-10 | not yet calculated | CVE-2023-48864 cve@mitre.org |
sfwtools -- swftools | SWFTools 0.9.2 772e55a allows attackers to trigger a large memory-allocation attempt via a crafted document, as demonstrated by pdf2swf. This occurs in png_read_chunk in lib/png.c. | 2024-01-11 | not yet calculated | CVE-2023-37644 cve@mitre.org |
tduck-platform --tduck-platform | SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file. | 2024-01-13 | not yet calculated | CVE-2023-51805 cve@mitre.org |
tecnick -- tcexam | When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers. | 2024-01-11 | not yet calculated | CVE-2023-6554 cvd@cert.pl cvd@cert.pl cvd@cert.pl |
totolink -- a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. | 2024-01-11 | not yet calculated | CVE-2024-22942 cve@mitre.org |
totolink -- a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. | 2024-01-11 | not yet calculated | CVE-2024-23057 cve@mitre.org |
totolink -- a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. | 2024-01-11 | not yet calculated | CVE-2024-23058 cve@mitre.org |
totolink -- a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. | 2024-01-11 | not yet calculated | CVE-2024-23059 cve@mitre.org |
totolink -- a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. | 2024-01-11 | not yet calculated | CVE-2024-23060 cve@mitre.org |
totolink -- a3300r | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. | 2024-01-11 | not yet calculated | CVE-2024-23061 cve@mitre.org |
totolink -- a3700r | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the NTPSyncWithHost function. | 2024-01-11 | not yet calculated | CVE-2023-52027 cve@mitre.org |
totolink -- a3700r | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setTracerouteCfg function. | 2024-01-11 | not yet calculated | CVE-2023-52028 cve@mitre.org |
totolink -- a3700r | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setDiagnosisCfg function. | 2024-01-11 | not yet calculated | CVE-2023-52029 cve@mitre.org |
totolink -- a3700r | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the setOpModeCfg function. | 2024-01-11 | not yet calculated | CVE-2023-52030 cve@mitre.org |
totolink -- a3700r | TOTOlink A3700R v9.1.2u.5822_B20200513 was discovered to contain a remote command execution (RCE) vulnerability via the UploadFirmwareFile function. | 2024-01-11 | not yet calculated | CVE-2023-52031 cve@mitre.org |
totolink -- ex1200t | TOTOlink EX1200T V4.1.2cu.5232_B20210713 was discovered to contain a remote command execution (RCE) vulnerability via the "main" function. | 2024-01-11 | not yet calculated | CVE-2023-52032 cve@mitre.org |
totolink -- ex1800t | TOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface | 2024-01-12 | not yet calculated | CVE-2023-52026 cve@mitre.org |
totolink -- totolink | Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | 2024-01-10 | not yet calculated | CVE-2022-46025 cve@mitre.org |
tp-link -- archer_ax3000 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120". | 2024-01-11 | not yet calculated | CVE-2024-21773 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
tp-link -- archer_ax3000 | Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", and Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115". | 2024-01-11 | not yet calculated | CVE-2024-21821 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
tp-link -- archer_ax3000 | Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120". | 2024-01-11 | not yet calculated | CVE-2024-21833 vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp vultures@jpcert.or.jp |
trendnet -- davinci | An issue was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Command injection can occur because the system function is used by davinci to unpack language packs without strict filtering of URL strings. | 2024-01-09 | not yet calculated | CVE-2023-49237 cve@mitre.org cve@mitre.org |
uev --epoll_wait | uev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number. | 2024-01-12 | not yet calculated | CVE-2022-48620 cve@mitre.org cve@mitre.org cve@mitre.org |
ujcms -- ujcms | A spoofing attack in ujcms v.8.0.2 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the X-Forwarded-For function in the header. | 2024-01-11 | not yet calculated | CVE-2023-51350 cve@mitre.org cve@mitre.org cve@mitre.org |
ujcms-- ujcms | File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. | 2024-01-12 | not yet calculated | CVE-2023-51806 cve@mitre.org cve@mitre.org cve@mitre.org |
verydows -- verydows | Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller | 2024-01-12 | not yet calculated | CVE-2023-51949 cve@mitre.org |
windows-- scalefusion | In ScaleFusion (Windows Desktop App) agent v10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. | 2024-01-11 | not yet calculated | CVE-2023-50159 cve@mitre.org cve@mitre.org |
wordpress -- wordpress | Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. | 2024-01-12 | not yet calculated | CVE-2024-22027 vultures@jpcert.or.jp vultures@jpcert.or.jp |
wuzhicms -- wuzhicms | Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php. | 2024-01-10 | not yet calculated | CVE-2023-52064 cve@mitre.org cve@mitre.org |
yzmcms --yzmcms | member/index/register.html in YzmCMS 6.5 through 7.0 allows XSS via the Referer HTTP header. | 2024-01-11 | not yet calculated | CVE-2023-52274 cve@mitre.org cve@mitre.org |
zentao --zentao | Zentao versions 4.1.3 and before has a URL redirect vulnerability, which prevents the system from functioning properly. | 2024-01-10 | not yet calculated | CVE-2023-49394 cve@mitre.org cve@mitre.org |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.