7-zip — 7-zip
|
7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive. |
2023-11-03 |
not yet calculated |
CVE-2023-31102
MISC
MISC
MISC |
| addify — addifyfreegifts |
SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component. |
2023-11-01 |
not yet calculated |
CVE-2023-44025
MISC |
artifex_software — jbig2dec
|
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. |
2023-10-31 |
not yet calculated |
CVE-2023-46361
MISC |
| asus — rt-ax55 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. |
2023-11-03 |
not yet calculated |
CVE-2023-41345
MISC |
| asus — rt-ax55 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. |
2023-11-03 |
not yet calculated |
CVE-2023-41346
MISC |
| asus — rt-ax55 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. |
2023-11-03 |
not yet calculated |
CVE-2023-41347
MISC |
| asus — rt-ax55 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. |
2023-11-03 |
not yet calculated |
CVE-2023-41348
MISC |
atera — agent_package_availability
|
The C:WindowsTempAgent.Package.AvailabilityAgent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:WindowsTempAgent.Package.Availability folder inherits permissions from C:WindowsTemp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges. |
2023-10-31 |
not yet calculated |
CVE-2023-37243
MISC |
atlassian — confluence_data_center
|
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. |
2023-10-31 |
not yet calculated |
CVE-2023-22518
MISC
MISC |
| authentik — authentik |
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the default admin user, which can also optionally set the default admin users’ password from an environment variable. When the user is deleted, the `initial-setup` flow used to configure authentik after the first installation becomes available again. authentik 2023.8.4 and 2023.10.2 fix this issue. As a workaround, ensure the default admin user (Username `akadmin`) exists and has a password set. It is recommended to use a very strong password for this user and store it in a secure location like a password manager. It is also possible to deactivate the user to prevent any logins as akadmin. |
2023-10-31 |
not yet calculated |
CVE-2023-46249
MISC
MISC
MISC
MISC
MISC |
avahi — avahi
|
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. |
2023-11-02 |
not yet calculated |
CVE-2023-38469
MISC
MISC |
avahi — avahi
|
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function. |
2023-11-02 |
not yet calculated |
CVE-2023-38470
MISC
MISC |
avahi — avahi
|
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function. |
2023-11-02 |
not yet calculated |
CVE-2023-38471
MISC
MISC |
avahi — avahi
|
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function. |
2023-11-02 |
not yet calculated |
CVE-2023-38472
MISC
MISC |
avahi — avahi
|
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function. |
2023-11-02 |
not yet calculated |
CVE-2023-38473
MISC
MISC |
basercms — basercms
|
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue. |
2023-10-30 |
not yet calculated |
CVE-2023-43647
MISC
MISC
MISC |
basercms — basercms
|
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue. |
2023-10-30 |
not yet calculated |
CVE-2023-43648
MISC
MISC
MISC |
basercms — basercms
|
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue. |
2023-10-30 |
not yet calculated |
CVE-2023-43649
MISC
MISC
MISC |
basercms — basercms
|
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available. |
2023-10-30 |
not yet calculated |
CVE-2023-43792
MISC
MISC |
| beijing_yunfan_internet_technology_co.,_ltd — yunfan_learning_examination_system |
An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function. |
2023-11-04 |
not yet calculated |
CVE-2023-46963
MISC |
best_courier_management_system — best_courier_management_system
|
Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. |
2023-10-31 |
not yet calculated |
CVE-2023-46451
MISC
MISC |
| best_courier_management_system — best_courier_management_system |
An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. |
2023-11-03 |
not yet calculated |
CVE-2023-46980
MISC
MISC |
best_practical_solutions_llc. — request_tracker
|
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. |
2023-11-03 |
not yet calculated |
CVE-2023-45024
MISC
CONFIRM |
best_practical_solutions_llc. — request_tracker
|
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. |
2023-11-03 |
not yet calculated |
CVE-2023-41259
MISC
CONFIRM
CONFIRM |
best_practical_solutions_llc. — request_tracker
|
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. |
2023-11-03 |
not yet calculated |
CVE-2023-41260
MISC
CONFIRM
CONFIRM |
bigbluebutton — bigbluebutton
|
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds. |
2023-10-30 |
not yet calculated |
CVE-2023-42803
MISC
MISC |
bigbluebutton — bigbluebutton
|
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds. |
2023-10-30 |
not yet calculated |
CVE-2023-42804
MISC
MISC |
bigbluebutton — bigbluebutton
|
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds. |
2023-10-30 |
not yet calculated |
CVE-2023-43797
MISC
MISC
MISC |
bigbluebutton — bigbluebutton
|
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton. |
2023-10-30 |
not yet calculated |
CVE-2023-43798
MISC
MISC
MISC
MISC |
bigtree_cms — bigtree_cms
|
Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. |
2023-11-01 |
not yet calculated |
CVE-2023-44954
MISC
MISC |
bitrix24 — bitrix24
|
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted “.htaccess” file. |
2023-11-01 |
not yet calculated |
CVE-2023-1713
MISC |
bitrix24 — bitrix24
|
Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization. |
2023-11-01 |
not yet calculated |
CVE-2023-1714
MISC |
bitrix24 — bitrix24
|
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitization via placing HTML tags at the beginning of the payload. |
2023-11-01 |
not yet calculated |
CVE-2023-1715
MISC |
bitrix24 — bitrix24
|
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege. |
2023-11-01 |
not yet calculated |
CVE-2023-1716
MISC |
bitrix24 — bitrix24
|
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`. |
2023-11-01 |
not yet calculated |
CVE-2023-1717
MISC |
bitrix24 — bitrix24
|
Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted “tmp_url”. |
2023-11-01 |
not yet calculated |
CVE-2023-1718
MISC |
bitrix24 — bitrix24
|
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialized variables. |
2023-11-01 |
not yet calculated |
CVE-2023-1719
MISC |
bitrix24 — bitrix24
|
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile. |
2023-11-01 |
not yet calculated |
CVE-2023-1720
MISC |
| bluespice — bluespiceavatars |
Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context. |
2023-10-30 |
not yet calculated |
CVE-2023-42431
MISC |
| bon_presta — boninstagramcarousel |
Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call. |
2023-11-03 |
not yet calculated |
CVE-2023-43982
MISC |
boomerang_parental_control — boomerang_parental_control
|
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup=”false” attribute in the manifest. This allows the user to back up the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API. |
2023-11-03 |
not yet calculated |
CVE-2023-36620
MISC
MISC
MISC |
boomerang_parental_control — boomerang_parental_control
|
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing. |
2023-11-03 |
not yet calculated |
CVE-2023-36621
MISC
MISC
MISC |
botan — botan
|
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password. |
2023-11-03 |
not yet calculated |
CVE-2017-7252
CONFIRM
MISC |
campcodes — simple_student_information_system
|
A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323. |
2023-11-02 |
not yet calculated |
CVE-2023-5923
MISC
MISC
MISC |
campcodes — simple_student_information_system
|
A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324. |
2023-11-02 |
not yet calculated |
CVE-2023-5924
MISC
MISC
MISC |
campcodes — simple_student_information_system
|
A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244325 was assigned to this vulnerability. |
2023-11-02 |
not yet calculated |
CVE-2023-5925
MISC
MISC
MISC |
campcodes — simple_student_information_system
|
A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-244326 is the identifier assigned to this vulnerability. |
2023-11-02 |
not yet calculated |
CVE-2023-5926
MISC
MISC
MISC |
campcodes — simple_student_information_system
|
A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327. |
2023-11-02 |
not yet calculated |
CVE-2023-5927
MISC
MISC
MISC |
campcodes — simple_student_information_system
|
A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244328. |
2023-11-02 |
not yet calculated |
CVE-2023-5928
MISC
MISC
MISC |
campcodes — simple_student_information_system
|
A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/students/manage_academic.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244329 was assigned to this vulnerability. |
2023-11-02 |
not yet calculated |
CVE-2023-5929
MISC
MISC
MISC |
campcodes — simple_student_information_system
|
A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-244330 is the identifier assigned to this vulnerability. |
2023-11-02 |
not yet calculated |
CVE-2023-5930
MISC
MISC
MISC |
| chef_automate –chef_automate |
Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. |
2023-10-31 |
not yet calculated |
CVE-2023-40050
MISC
MISC
MISC |
| chef_inspec — chef_inspec |
Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. |
2023-10-31 |
not yet calculated |
CVE-2023-42658
MISC
MISC
MISC |
| chinghwa_telecom — nokia |
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. |
2023-11-03 |
not yet calculated |
CVE-2023-41350
MISC |
| chunghwa_telecom — nokia |
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service. |
2023-11-03 |
not yet calculated |
CVE-2023-41351
MISC |
| chunghwa_telecom — nokia |
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. |
2023-11-03 |
not yet calculated |
CVE-2023-41352
MISC |
| chunghwa_telecom — nokia |
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service. |
2023-11-03 |
not yet calculated |
CVE-2023-41353
MISC |
| chunghwa_telecom — nokia |
Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor. |
2023-11-03 |
not yet calculated |
CVE-2023-41354
MISC |
| chunghwa_telecom — nokia |
Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. |
2023-11-03 |
not yet calculated |
CVE-2023-41355
MISC |
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
|
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition. |
2023-11-01 |
not yet calculated |
CVE-2023-20042
MISC |
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
|
A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6 messages. An attacker could exploit this vulnerability by sending crafted ICMPv6 messages to a targeted Cisco ASA or FTD system with IPv6 enabled. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. |
2023-11-01 |
not yet calculated |
CVE-2023-20086
MISC |
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
|
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of HTTPS requests. An attacker could exploit this vulnerability by sending crafted HTTPS requests to an affected system. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a DoS condition. |
2023-11-01 |
not yet calculated |
CVE-2023-20095
MISC |
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
|
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that should be protected. |
2023-11-01 |
not yet calculated |
CVE-2023-20245
MISC |
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
|
A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile. |
2023-11-01 |
not yet calculated |
CVE-2023-20247
MISC |
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
|
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected. |
2023-11-01 |
not yet calculated |
CVE-2023-20256
MISC |
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
|
A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network. |
2023-11-01 |
not yet calculated |
CVE-2023-20264
MISC |
cisco — cisco_firepower_management_center
|
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. |
2023-11-01 |
not yet calculated |
CVE-2023-20005
MISC |
cisco — cisco_firepower_management_center
|
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. |
2023-11-01 |
not yet calculated |
CVE-2023-20041
MISC |
cisco — cisco_firepower_management_center
|
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software. |
2023-11-01 |
not yet calculated |
CVE-2023-20048
MISC |
cisco — cisco_firepower_management_center
|
A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessing the expert mode of an affected device and submitting specific commands to a connected system. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device. Alternatively, a successful exploit could allow the attacker to execute arbitrary code in the context of an FTD device if the attacker has administrative privileges on an associated FMC device. |
2023-11-01 |
not yet calculated |
CVE-2023-20063
MISC |
cisco — cisco_firepower_management_center
|
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. |
2023-11-01 |
not yet calculated |
CVE-2023-20074
MISC |
cisco — cisco_firepower_management_center
|
A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from the affected system. |
2023-11-01 |
not yet calculated |
CVE-2023-20114
MISC |
cisco — cisco_firepower_management_center
|
A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered. |
2023-11-01 |
not yet calculated |
CVE-2023-20155
MISC |
cisco — cisco_firepower_management_center
|
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard. |
2023-11-01 |
not yet calculated |
CVE-2023-20206
MISC |
cisco — cisco_firepower_management_center
|
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device. |
2023-11-01 |
not yet calculated |
CVE-2023-20219
MISC |
cisco — cisco_firepower_management_center
|
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device. |
2023-11-01 |
not yet calculated |
CVE-2023-20220
MISC |
cisco — cisco_firepower_threat_defense_software
|
A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required. |
2023-11-01 |
not yet calculated |
CVE-2023-20031
MISC |
cisco — cisco_firepower_threat_defense_software
|
A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required. |
2023-11-01 |
not yet calculated |
CVE-2023-20070
MISC |
cisco — cisco_firepower_threat_defense_software
|
A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this vulnerability. This vulnerability is due to improper error checking when parsing fields within the ICMPv6 header. An attacker could exploit this vulnerability by sending a crafted ICMPv6 packet through an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition. Note: To recover from the DoS condition, the Snort 2 Detection Engine or the Cisco FTD device may need to be restarted. |
2023-11-01 |
not yet calculated |
CVE-2023-20083
MISC |
cisco — cisco_firepower_threat_defense_software
|
A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required. |
2023-11-01 |
not yet calculated |
CVE-2023-20177
MISC |
cisco — cisco_firepower_threat_defense_software
|
A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state. |
2023-11-01 |
not yet calculated |
CVE-2023-20244
MISC |
cisco — cisco_firepower_threat_defense_software
|
A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions. |
2023-11-01 |
not yet calculated |
CVE-2023-20267
MISC |
cisco — cisco_firepower_threat_defense_software
|
A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition. |
2023-11-01 |
not yet calculated |
CVE-2023-20270
MISC |
cisco — cisco_identity_services_engine_software
|
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. |
2023-11-01 |
not yet calculated |
CVE-2023-20170
MISC |
cisco — cisco_identity_services_engine_software
|
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. |
2023-11-01 |
not yet calculated |
CVE-2023-20175
MISC |
cisco — cisco_identity_services_engine_software
|
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. |
2023-11-01 |
not yet calculated |
CVE-2023-20195
MISC |
cisco — cisco_identity_services_engine_software
|
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. |
2023-11-01 |
not yet calculated |
CVE-2023-20196
MISC |
cisco — cisco_identity_services_engine_software
|
A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this vulnerability by sending crafted CDP traffic to the device. A successful exploit could cause the CDP process to crash, impacting neighbor discovery and the ability of Cisco ISE to determine the reachability of remote devices. After a crash, the CDP process must be manually restarted using the cdp enable command in interface configuration mode. |
2023-11-01 |
not yet calculated |
CVE-2023-20213
MISC |
cisco — cisco_meeting_server
|
A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge. |
2023-11-01 |
not yet calculated |
CVE-2023-20255
MISC |
cisco — multiple_products
|
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload. |
2023-11-01 |
not yet calculated |
CVE-2023-20071
MISC |
cisco — multiple_products
|
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system. |
2023-11-01 |
not yet calculated |
CVE-2023-20246
MISC |
| click_studios_pty_ltd — passwordstate |
Cross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request. |
2023-10-31 |
not yet calculated |
CVE-2023-43295
MISC |
| cloudexplorer_lite — cloudexplorer_lite |
CloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with `matching/API/`, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue. |
2023-10-30 |
not yet calculated |
CVE-2023-44397
MISC |
| codeigniter — codeigniter |
CodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set(‘display_errors’, ‘0’)` with `ini_set(‘display_errors’, ‘Off’)` in `app/Config/Boot/production.php`. |
2023-10-31 |
not yet calculated |
CVE-2023-46240
MISC
MISC
MISC |
| crater — crater |
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. |
2023-10-30 |
not yet calculated |
CVE-2023-46865
MISC
MISC |
| cybozu– remote_service |
Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication. |
2023-11-01 |
not yet calculated |
CVE-2023-46278
MISC
MISC |
| daiky-value.fukuten — daiky-value.fukuten |
An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
2023-11-02 |
not yet calculated |
CVE-2023-39050
MISC
MISC |
| dell — powerscale_onefs |
Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition. |
2023-11-02 |
not yet calculated |
CVE-2023-43076
MISC |
| dell — powerscale_onefs |
Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure. |
2023-11-02 |
not yet calculated |
CVE-2023-43087
MISC |
| demonisblack –demon_image_annotation |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Demonisblack demon image annotation allows SQL Injection. This issue affects demon image annotation: from n/a through 5.1. |
2023-11-04 |
not yet calculated |
CVE-2023-40215
MISC |
devolutions — devolutions_server
|
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters. |
2023-11-01 |
not yet calculated |
CVE-2023-5358
MISC |
devolutions — remote_desktop_manager
|
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching. |
2023-11-01 |
not yet calculated |
CVE-2023-5765
MISC |
devolutions — remote_desktop_manager
|
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet. |
2023-11-01 |
not yet calculated |
CVE-2023-5766
MISC |
django — django
|
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. |
2023-11-03 |
not yet calculated |
CVE-2023-41164
CONFIRM
MISC
MISC
FEDORA |
django — django
|
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. |
2023-11-03 |
not yet calculated |
CVE-2023-43665
CONFIRM
MISC
MISC
FEDORA |
django — django
|
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. |
2023-11-02 |
not yet calculated |
CVE-2023-46695
MISC
MISC
CONFIRM |
| dm_service — dm_service |
In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42644
MISC |
| dm_service — dm_service |
In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42654
MISC |
| dmpop_mejiro_commit — dmpop_mejiro_commit |
Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images. |
2023-11-01 |
not yet calculated |
CVE-2023-46448
MISC
MISC |
dolibarr — dolibarr
|
Cross-site Scripting (XSS) – Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. |
2023-10-30 |
not yet calculated |
CVE-2023-5842
MISC
MISC |
| dolibarr — erp_crm |
Improper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code. |
2023-11-01 |
not yet calculated |
CVE-2023-4197
MISC
MISC |
| dolibarr — erp_crm |
Improper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data |
2023-11-01 |
not yet calculated |
CVE-2023-4198
MISC
MISC |
| douhaocms — douhaocms |
Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file. |
2023-10-30 |
not yet calculated |
CVE-2023-42323
MISC |
dromara — lamp-cloud
|
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token. |
2023-11-02 |
not yet calculated |
CVE-2023-31579
MISC
MISC |
eclipse_foundation — glassfish
|
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners. |
2023-11-03 |
not yet calculated |
CVE-2023-5763
MISC
MISC |
eclipse_foundation — parsson
|
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. |
2023-11-03 |
not yet calculated |
CVE-2023-4043
MISC
MISC |
elenos — etg150_fm_transmitter
|
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted. |
2023-10-31 |
not yet calculated |
CVE-2023-37831
MISC |
elenos — etg150_fm_transmitter
|
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. |
2023-10-31 |
not yet calculated |
CVE-2023-37832
MISC |
elenos — etg150_fm_transmitter
|
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users. |
2023-10-31 |
not yet calculated |
CVE-2023-37833
MISC |
elenos — etg150_fm_transmitter
|
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out. |
2023-10-31 |
not yet calculated |
CVE-2023-39695
MISC |
| engineermode — engineermode |
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42648
MISC |
| engineermode — engineermode |
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42649
MISC |
| engineermode — engineermode |
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42650
MISC |
| engineermode — engineermode |
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42651
MISC |
| engineermode — engineermode |
In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42652
MISC |
| exfatprogs — exfatprogs |
exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. |
2023-10-28 |
not yet calculated |
CVE-2023-45897
MISC
MISC
MISC
MISC
MISC |
| faceid_service — faceid_service |
In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges |
2023-11-01 |
not yet calculated |
CVE-2023-42653
MISC |
| fireflow — fireflow |
Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. |
2023-11-02 |
not yet calculated |
CVE-2023-46595
MISC |
| flyte — flyteadmin |
FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue. |
2023-10-30 |
not yet calculated |
CVE-2023-41891
MISC
MISC
MISC |
fog — fog
|
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard. |
2023-10-31 |
not yet calculated |
CVE-2023-46235
MISC
MISC |
fog — fog
|
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch. |
2023-10-31 |
not yet calculated |
CVE-2023-46236
MISC
MISC |
fog — fog
|
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue. |
2023-10-31 |
not yet calculated |
CVE-2023-46237
MISC
MISC |
| foodcoopshop — foodcoopshop |
FoodCoopShop is open source software for food coops and local shops. Versions prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability. |
2023-11-02 |
not yet calculated |
CVE-2023-46725
MISC
MISC
MISC
MISC |
franfinance — franfinance
|
An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components. |
2023-10-31 |
not yet calculated |
CVE-2023-43139
MISC |
franklin_fueling_system — ts-550
|
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device. |
2023-11-02 |
not yet calculated |
CVE-2023-5846
MISC |
| frigate — frigate |
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via “drive-by” attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user’s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could be exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user’s Frigate instance; attacker crafts a specialized page which links to the user’s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch. |
2023-10-30 |
not yet calculated |
CVE-2023-45670
MISC
MISC
MISC
MISC
MISC |
| frigate — frigate |
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user’s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could be exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user’s Frigate instance; attacker crafts a specialized page which links to the user’s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue. |
2023-10-30 |
not yet calculated |
CVE-2023-45671
MISC |
| frigate — frigate |
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user’s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could be exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user’s Frigate instance; attacker crafts a specialized page which links to the user’s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch. |
2023-10-30 |
not yet calculated |
CVE-2023-45672
MISC
MISC
MISC
MISC |
| frrouting_frr — frrouting_frr |
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). |
2023-11-03 |
not yet calculated |
CVE-2023-47234
MISC |
| frrouting_frr — frrouting_frr |
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. |
2023-11-03 |
not yet calculated |
CVE-2023-47235
MISC |
fujifilm_business_inovation_corp. — apeos_c3070_asia_pacific_model
|
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. |
2023-11-02 |
not yet calculated |
CVE-2023-46327
MISC
MISC
MISC |
| galaxy_software_services_corporation — vitals_esp |
Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service. |
2023-11-03 |
not yet calculated |
CVE-2023-41357
MISC |
gawk — gawk
|
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. |
2023-11-02 |
not yet calculated |
CVE-2023-3164
MISC
MISC |
getsimplecms — getsimplecms
|
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the components.php function. |
2023-10-31 |
not yet calculated |
CVE-2023-46040
MISC |
| glpi — glpi |
GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP files can then be executed through a web server request. Version 10.0.10 fixes this issue. As a workaround, remove write access on `/ajax` and `/front` files to the web server. |
2023-11-02 |
not yet calculated |
CVE-2023-42802
MISC
MISC |
| gnss_service — gnss_service |
In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42750
MISC |
| google — android |
In Bluetooth, there is a possible way for a paired Bluetooth device to access a long-term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21307
MISC |
| google — android |
In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-40101
MISC |
| google — android |
KernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps. |
2023-10-31 |
not yet calculated |
CVE-2023-46139
MISC
MISC
MISC
MISC
MISC
MISC
MISC |
google — android
|
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2022-20264
MISC |
google — android
|
In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21293
MISC |
google — android
|
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21295
MISC |
google — android
|
In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21296
MISC |
google — android
|
In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21297
MISC |
google — android
|
In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21298
MISC |
google — android
|
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21299
MISC |
google — android
|
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21300
MISC |
google — android
|
In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21301
MISC |
google — android
|
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21302
MISC |
google — android
|
In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21303
MISC |
google — android
|
In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21304
MISC |
google — android
|
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21305
MISC |
google — android
|
In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21306
MISC |
google — android
|
In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21308
MISC |
google — android
|
In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21309
MISC |
google — android
|
In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21310
MISC |
google — android
|
In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21311
MISC |
google — android
|
In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21312
MISC |
google — android
|
In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21313
MISC |
google — android
|
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21314
MISC |
google — android
|
In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21315
MISC |
google — android
|
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21316
MISC |
google — android
|
In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21317
MISC |
google — android
|
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21318
MISC |
google — android
|
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21319
MISC |
google — android
|
In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21320
MISC |
google — android
|
In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21321
MISC |
google — android
|
In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21323
MISC |
google — android
|
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21324
MISC |
google — android
|
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21325
MISC |
google — android
|
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21326
MISC |
google — android
|
In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21327
MISC |
google — android
|
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21328
MISC |
google — android
|
In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21329
MISC |
google — android
|
In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21330
MISC |
google — android
|
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21331
MISC |
google — android
|
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21332
MISC |
google — android
|
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21333
MISC |
google — android
|
In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21334
MISC |
google — android
|
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21335
MISC |
google — android
|
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21336
MISC |
google — android
|
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21337
MISC |
google — android
|
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21338
MISC |
google — android
|
In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21339
MISC |
google — android
|
In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21340
MISC |
google — android
|
In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21341
MISC |
google — android
|
In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21342
MISC |
google — android
|
In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21343
MISC |
google — android
|
In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21344
MISC |
google — android
|
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21387
MISC |
google — android
|
In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21388
MISC |
google — android
|
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21389
MISC |
google — android
|
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21390
MISC |
google — android
|
In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21391
MISC |
google — android
|
In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21392
MISC |
google — android
|
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21393
MISC |
google — android
|
In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21396
MISC |
google — android
|
In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21397
MISC |
google — android
|
In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-21398
MISC |
google — chrome
|
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) |
2023-11-01 |
not yet calculated |
CVE-2023-5480
MISC
MISC
MISC |
google — chrome
|
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
2023-11-01 |
not yet calculated |
CVE-2023-5482
MISC
MISC
MISC |
google — chrome
|
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
2023-11-01 |
not yet calculated |
CVE-2023-5849
MISC
MISC
MISC |
google — chrome
|
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) |
2023-11-01 |
not yet calculated |
CVE-2023-5850
MISC
MISC
MISC |
google — chrome
|
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) |
2023-11-01 |
not yet calculated |
CVE-2023-5851
MISC
MISC
MISC |
google — chrome
|
Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) |
2023-11-01 |
not yet calculated |
CVE-2023-5852
MISC
MISC
MISC |
google — chrome
|
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) |
2023-11-01 |
not yet calculated |
CVE-2023-5853
MISC
MISC
MISC |
google — chrome
|
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) |
2023-11-01 |
not yet calculated |
CVE-2023-5854
MISC
MISC
MISC |
google — chrome
|
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) |
2023-11-01 |
not yet calculated |
CVE-2023-5855
MISC
MISC
MISC |
google — chrome
|
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
2023-11-01 |
not yet calculated |
CVE-2023-5856
MISC
MISC
MISC |
google — chrome
|
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) |
2023-11-01 |
not yet calculated |
CVE-2023-5857
MISC
MISC
MISC |
google — chrome
|
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) |
2023-11-01 |
not yet calculated |
CVE-2023-5858
MISC
MISC
MISC |
google — chrome
|
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) |
2023-11-01 |
not yet calculated |
CVE-2023-5859
MISC
MISC
MISC |
| govee — led_strip |
An issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands. |
2023-10-30 |
not yet calculated |
CVE-2023-45956
MISC |
gpac — gpac
|
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box. |
2023-11-01 |
not yet calculated |
CVE-2023-46927
MISC
MISC |
gpac — gpac
|
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42. |
2023-11-01 |
not yet calculated |
CVE-2023-46928
MISC
MISC |
gpac — gpac
|
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14. |
2023-11-01 |
not yet calculated |
CVE-2023-46930
MISC
MISC |
gpac — gpac
|
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box. |
2023-11-01 |
not yet calculated |
CVE-2023-46931
MISC
MISC |
groundhogg_inc. — groundhogg
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11. |
2023-11-03 |
not yet calculated |
CVE-2023-34179
MISC |
| gyouza-newhushimi — gyouza-newhushimi |
An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
2023-11-02 |
not yet calculated |
CVE-2023-39042
MISC
MISC |
| hadsky — hadsky |
An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. |
2023-11-01 |
not yet calculated |
CVE-2023-46428
MISC |
| hattoriya — hattoriya |
An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
2023-11-02 |
not yet calculated |
CVE-2023-39053
MISC
MISC |
| hirochankakiwaiting — hirochankakiwaiting |
An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
2023-11-02 |
not yet calculated |
CVE-2023-39057
MISC
MISC |
| hitachi_energy — esoms |
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications. |
2023-11-01 |
not yet calculated |
CVE-2023-5515
MISC |
| hitachi_energy — esoms |
Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. |
2023-11-01 |
not yet calculated |
CVE-2023-5516
MISC |
hitachi_energy — mach_system_software
|
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can exploit this vulnerability by uploading a crafted ZIP archive via the network to McFeeder’s service endpoint. |
2023-11-01 |
not yet calculated |
CVE-2023-2621
MISC |
hitachi_energy — mach_system_software
|
Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read. |
2023-11-01 |
not yet calculated |
CVE-2023-2622
MISC |
| hitachi_energy — esoms_report_generation |
The response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure. |
2023-11-01 |
not yet calculated |
CVE-2023-5514
MISC |
hp_inc. — hp_pc_hardware_diagnostics_windows
|
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. |
2023-10-31 |
not yet calculated |
CVE-2023-5739
MISC |
ibm — content_navigator
|
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. |
2023-11-03 |
not yet calculated |
CVE-2023-35896
MISC
MISC |
ibm — i
|
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116. |
2023-10-29 |
not yet calculated |
CVE-2023-40685
MISC
MISC |
| ibm — mq_appliance |
IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. |
2023-11-03 |
not yet calculated |
CVE-2023-46176
MISC
MISC |
| ibm — multiple_products |
IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. |
2023-11-03 |
not yet calculated |
CVE-2023-43018
MISC
MISC |
| ibm — robotic_process_automation |
A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. |
2023-11-03 |
not yet calculated |
CVE-2023-45189
MISC
MISC |
| ibm — multiple_products |
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. |
2023-11-03 |
not yet calculated |
CVE-2023-42027
MISC
MISC
MISC |
| ibm — multiple_products |
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. |
2023-11-03 |
not yet calculated |
CVE-2023-42029
MISC
MISC
MISC |
| idnovate_superuser — idnovate_superuser |
An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call. |
2023-10-31 |
not yet calculated |
CVE-2023-45899
MISC |
| ifaa_service — ifaa_service |
In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42646
MISC |
| ifaa_service — ifaa_service |
In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42647
MISC |
| inkdrop — inkdrop |
Inkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file. |
2023-10-30 |
not yet calculated |
CVE-2023-44141
MISC
MISC
MISC |
| insights-client — insights-client |
A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide). |
2023-11-01 |
not yet calculated |
CVE-2023-3972
MISC
MISC
MISC
MISC
MISC
MISC
MISC |
| insyde — insydeh2o |
A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. |
2023-11-01 |
not yet calculated |
CVE-2023-39281
MISC
MISC |
| insyde –insydeh2o |
An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation. |
2023-11-02 |
not yet calculated |
CVE-2023-39283
MISC
MISC |
insyde — insydeh20
|
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler. |
2023-11-02 |
not yet calculated |
CVE-2023-39284
MISC
MISC |
inure — inure
|
Missing Authorization in GitHub repository hamza417/inure prior to Build95. |
2023-10-31 |
not yet calculated |
CVE-2023-5862
MISC
MISC |
ivanti — automation
|
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. |
2023-11-03 |
not yet calculated |
CVE-2022-44569
MISC |
| ivanti — avalance |
Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability |
2023-11-03 |
not yet calculated |
CVE-2023-41725
MISC |
ivanti — avalanche
|
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability |
2023-11-03 |
not yet calculated |
CVE-2022-43554
MISC |
ivanti — avalanche
|
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability |
2023-11-03 |
not yet calculated |
CVE-2022-43555
MISC |
| ivanti –avalance |
Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability |
2023-11-03 |
not yet calculated |
CVE-2023-41726
MISC |
jhipster — jhipster
|
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters. |
2023-10-31 |
not yet calculated |
CVE-2015-20110
MISC
MISC
MISC
MISC |
| jspxcms — jspxcms |
There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend. |
2023-11-01 |
not yet calculated |
CVE-2023-46911
MISC |
jumpserver — jumpserver
|
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is registered in the future, it may affect the password reset functionality. This issue has been patched in version 3.8.0 by changing the default email domain to `example.com`. Those who cannot upgrade may change the default email domain to `example.com` manually. |
2023-10-31 |
not yet calculated |
CVE-2023-46138
MISC
MISC |
kerawen — kerawen
|
kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). |
2023-11-04 |
not yet calculated |
CVE-2023-40922
MISC |
| kimai — kimai |
Kimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software’s PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available. |
2023-10-31 |
not yet calculated |
CVE-2023-46245
MISC |
kubernetes — csi-proxy
|
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy. |
2023-11-03 |
not yet calculated |
CVE-2023-3893
MISC
MISC |
kubernetes — kube-apiserver
|
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client’s API server credentials to third parties. |
2023-11-03 |
not yet calculated |
CVE-2022-3172
MISC
MISC |
kubernetes — kubelet
|
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. |
2023-10-31 |
not yet calculated |
CVE-2023-3676
MISC
MISC |
kubernetes — kubelet
|
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes. |
2023-10-31 |
not yet calculated |
CVE-2023-3955
MISC
MISC |
kubernetes — kubernetes
|
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected. |
2023-10-30 |
not yet calculated |
CVE-2021-25736
MISC
MISC |
kyocera — taskalfa
|
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575. |
2023-11-03 |
not yet calculated |
CVE-2023-34259
MISC
MISC |
kyocera — taskalfa
|
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory. |
2023-11-03 |
not yet calculated |
CVE-2023-34260
MISC
MISC |
kyocera — taskalfa
|
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a “nicht einloggen” error rather than a falsch error. |
2023-11-03 |
not yet calculated |
CVE-2023-34261
MISC
MISC |
learndash — learndash_lms
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LearnDash LearnDash LMS allows SQL Injection. This issue affects LearnDash LMS: from n/a through 4.5.3. |
2023-10-31 |
not yet calculated |
CVE-2023-28777
MISC |
lenovo — thinkpad_bios
|
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code. |
2023-10-30 |
not yet calculated |
CVE-2022-4574
MISC |
lenovo — thinkpad_bios
|
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot. |
2023-10-30 |
not yet calculated |
CVE-2022-4575
MISC |
line_corporation — line_for_android
|
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. |
2023-10-31 |
not yet calculated |
CVE-2015-0897
MISC
MISC |
line_corporation — line_for_android
|
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. |
2023-10-31 |
not yet calculated |
CVE-2015-2968
MISC
MISC |
linux — kernel
|
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service. |
2023-11-01 |
not yet calculated |
CVE-2023-1192
MISC
MISC
MISC |
linux — kernel
|
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. |
2023-11-03 |
not yet calculated |
CVE-2023-1476
MISC
MISC
MISC
MISC |
linux — kernel
|
A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information. |
2023-11-01 |
not yet calculated |
CVE-2023-3397
MISC
MISC
MISC |
linux — kernel
|
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur. |
2023-10-29 |
not yet calculated |
CVE-2023-46862
MISC
MISC |
linux — kernel
|
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this “could be exploited in a real-world scenario.” This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. |
2023-11-03 |
not yet calculated |
CVE-2023-47233
MISC
MISC
MISC |
linux — kernel
|
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges. |
2023-11-01 |
not yet calculated |
CVE-2023-5178
MISC
MISC
MISC |
| liquidfiles — liquidfiles |
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization. |
2023-10-30 |
not yet calculated |
CVE-2023-4393
MISC |
| lissy93_dashy — lissy93_dashy |
A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability. |
2023-11-02 |
not yet calculated |
CVE-2023-5916
MISC
MISC
MISC
MISC |
lmxcms — lmxcms
|
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file. |
2023-11-02 |
not yet calculated |
CVE-2023-46958
MISC
MISC
MISC |
lost_and_found_information_system — lost_and_found_information_system
|
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. |
2023-11-03 |
not yet calculated |
CVE-2023-38965
MISC
MISC |
| loytec — multiple_products |
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP. |
2023-11-04 |
not yet calculated |
CVE-2023-46380
MISC |
| loytec — multiple_products |
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI. |
2023-11-04 |
not yet calculated |
CVE-2023-46381
MISC |
| loytec — multiple_products |
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login. |
2023-11-04 |
not yet calculated |
CVE-2023-46382
MISC |
lte-pic32-writer — lte-pic32-writer
|
lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`. |
2023-10-31 |
not yet calculated |
CVE-2023-46723
MISC |
| manageengine — desktop_central |
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv. |
2023-11-03 |
not yet calculated |
CVE-2023-4767
MISC |
| manageengine — desktop_central |
A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf. |
2023-11-03 |
not yet calculated |
CVE-2023-4768
MISC |
| manageengine — desktop_central |
A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests. |
2023-11-03 |
not yet calculated |
CVE-2023-4769
MISC |
mattermost — mattermost
|
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server |
2023-11-02 |
not yet calculated |
CVE-2023-5875
MISC |
mattermost — mattermost
|
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial-Of-Service. |
2023-11-02 |
not yet calculated |
CVE-2023-5876
MISC |
mattermost — mattermost
|
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. |
2023-11-02 |
not yet calculated |
CVE-2023-5920
MISC |
mb_support — openviva
|
A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim’s browser via name field of a process. |
2023-10-30 |
not yet calculated |
CVE-2022-39172
MISC |
| mediawiki — mediawiki |
An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. |
2023-11-03 |
not yet calculated |
CVE-2023-45360
MISC |
| mediawiki — mediawiki |
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka “X intermediate revisions by the same user not shown”) ignores username suppression. This is an information leak. |
2023-11-03 |
not yet calculated |
CVE-2023-45362
MISC |
microsoft — edge
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
2023-11-03 |
not yet calculated |
CVE-2023-36022
MISC |
microsoft — edge
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
2023-11-03 |
not yet calculated |
CVE-2023-36029
MISC |
microsoft — edge
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
2023-11-03 |
not yet calculated |
CVE-2023-36034
MISC |
microweber — microweber
|
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 2.0. |
2023-10-31 |
not yet calculated |
CVE-2023-5861
MISC
MISC |
| mincal — mincal |
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. |
2023-10-30 |
not yet calculated |
CVE-2023-46478
MISC |
| minicms — minicms |
Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php. |
2023-10-31 |
not yet calculated |
CVE-2023-46378
MISC |
mintplex-labs — anything-llm
|
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. |
2023-10-30 |
not yet calculated |
CVE-2023-5832
MISC
MISC |
mintplex-labs — anything-llm
|
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. |
2023-10-30 |
not yet calculated |
CVE-2023-5833
MISC
MISC |
| mlsoft — tco!stream |
In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files. |
2023-10-30 |
not yet calculated |
CVE-2023-45799
MISC |
moxa — multiple_products
|
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot. |
2023-11-01 |
not yet calculated |
CVE-2023-4452
MISC |
moxa — nport_6000_series
|
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service. |
2023-11-01 |
not yet calculated |
CVE-2023-5627
MISC |
moxa — pt-g503_series
|
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. |
2023-11-02 |
not yet calculated |
CVE-2023-4217
MISC |
moxa — pt-g503_series
|
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. |
2023-11-02 |
not yet calculated |
CVE-2023-5035
MISC |
mupdf — mupdf
|
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. |
2023-10-31 |
not yet calculated |
CVE-2023-31794
MISC
MISC
MISC |
| nanoleaf — light_strip |
An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. |
2023-10-31 |
not yet calculated |
CVE-2023-45955
MISC |
| nats — nats-server |
NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0. |
2023-10-30 |
not yet calculated |
CVE-2023-47090
MISC
MISC
MLIST |
| ncsist_manageengine — mobile_device_manager |
NCSIST ManageEngine Mobile Device Manager (MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. |
2023-11-03 |
not yet calculated |
CVE-2023-41356
MISC |
ncsist_manageengine — mobile_device_manager
|
NCSIST ManageEngine Mobile Device Manager (MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. |
2023-11-03 |
not yet calculated |
CVE-2023-41344
MISC |
netmove_corporation — saat_netizen_installer
|
Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed. |
2023-10-31 |
not yet calculated |
CVE-2016-1203
MISC
MISC |
nvidia — multiple_products
|
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. |
2023-11-02 |
not yet calculated |
CVE-2023-31016
MISC |
nvidia — multiple_products
|
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. |
2023-11-02 |
not yet calculated |
CVE-2023-31017
MISC |
nvidia — multiple_products
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client’s secure context. |
2023-11-02 |
not yet calculated |
CVE-2023-31019
MISC |
nvidia — multiple_products
|
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering. |
2023-11-02 |
not yet calculated |
CVE-2023-31020
MISC |
nvidia — multiple_products
|
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. |
2023-11-02 |
not yet calculated |
CVE-2023-31022
MISC |
nvidia — multiple_products
|
NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service. |
2023-11-02 |
not yet calculated |
CVE-2023-31023
MISC |
nvidia — multiple_products
|
NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges. |
2023-11-02 |
not yet calculated |
CVE-2023-31027
MISC |
nvidia — vgpu_driver_and_cloud_gaming_driver
|
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. |
2023-11-02 |
not yet calculated |
CVE-2023-31018
MISC |
nvidia — vgpu_driver_and_cloud_gaming_driver
|
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service. |
2023-11-02 |
not yet calculated |
CVE-2023-31021
MISC |
nvidia — vgpu_driver_and_cloud_gaming_driver
|
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service. |
2023-11-02 |
not yet calculated |
CVE-2023-31026
MISC |
| opencrx — opencrx |
An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request. |
2023-10-30 |
not yet calculated |
CVE-2023-46502
MISC
MISC |
openeuler — isulad
|
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS. |
2023-10-29 |
not yet calculated |
CVE-2021-33634
MISC
MISC
MISC |
openeuler — isulad
|
When malicious images are pulled by isula pull, attackers can execute arbitrary code. |
2023-10-29 |
not yet calculated |
CVE-2021-33635
MISC
MISC
MISC |
openeuler — isulad
|
When the isula load command is used to load malicious images, attackers can execute arbitrary code. |
2023-10-29 |
not yet calculated |
CVE-2021-33636
MISC
MISC
MISC |
openeuler — isulad
|
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container. |
2023-10-29 |
not yet calculated |
CVE-2021-33637
MISC
MISC
MISC |
openeuler — isulad
|
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container. |
2023-10-29 |
not yet calculated |
CVE-2021-33638
MISC
MISC
MISC |
| openimageio_oiio — openimageio_oiio |
Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function. |
2023-11-02 |
not yet calculated |
CVE-2023-42299
MISC |
opentext — service_management_automation_x
|
Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites. |
2023-10-30 |
not yet calculated |
CVE-2023-4964
MISC |
ox_software_gmbh — ox_app_suite
|
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-26452
MISC
MISC |
ox_software_gmbh — ox_app_suite
|
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-26453
MISC
MISC |
ox_software_gmbh — ox_app_suite
|
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-26454
MISC
MISC |
ox_software_gmbh — ox_app_suite
|
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-26455
MISC
MISC |
ox_software_gmbh — ox_app_suite
|
Users were able to set an arbitrary “product name” for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-26456
MISC
MISC |
ox_software_gmbh — ox_app_suite
|
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-29043
MISC
MISC |
ox_software_gmbh — ox_app_suite
|
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-29044
MISC
MISC |
ox_software_gmbh — ox_app_suite
|
Documents operations, in this case “drawing”, could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-29045
MISC
MISC |
ox_software_gmbh — ox_app_suite
|
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result, users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-29046
MISC
MISC |
ox_software_gmbh — ox_app_suite
|
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known. |
2023-11-02 |
not yet calculated |
CVE-2023-29047
MISC
MISC |
| pcrs — pcrs |
PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. |
2023-11-03 |
not yet calculated |
CVE-2023-46404
MISC
MISC |
| peppermint_ticket_management — peppermint_ticket_management |
Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request. |
2023-10-30 |
not yet calculated |
CVE-2023-46863
MISC |
| peppermint_ticket_management — peppermint_ticket_management |
Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request. |
2023-10-30 |
not yet calculated |
CVE-2023-46864
MISC |
php — php
|
A vulnerability was found in PHP when setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. |
2023-11-02 |
not yet calculated |
CVE-2022-4900
MISC
MISC |
| phpbb — phpbb |
A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307. |
2023-11-02 |
not yet calculated |
CVE-2023-5917
MISC
MISC
MISC
MISC
MISC
MISC |
| phpfox — phpfox |
An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code. |
2023-11-03 |
not yet calculated |
CVE-2023-46817
MISC
MISC
MISC
MISC
MISC |
| phpmyfaq — phpmyfaq |
Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. |
2023-10-31 |
not yet calculated |
CVE-2023-5865
MISC
MISC |
phpmyfaq — phpmyfaq
|
Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. |
2023-10-31 |
not yet calculated |
CVE-2023-5863
MISC
MISC |
phpmyfaq — phpmyfaq
|
Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1. |
2023-10-31 |
not yet calculated |
CVE-2023-5864
MISC
MISC |
phpmyfaq — phpmyfaq
|
Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. |
2023-10-31 |
not yet calculated |
CVE-2023-5866
MISC
MISC |
phpmyfaq — phpmyfaq
|
Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2. |
2023-10-31 |
not yet calculated |
CVE-2023-5867
MISC
MISC |
| pillow — pillow |
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. |
2023-11-03 |
not yet calculated |
CVE-2023-44271
MISC
MISC
MISC |
pimcore — pimcore
|
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually. |
2023-10-31 |
not yet calculated |
CVE-2023-46722
MISC
MISC
MISC |
pimcore — pimcore
|
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. |
2023-10-30 |
not yet calculated |
CVE-2023-5844
MISC
MISC |
pimcore — pimcore
|
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 11.1.0. |
2023-10-31 |
not yet calculated |
CVE-2023-5873
MISC
MISC |
pkp — pkp
|
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
2023-11-01 |
not yet calculated |
CVE-2023-5889
MISC
MISC |
pkp — pkp
|
Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
2023-11-01 |
not yet calculated |
CVE-2023-5890
MISC
MISC |
pkp — pkp
|
Cross-site Scripting (XSS) – Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
2023-11-01 |
not yet calculated |
CVE-2023-5891
MISC
MISC |
pkp — pkp
|
Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
2023-11-01 |
not yet calculated |
CVE-2023-5892
MISC
MISC |
pkp — pkp
|
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
2023-11-01 |
not yet calculated |
CVE-2023-5893
MISC
MISC |
pkp — pkp
|
Cross-site Scripting (XSS) – Stored in GitHub repository pkp/ojs prior to 3.3.0-16. |
2023-11-01 |
not yet calculated |
CVE-2023-5894
MISC
MISC |
pkp — pkp
|
Cross-site Scripting (XSS) – DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
2023-11-01 |
not yet calculated |
CVE-2023-5895
MISC
MISC |
pkp — pkp
|
Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4. |
2023-11-01 |
not yet calculated |
CVE-2023-5896
MISC
MISC |
pkp — pkp
|
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1. |
2023-11-01 |
not yet calculated |
CVE-2023-5897
MISC
MISC |
pkp — pkp
|
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
2023-11-01 |
not yet calculated |
CVE-2023-5898
MISC
MISC |
pkp — pkp
|
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16. |
2023-11-01 |
not yet calculated |
CVE-2023-5899
MISC
MISC |
| popojicms — popojicms |
A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects some unknown processing of the file install.php of the component Web Config. The manipulation of the argument Site Title with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-244229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2023-11-02 |
not yet calculated |
CVE-2023-5910
MISC
MISC
MISC
MISC |
prestashop — prestashop
|
SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allows a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components. |
2023-10-31 |
not yet calculated |
CVE-2023-27846
MISC |
prestashop — prestashop
|
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. |
2023-10-31 |
not yet calculated |
CVE-2023-36263
MISC |
prestashop — prestashop
|
In the module “PrestaBlog” (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. |
2023-10-31 |
not yet calculated |
CVE-2023-45378
MISC |
prestashop — prestashop
|
In the module “Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module” (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email. |
2023-11-02 |
not yet calculated |
CVE-2023-46352
MISC
MISC |
prestashop — prestashop
|
In the module “CSV Feeds PRO” (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection. |
2023-10-31 |
not yet calculated |
CVE-2023-46356
MISC |
| print_service — print_service |
In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. |
2023-10-30 |
not yet calculated |
CVE-2023-45780
MISC |
| px4-autopilot — px4-autopilot |
PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available. |
2023-10-31 |
not yet calculated |
CVE-2023-46256
MISC
MISC |
| pypdf — pypdf |
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`. |
2023-10-31 |
not yet calculated |
CVE-2023-46250
MISC
MISC
MISC |
python-eventlet — python-eventlet
|
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products. |
2023-11-01 |
not yet calculated |
CVE-2023-5625
MISC
MISC
MISC |
qemu — qemu
|
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM’s boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot. |
2023-11-03 |
not yet calculated |
CVE-2023-5088
MISC
MISC
MISC |
qnap_systems_inc. — multimedia_console
|
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later |
2023-11-03 |
not yet calculated |
CVE-2023-23369
MISC |
qnap_systems_inc. — music_station
|
A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later |
2023-11-03 |
not yet calculated |
CVE-2023-39299
MISC |
qnap_systems_inc. — qts
|
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later |
2023-11-03 |
not yet calculated |
CVE-2023-23368
MISC |
qnap_systems_inc. — qts
|
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later |
2023-11-03 |
not yet calculated |
CVE-2023-39301
MISC |
quic-go — quic-go
|
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected. |
2023-10-31 |
not yet calculated |
CVE-2023-46239
MISC
MISC
MISC |
ragic — no-code_database_builder
|
Rogic No-Code Database Builder’s file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. |
2023-11-03 |
not yet calculated |
CVE-2023-41343
MISC |
red_hat — openshift
|
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster. |
2023-11-02 |
not yet calculated |
CVE-2023-5408
MISC
MISC
MISC
MISC |
| relativity_oda_llc — relativityone |
SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. |
2023-11-03 |
not yet calculated |
CVE-2023-46954
MISC |
reportico — reportico
|
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS). |
2023-11-02 |
not yet calculated |
CVE-2023-46925
MISC |
| rsvpmaker — rsvpmaker |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. |
2023-11-03 |
not yet calculated |
CVE-2023-41652
MISC |
ruby-magick — ruby-magick
|
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion. |
2023-10-30 |
not yet calculated |
CVE-2023-5349
MISC
MISC
MISC
MISC |
| samba — samba |
A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work. |
2023-11-01 |
not yet calculated |
CVE-2023-1193
MISC
MISC
MISC |
samba — samba
|
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. |
2023-11-03 |
not yet calculated |
CVE-2023-1194
MISC
MISC
MISC |
samba — samba
|
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. |
2023-11-03 |
not yet calculated |
CVE-2023-3961
MISC
MISC
MISC
MISC
MISC
MISC |
samba — samba
|
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module “acl_xattr” is configured with “acl_xattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba’s permissions. |
2023-11-03 |
not yet calculated |
CVE-2023-4091
MISC
MISC
MISC
MISC
MISC
MISC |
samba — samba
|
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba’s RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation “classic DCs”) can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as “The procedure number is out of range” when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services. |
2023-11-03 |
not yet calculated |
CVE-2023-42670
MISC
MISC
MISC
MISC
MISC |
| sangoma_technologies — freepbx |
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101. |
2023-11-02 |
not yet calculated |
CVE-2023-43336
MISC
MISC
MISC |
sap_se — sap_enable_now
|
In SAP Enable Now – versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information. |
2023-10-30 |
not yet calculated |
CVE-2023-36920
MISC
MISC |
| schedmd_slurm — schedmd_slurm |
SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. |
2023-11-03 |
not yet calculated |
CVE-2023-41914
MISC
CONFIRM
FEDORA |
| securepoint_ssl_vpn_client — securepoint_ssl_vpn_client |
The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. |
2023-10-30 |
not yet calculated |
CVE-2023-47101
MISC
MISC |
| senayan — multiple_products |
SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php. |
2023-10-31 |
not yet calculated |
CVE-2023-45996
MISC
MISC |
| shouzu — sweets_oz |
An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
2023-11-02 |
not yet calculated |
CVE-2023-39047
MISC
MISC |
| sim_service — sim_service |
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42645
MISC |
| sim_service — sim_service |
In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42655
MISC |
| six_apart — multiple_products |
Cross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier. |
2023-10-30 |
not yet calculated |
CVE-2023-45746
MISC
MISC |
solwin_infotech — user_activity_log
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection. This issue affects User Activity Log: from n/a through 1.6.2. |
2023-10-31 |
not yet calculated |
CVE-2023-37966
MISC |
sourcecodester — company_website_cms
|
A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability. |
2023-11-02 |
not yet calculated |
CVE-2023-5919
MISC
MISC
MISC |
sourcecodester — visitor_management_system
|
A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244308. |
2023-11-02 |
not yet calculated |
CVE-2023-5918
MISC
MISC
MISC |
sourcegraph — cody
|
Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file `.vscode/cody.json` and overwrite Cody commands. If a user with the extension installed opens this malicious repository and runs a Cody command such as /explain or /doc, this could allow arbitrary code execution on the user’s machine. The vulnerability is rated as critical severity, but with low exploitability. It requires the user to have a malicious repository loaded and execute the overwritten command in VS Code. The issue is exploitable regardless of the user blocking code execution on a repository through VS Code Workspace Trust. The issue was found during a regular 3rd party penetration test. The maintainers of Cody do not have evidence of open source repositories having malicious `.vscode/cody.json` files to exploit this vulnerability. The issue is fixed in version 0.14.1 of the Cody VSCode extension. In case users can’t promptly upgrade, they should not open any untrusted repositories with the Cody extension loaded. |
2023-10-31 |
not yet calculated |
CVE-2023-46248
MISC
MISC |
| spicedb — spicedb |
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0-rc1 patches this issue. |
2023-10-31 |
not yet calculated |
CVE-2023-46255
MISC
MISC |
squid — squid
|
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `–with-openssl` are vulnerable to a Denial-of-Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. |
2023-11-01 |
not yet calculated |
CVE-2023-46724
MISC
MISC
MISC
MISC |
squid — squid
|
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. |
2023-11-03 |
not yet calculated |
CVE-2023-46846
MISC
MISC
MISC
MISC
MISC
MISC |
squid — squid
|
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. |
2023-11-03 |
not yet calculated |
CVE-2023-46847
MISC
MISC
MISC
MISC
MISC
MISC |
squid — squid
|
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. |
2023-11-03 |
not yet calculated |
CVE-2023-46848
MISC
MISC
MISC
MISC
MISC |
squid — squid
|
Squid is vulnerable to Denial-of-Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. |
2023-11-03 |
not yet calculated |
CVE-2023-5824
MISC
MISC
MISC |
submitty — submitty
|
Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS. |
2023-11-02 |
not yet calculated |
CVE-2023-43193
MISC
MISC |
submitty — submitty
|
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter. |
2023-11-02 |
not yet calculated |
CVE-2023-43194
MISC
MISC |
subrion — subrion
|
Subrion 4.2.1 has a remote command execution vulnerability in the backend. |
2023-11-03 |
not yet calculated |
CVE-2023-46947
MISC |
swtpm — swtpm
|
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. |
2023-11-03 |
not yet calculated |
CVE-2020-28407
MISC
CONFIRM
CONFIRM |
| synapse — synapse |
Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver. |
2023-10-31 |
not yet calculated |
CVE-2023-43796
MISC
MISC |
| teamamaze — amazefileutilities |
Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91. |
2023-11-03 |
not yet calculated |
CVE-2023-5948
MISC
MISC |
| tenable — nessus |
Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts. |
2023-11-01 |
not yet calculated |
CVE-2023-5847
MISC
MISC |
| thorn_sftp_gateway — thorn_sftp_gateway |
Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution. |
2023-10-31 |
not yet calculated |
CVE-2023-47174
MISC |
tinyfiledialogs — tinyfiledialogs
|
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. |
2023-10-30 |
not yet calculated |
CVE-2020-36767
MISC |
| tinyfiledialogs — tinyfiledialogs |
tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters. |
2023-10-30 |
not yet calculated |
CVE-2023-47104
MISC
MISC |
| tokudaya.ekimae_mc — tokudaya.ekimae_mc |
An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
2023-11-02 |
not yet calculated |
CVE-2023-39054
MISC
MISC |
| tokudaya.honten — tokudaya.honten |
An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
2023-11-02 |
not yet calculated |
CVE-2023-39048
MISC
MISC |
| totolink — totolink |
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. |
2023-10-31 |
not yet calculated |
CVE-2023-46484
MISC |
| totolink — totolink |
An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. |
2023-10-31 |
not yet calculated |
CVE-2023-46485
MISC |
| totolink — totolink |
TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. |
2023-10-31 |
not yet calculated |
CVE-2023-46976
MISC |
| totolink — totolink |
TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth. |
2023-10-31 |
not yet calculated |
CVE-2023-46977
MISC |
| totolink — totolink |
TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control. Attackers can reset login password & WIFI passwords without authentication. |
2023-10-31 |
not yet calculated |
CVE-2023-46978
MISC |
| totolink — totolink |
TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. |
2023-10-31 |
not yet calculated |
CVE-2023-46979
MISC |
| totolink — totolink |
TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset several critical passwords without authentication by visiting specific pages. |
2023-10-31 |
not yet calculated |
CVE-2023-46992
MISC |
| totolink — totolink |
In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. |
2023-10-31 |
not yet calculated |
CVE-2023-46993
MISC |
tp-link — tapo_c100
|
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. |
2023-10-31 |
not yet calculated |
CVE-2023-39610
MISC |
| transmute-core — transmute-core |
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code. |
2023-11-02 |
not yet calculated |
CVE-2023-47204
MISC
MISC |
| turing_video — turing_edge+_evc5fd |
An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. |
2023-10-31 |
not yet calculated |
CVE-2023-42425
MISC
MISC |
| unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products |
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2022-48457
MISC |
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
|
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2022-48454
MISC |
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
|
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2022-48455
MISC |
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
|
In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2022-48456
MISC |
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
|
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2022-48458
MISC |
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
|
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2022-48459
MISC |
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
|
In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2022-48460
MISC |
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
|
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2022-48461
MISC |
univention_ucs — univention_ucs
|
An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function. |
2023-10-31 |
not yet calculated |
CVE-2023-38994
MISC
MISC
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42631
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42632
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42633
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42634
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42635
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42636
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42637
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42638
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42639
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42640
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42641
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42642
MISC |
| validationtools — validationtools |
In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed |
2023-11-01 |
not yet calculated |
CVE-2023-42643
MISC |
| vinchin_backup_&_recovery — vinchin_backup_&_recovery |
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. |
2023-10-27 |
not yet calculated |
CVE-2023-45498
MISC
FULLDISC
MISC |
| vinchin_backup_&_recovery — vinchin_backup_&_recovery |
VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. |
2023-10-27 |
not yet calculated |
CVE-2023-45499
MISC
FULLDISC
MISC |
| virtualmin — virtualmin |
A Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details. |
2023-11-01 |
not yet calculated |
CVE-2023-47094
MISC |
| virtualmin — virtualmin |
A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server. |
2023-11-01 |
not yet calculated |
CVE-2023-47095
MISC |
| virtualmin — virtualmin |
A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field. |
2023-11-01 |
not yet calculated |
CVE-2023-47096
MISC |
| virtualmin — virtualmin |
A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates. |
2023-11-01 |
not yet calculated |
CVE-2023-47097
MISC |
| virtualmin — virtualmin |
A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field. |
2023-11-01 |
not yet calculated |
CVE-2023-47098
MISC |
| virtualmin — virtualmin |
A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server. |
2023-11-01 |
not yet calculated |
CVE-2023-47099
MISC |
| vision_meat_works — track_diner_10/10mbl |
An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. |
2023-11-02 |
not yet calculated |
CVE-2023-39051
MISC
MISC |
vmware — open-vm-tools
|
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. |
2023-10-27 |
not yet calculated |
CVE-2023-34059
MISC
MISC
MISC
MISC
MISC |
vmware — tools
|
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . |
2023-10-27 |
not yet calculated |
CVE-2023-34058
MISC
MISC
MISC
MISC |
vmware — workspace_one_uem_console
|
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user. |
2023-10-31 |
not yet calculated |
CVE-2023-20886
MISC |
| wordpress — wordpress |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection. This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19. |
2023-10-31 |
not yet calculated |
CVE-2023-33927
MISC |
wordpress — wordpress
|
A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804. |
2023-10-29 |
not yet calculated |
CVE-2005-10002
MISC
MISC
MISC |
wordpress — wordpress
|
A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803. |
2023-10-29 |
not yet calculated |
CVE-2007-10003
MISC
MISC
MISC
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection. This issue affects Paytm Payment Gateway: from n/a through 2.7.3. |
2023-11-03 |
not yet calculated |
CVE-2022-45805
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection. This issue affects ARMember: from n/a through 3.4.11. |
2023-11-03 |
not yet calculated |
CVE-2022-46808
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection. This issue affects Email posts to subscribers: from n/a through 6.2. |
2023-11-03 |
not yet calculated |
CVE-2022-46818
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection. This issue affects Spiffy Calendar: from n/a through 4.9.1. |
2023-11-03 |
not yet calculated |
CVE-2022-46859
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection. This issue affects Neshan Maps: from n/a through 1.1.4. |
2023-11-03 |
not yet calculated |
CVE-2022-47426
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection. This issue affects Be POPIA Compliant: from n/a through 1.2.0. |
2023-11-03 |
not yet calculated |
CVE-2022-47445
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection. This issue affects Simple Photo Gallery: from n/a through v1.8.1. |
2023-11-03 |
not yet calculated |
CVE-2022-47588
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7. |
2023-10-31 |
not yet calculated |
CVE-2023-24000
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Contact Form – WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25. |
2023-10-31 |
not yet calculated |
CVE-2023-24410
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. |
2023-10-31 |
not yet calculated |
CVE-2023-25045
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3. |
2023-10-31 |
not yet calculated |
CVE-2023-25047
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. |
2023-11-03 |
not yet calculated |
CVE-2023-25700
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. |
2023-11-03 |
not yet calculated |
CVE-2023-25800
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection. This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0. |
2023-11-03 |
not yet calculated |
CVE-2023-25960
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 2.1.10. |
2023-11-03 |
not yet calculated |
CVE-2023-25990
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection. This issue affects MapPress Maps for WordPress: from n/a through 2.85.4. |
2023-11-03 |
not yet calculated |
CVE-2023-26015
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0. |
2023-10-31 |
not yet calculated |
CVE-2023-31212
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection. This issue affects Zero Spam for WordPress: from n/a through 5.4.4. |
2023-11-03 |
not yet calculated |
CVE-2023-32121
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection. This issue affects Order Your Posts Manually: from n/a through 2.2.5. |
2023-11-03 |
not yet calculated |
CVE-2023-32508
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection. This issue affects Contact Form to Any API: from n/a through 1.1.2. |
2023-11-04 |
not yet calculated |
CVE-2023-32741
MISC |
wordpress — wordpress
|
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user’s email address. We are disclosing this issue as the developer has not yet released a patch but continues to release updates and we escalated this issue to the plugin’s team 30 days ago. |
2023-11-03 |
not yet calculated |
CVE-2023-3277
MISC
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection. This issue affects WP Project Manager: from n/a through 2.6.0. |
2023-11-03 |
not yet calculated |
CVE-2023-34383
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce Product Vendors allows SQL Injection. This issue affects Product Vendors: from n/a through 2.1.78. |
2023-10-31 |
not yet calculated |
CVE-2023-35879
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection. This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0. |
2023-11-04 |
not yet calculated |
CVE-2023-35910
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection. This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1. |
2023-10-31 |
not yet calculated |
CVE-2023-36508
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Favethemes Houzez – Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez – Real Estate WordPress Theme: from n/a through 1.3.4. |
2023-11-03 |
not yet calculated |
CVE-2023-36529
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Smartypants SP Project & Document Manager allows SQL Injection. This issue affects SP Project & Document Manager: from n/a through 4.67. |
2023-11-03 |
not yet calculated |
CVE-2023-36677
MISC |
wordpress — wordpress
|
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themesgrove Onepage Builder allows SQL Injection. This issue affects Onepage Builder: from n/a through 2.4.1. |
2023-11-04 |
not yet calculated |
CVE-2023-38391
MISC |
wordpress — wordpress
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions. |
2023-10-31 |
not yet calculated |
CVE-2023-40681
MISC |
wordpress — wordpress
|
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. |
2023-10-31 |
not yet calculated |
CVE-2023-4250
MISC |
wordpress — wordpress
|
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. |
2023-10-31 |
not yet calculated |
CVE-2023-4251
MISC |
wordpress — wordpress
|
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup). |
2023-10-31 |
not yet calculated |
CVE-2023-4390
MISC |
wordpress — wordpress
|
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebCource WC Captcha plugin <= 1.4 versions. |
2023-10-31 |
not yet calculated |
CVE-2023-46210
MISC |
wordpress — wordpress
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech Smart Online Order for Clover plugin <= 1.5.4 versions. |
2023-10-31 |
not yet calculated |
CVE-2023-46312
MISC |
wordpress — wordpress
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.4 versions. |
2023-10-31 |
not yet calculated |
CVE-2023-46313
MISC |
wordpress — wordpress
|
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.18.2 versions. |
2023-10-31 |
not yet calculated |
CVE-2023-46622
MISC |
wordpress — wordpress
|
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting. |
2023-10-31 |
not yet calculated |
CVE-2023-4823
MISC |
wordpress — wordpress
|
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced |
2023-10-31 |
not yet calculated |
CVE-2023-4836
MISC
MISC |
wordpress — wordpress
|
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘rafflepress’ and ‘rafflepress_gutenberg’ shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on ‘giframe’ user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2023-10-30 |
not yet calculated |
CVE-2023-5049
MISC
MISC
MISC
MISC |
wordpress — wordpress
|
The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘iframe’ shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2023-10-31 |
not yet calculated |
CVE-2023-5073
MISC
MISC |
wordpress — wordpress
|
The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string “true”, which could lead to a variety of outcomes, including DoS. |
2023-10-31 |
not yet calculated |
CVE-2023-5098
MISC |
wordpress — wordpress
|
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the ‘src’ attribute of the ‘csvsearch’ shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
2023-10-31 |
not yet calculated |
CVE-2023-5099
MISC
MISC |
wordpress — wordpress
|
The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘idbbee’ shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2023-10-31 |
not yet calculated |
CVE-2023-5114
MISC
MISC |
wordpress — wordpress
|
The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ipushpull_page’ shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2023-10-31 |
not yet calculated |
CVE-2023-5116
MISC
MISC |
wordpress — wordpress
|
The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2023-10-30 |
not yet calculated |
CVE-2023-5164
MISC
MISC
MISC |
wordpress — wordpress
|
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the ‘php-to-page’ shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily. |
2023-10-30 |
not yet calculated |
CVE-2023-5199
MISC
MISC |
wordpress — wordpress
|
The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the ‘id’ parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability. |
2023-10-31 |
not yet calculated |
CVE-2023-5211
MISC |
wordpress — wordpress
|
The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
2023-10-31 |
not yet calculated |
CVE-2023-5229
MISC |
wordpress — wordpress
|
The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. |
2023-10-31 |
not yet calculated |
CVE-2023-5237
MISC
MISC |
wordpress — wordpress
|
The EventPrime WordPress plugin before 3.2.0 does not sanitize and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. |
2023-10-31 |
not yet calculated |
CVE-2023-5238
MISC |
wordpress — wordpress
|
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). |
2023-10-31 |
not yet calculated |
CVE-2023-5243
MISC |
wordpress — wordpress
|
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files. |
2023-10-30 |
not yet calculated |
CVE-2023-5250
MISC
MISC |
wordpress — wordpress
|
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘grid_plus_save_layout_callback’ and ‘grid_plus_delete_callback’ functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout. |
2023-10-30 |
not yet calculated |
CVE-2023-5251
MISC
MISC
MISC |
wordpress — wordpress
|
The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2023-10-30 |
not yet calculated |
CVE-2023-5252
MISC
MISC |
wordpress — wordpress
|
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitize and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers. |
2023-10-31 |
not yet calculated |
CVE-2023-5307
MISC
MISC |
wordpress — wordpress
|
The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-30 |
not yet calculated |
CVE-2023-5315
MISC
MISC |
wordpress — wordpress
|
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE. |
2023-10-31 |
not yet calculated |
CVE-2023-5360
MISC |
wordpress — wordpress
|
The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘spice_post_slider’ shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2023-10-30 |
not yet calculated |
CVE-2023-5362
MISC
MISC
MISC
MISC |
wordpress — wordpress
|
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5412
MISC
MISC
MISC |
wordpress — wordpress
|
The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5428
MISC
MISC
MISC |
wordpress — wordpress
|
The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5429
MISC
MISC
MISC |
wordpress — wordpress
|
The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5430
MISC
MISC
MISC |
wordpress — wordpress
|
The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5431
MISC
MISC
MISC |
wordpress — wordpress
|
The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5433
MISC
MISC
MISC |
wordpress — wordpress
|
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5434
MISC
MISC
MISC |
wordpress — wordpress
|
The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5435
MISC
MISC
MISC |
wordpress — wordpress
|
The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5436
MISC
MISC
MISC |
wordpress — wordpress
|
The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5437
MISC
MISC
MISC |
wordpress — wordpress
|
The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5438
MISC
MISC
MISC |
wordpress — wordpress
|
The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5439
MISC
MISC
MISC |
wordpress — wordpress
|
The CITS Support svg, webp Media and TTF, OTF File Upload WordPress plugin before 3.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. |
2023-10-31 |
not yet calculated |
CVE-2023-5458
MISC |
wordpress — wordpress
|
The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2023-10-31 |
not yet calculated |
CVE-2023-5464
MISC
MISC
MISC |
wordpress — wordpress
|
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. |
2023-10-31 |
not yet calculated |
CVE-2023-5519
MISC |
wordpress — wordpress
|
The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the ‘wpsimplegallery_gallery’ post meta via ‘wpsgallery’ shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. |
2023-10-30 |
not yet calculated |
CVE-2023-5583
MISC
MISC |
wordpress — wordpress
|
The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253. |
2023-11-02 |
not yet calculated |
CVE-2023-5606
MISC
MISC |
wordpress — wordpress
|
The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tcpaccordion’ shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2023-10-30 |
not yet calculated |
CVE-2023-5666
MISC
MISC
MISC |
wordpress — wordpress
|
The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘slider’ shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2023-11-03 |
not yet calculated |
CVE-2023-5707
MISC
MISC
MISC
MISC |
wordpress — wordpress
|
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the ‘dfads_ajax_load_ads’ function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily. |
2023-10-30 |
not yet calculated |
CVE-2023-5843
MISC
MISC |
wordpress — wordpress
|
The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. |
2023-11-02 |
not yet calculated |
CVE-2023-5860
MISC
MISC |
wordpress — wordpress
|
The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
2023-11-03 |
not yet calculated |
CVE-2023-5945
MISC
MISC
MISC |
wordpress — wordpress
|
The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘current_group_id’ parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2023-11-03 |
not yet calculated |
CVE-2023-5946
MISC
MISC |
| wpn-xm_serverstack — wpn-xm_serverstack |
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit. |
2023-11-03 |
not yet calculated |
CVE-2023-4591
MISC |
| wpn-xm_serverstack — wpn-xm_serverstack |
A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking. |
2023-11-03 |
not yet calculated |
CVE-2023-4592
MISC |
wuzhicms — wuzhicms
|
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. |
2023-11-01 |
not yet calculated |
CVE-2023-46482
MISC |
| yettiesoft — vestcert |
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution. |
2023-10-30 |
not yet calculated |
CVE-2023-45798
MISC |
| zentao — zentao |
A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code. |
2023-11-02 |
not yet calculated |
CVE-2023-46475
MISC
MISC |
| nats.io — multiple_products |
NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library’s `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep. |
2023-10-31 |
not yet calculated |
CVE-2023-46129
MISC
MISC |
