| abocms — abo.cms |
SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. |
2024-01-06 |
9.8 |
CVE-2023-46953
cve@mitre.org |
| acme — ultra_mini_httpd |
A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819. |
2024-01-07 |
7.5 |
CVE-2024-0263
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| advancedcustomfields — advanced_custom_fields |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2. |
2024-01-08 |
7.5 |
CVE-2022-40696
audit@patchstack.com |
| alekseykurepin — pico_http_server_in_c |
route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. |
2024-01-05 |
9.8 |
CVE-2024-22087
cve@mitre.org |
altassian — bitbucket
|
An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. |
2024-01-09 |
8.3 |
CVE-2023-50931
cve@mitre.org |
altassian — jira
|
An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Jira, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. |
2024-01-09 |
8.3 |
CVE-2023-50930
cve@mitre.org |
| ami — megarac_sp-x |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
2024-01-09 |
8.8 |
CVE-2023-3043
biossecurity@ami.com |
| ami — megarac_sp-x |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
2024-01-09 |
8.8 |
CVE-2023-37293
biossecurity@ami.com |
| ami — megarac_sp-x |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
2024-01-09 |
8.8 |
CVE-2023-37294
biossecurity@ami.com |
| ami — megarac_sp-x |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
2024-01-09 |
8.8 |
CVE-2023-37295
biossecurity@ami.com |
| ami — megarac_sp-x |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
2024-01-09 |
8.8 |
CVE-2023-37296
biossecurity@ami.com |
| ami — megarac_sp-x |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
2024-01-09 |
8.8 |
CVE-2023-37297
biossecurity@ami.com |
| ami — megarac_sp-x |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
2024-01-09 |
7.8 |
CVE-2023-34332
biossecurity@ami.com |
| ami — megarac_sp-x |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
2024-01-09 |
7.8 |
CVE-2023-34333
biossecurity@ami.com |
| apache — axis |
** UNSUPPORTED WHEN ASSIGNED ** Improper Input Validation vulnerability in Apache Axis allowed users with access to the admin service to perform possible SSRF This issue affects Apache Axis: through 1.3. As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. Alternatively you could use a build of Axis with the patch from https://github.com/apache/axis-axis1-java/commit/685c309febc64aa393b2d64a05f90e7eb9f73e06 applied. The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome. |
2024-01-06 |
7.2 |
CVE-2023-51441
security@apache.org
security@apache.org |
| apollo13themes — apollo13_framework_extensions |
Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1. |
2024-01-05 |
8.8 |
CVE-2023-51539
audit@patchstack.com |
| apple — macos |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to arbitrary code execution. |
2024-01-10 |
7.8 |
CVE-2023-42826
product-security@apple.com |
| apple — macos |
The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. Processing a file may lead to a denial-of-service or potentially disclose memory contents. |
2024-01-10 |
7.1 |
CVE-2023-42876
product-security@apple.com |
| apple — macos |
This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may be able to gain elevated privileges. |
2024-01-10 |
7.8 |
CVE-2023-42933
product-security@apple.com |
atlassian — confluence
|
An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Confluence, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be. |
2024-01-09 |
8.3 |
CVE-2023-50932
cve@mitre.org |
azure — ipam
|
Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers’ Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0. |
2024-01-10 |
9.1 |
CVE-2024-21638
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| azuread — activedirectory_identitymodel_extensions_for_dotnet |
IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller’s identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher. |
2024-01-10 |
7.1 |
CVE-2024-21643
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| backupbliss — clone |
The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path. |
2024-01-08 |
7.5 |
CVE-2023-6750
contact@wpscan.com |
| basixonline — nex-forms |
Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Forms – Ultimate Form Builder – Contact forms and much more: from n/a through 8.5.2. |
2024-01-05 |
8.8 |
CVE-2023-52120
audit@patchstack.com |
| blueastral — page_builder |
Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25. |
2024-01-08 |
7.2 |
CVE-2023-52206
audit@patchstack.com |
| bosch — bcc101 |
Network port 8899 open in WiFi firmware of BCC101/BCC102/BCC50 products, that allows an attacker to connect to the device via same WiFi network. |
2024-01-09 |
8.3 |
CVE-2023-49722
psirt@bosch.com |
| briandgoad — ptypeconverter |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Brian D. Goad pTypeConverter.This issue affects pTypeConverter: from n/a through 0.2.8.1. |
2024-01-08 |
8.8 |
CVE-2023-52201
audit@patchstack.com |
| buy-addons — bazoom_magnifier |
SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method. |
2024-01-05 |
9.8 |
CVE-2023-50027
cve@mitre.org |
| byzoro — smart_s150_firmware |
A vulnerability was found in Beijing Baichuo Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
9.8 |
CVE-2024-0300
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| canonical — snapd |
Race condition in snap-confine’s must_mkdir_and_open_with_perms() |
2024-01-08 |
7 |
CVE-2022-3328
security@ubuntu.com
security@ubuntu.com |
| checkmk — checkmk |
Insufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials |
2024-01-12 |
8.8 |
CVE-2023-31211
security@checkmk.com |
| checkmk — checkmk |
Privilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges |
2024-01-12 |
8.8 |
CVE-2023-6735
security@checkmk.com |
| checkmk — checkmk |
Privilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges |
2024-01-12 |
8.8 |
CVE-2023-6740
security@checkmk.com |
| chendotjs — lotos_webserver |
Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. |
2024-01-05 |
9.8 |
CVE-2024-22088
cve@mitre.org |
| cleantalk — spam_protection,_antispam,_firewall |
Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk – Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20. |
2024-01-05 |
8.8 |
CVE-2023-51535
audit@patchstack.com |
| clerk — javascript |
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. |
2024-01-12 |
9 |
CVE-2024-22206
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| cloud_foundry — routing_release |
Cloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment. |
2024-01-12 |
7.5 |
CVE-2023-34061
security@vmware.com |
| code-projects — dormitory_management_system |
A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579. |
2024-01-12 |
7.3 |
CVE-2024-0474
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| code-projects — simple_online_hotel_reservation_system |
A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability. |
2024-01-10 |
9.8 |
CVE-2024-0359
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| constantcontact — constant_contact_forms |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2. |
2024-01-08 |
7.5 |
CVE-2023-52208
audit@patchstack.com |
| cozmoslabs — profile_builder_pro |
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0. |
2024-01-13 |
7.1 |
CVE-2024-22142
audit@patchstack.com |
| dataiku — data_science_studio |
Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass. |
2024-01-09 |
9.8 |
CVE-2023-51717
cve@mitre.org
cve@mitre.org |
| dedecms — dedecms |
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file file_class.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249768. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-07 |
9.8 |
CVE-2023-7212
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| demon1a — discord-recon |
Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8. |
2024-01-09 |
8.8 |
CVE-2024-21663
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| discourse — discourse |
Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions (@all and @here) which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5. |
2024-01-12 |
8.6 |
CVE-2023-48297
security-advisories@github.com |
| dtale –dtale |
D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users. |
2024-01-05 |
7.5 |
CVE-2024-21642
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| engineers_online_portal_project — engineers_online_portal |
A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816. |
2024-01-07 |
7.5 |
CVE-2024-0260
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| evernote — evernote |
An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components. |
2024-01-09 |
9.8 |
CVE-2023-50643
cve@mitre.org
cve@mitre.org |
| fastify — reply-from |
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. A reverse proxy server built with `@fastify/reply-from` could misinterpret the incoming body by passing an header `ContentType: application/json ; charset=utf-8`. This can lead to bypass of security checks. This vulnerability has been patched in ‘@fastify/reply-from` version 9.6.0. |
2024-01-08 |
7.5 |
CVE-2023-51701
security-advisories@github.com
security-advisories@github.com |
| fhs-opensource — iparking |
A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868. |
2024-01-08 |
9.8 |
CVE-2024-0301
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| fhs-opensource — iparking |
A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249869 was assigned to this vulnerability. |
2024-01-08 |
9.8 |
CVE-2024-0302
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| fit2cloud — cloudexplorer_lite |
Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. |
2024-01-06 |
7.8 |
CVE-2023-50612
cve@mitre.org |
| flycms_project — flycms |
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. |
2024-01-08 |
8.8 |
CVE-2023-52072
cve@mitre.org |
| flycms_project — flycms |
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. |
2024-01-08 |
8.8 |
CVE-2023-52073
cve@mitre.org |
| flycms_project — flycms |
FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. |
2024-01-08 |
8.8 |
CVE-2023-52074
cve@mitre.org |
| fonttools — fonttools |
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection (XXE) vulnerability which allows an attacker to resolve arbitrary entities when a candidate font (OT-SVG fonts), which contains a SVG table, is parsed. This allows attackers to include arbitrary files from the filesystem fontTools is running on or make web requests from the host system. This vulnerability has been patched in version 4.43.0. |
2024-01-10 |
7.5 |
CVE-2023-45139
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| fortinet — fortios |
An improper privilege management vulnerability [CWE-269] in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests. |
2024-01-10 |
8.8 |
CVE-2023-44250
psirt@fortinet.com |
fortinet — fortiportal
|
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests. |
2024-01-10 |
7.2 |
CVE-2023-46712
psirt@fortinet.com |
| framework — framework |
Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe. |
2024-01-05 |
7.5 |
CVE-2024-21641
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| ftpdmin_project — ftpdmin |
A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability. |
2024-01-07 |
7.5 |
CVE-2024-0261
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| gecka — terms_thumbnails |
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1. |
2024-01-08 |
8.8 |
CVE-2023-52219
audit@patchstack.com |
| getawesomesupport — awesome_support |
Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support – WordPress HelpDesk & Support Plugin.This issue affects Awesome Support – WordPress HelpDesk & Support Plugin: from n/a through 6.1.5. |
2024-01-05 |
8.8 |
CVE-2023-51538
audit@patchstack.com |
| gitlab — gitlab |
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request. |
2024-01-12 |
7.6 |
CVE-2023-4812
cve@gitlab.com
cve@gitlab.com |
| gitlab — gitlab |
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user. |
2024-01-12 |
7.3 |
CVE-2023-5356
cve@gitlab.com
cve@gitlab.com |
gitlab — gitlab
|
An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address. |
2024-01-12 |
10 |
CVE-2023-7028
cve@gitlab.com
cve@gitlab.com |
| gitpython-developers — gitpython |
GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. |
2024-01-11 |
7.8 |
CVE-2024-22190
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
go-git — go-git
|
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using “Plain” versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli. |
2024-01-12 |
9.8 |
CVE-2023-49569
cve-requests@bitdefender.com |
go-git — go-git
|
A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli. |
2024-01-12 |
7.5 |
CVE-2023-49568
cve-requests@bitdefender.com |
| goauthentik — authentik |
Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6. |
2024-01-11 |
7.6 |
CVE-2024-21637
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| gofiber — template |
This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users’ browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. |
2024-01-11 |
9.3 |
CVE-2024-22199
security-advisories@github.com
security-advisories@github.com |
| gpac — gpac |
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. |
2024-01-08 |
9.8 |
CVE-2024-0321
security@huntr.dev
security@huntr.dev |
| gpac — gpac |
Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. |
2024-01-08 |
9.1 |
CVE-2024-0322
security@huntr.dev
security@huntr.dev |
| gtkwave — gtkwave |
An integer overflow vulnerability exists in the FST_BL_GEOM parsing maxhandle functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-32650
talos-cna@cisco.com |
| gtkwave — gtkwave |
An improper array index validation vulnerability exists in the EVCD var len parsing functionality of GTKWave 3.3.115. A specially crafted .evcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-34087
talos-cna@cisco.com |
| gtkwave — gtkwave |
An out-of-bounds write vulnerability exists in the LXT2 num_time_table_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-34436
talos-cna@cisco.com |
| gtkwave — gtkwave |
An integer overflow vulnerability exists in the VZT longest_len value allocation functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-35004
talos-cna@cisco.com |
| gtkwave — gtkwave |
An integer overflow vulnerability exists in the LXT2 lxt2_rd_trace value elements allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-35057
talos-cna@cisco.com |
| gtkwave — gtkwave |
An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-35128
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32 function. |
2024-01-08 |
7.8 |
CVE-2023-35702
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint64 function. |
2024-01-08 |
7.8 |
CVE-2023-35703
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple stack-based buffer overflow vulnerabilities exist in the FST LEB128 varint functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the fstReaderVarint32WithSkip function. |
2024-01-08 |
7.8 |
CVE-2023-35704
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `LZ4_decompress_safe_partial`. |
2024-01-08 |
7.8 |
CVE-2023-35955
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `fastlz_decompress`. |
2024-01-08 |
7.8 |
CVE-2023-35956
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the decompression function `uncompress`. |
2024-01-08 |
7.8 |
CVE-2023-35957
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. A specially-crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the copy function `fstFread`. |
2024-01-08 |
7.8 |
CVE-2023-35958
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns `.ghw` decompression. |
2024-01-08 |
7.8 |
CVE-2023-35959
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns legacy decompression in `vcd_main`. |
2024-01-08 |
7.8 |
CVE-2023-35960
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in `vcd_recorder_main`. |
2024-01-08 |
7.8 |
CVE-2023-35961
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2vzt` utility. |
2024-01-08 |
7.8 |
CVE-2023-35962
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt2` utility. |
2024-01-08 |
7.8 |
CVE-2023-35963
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. A specially crafted wave file can lead to arbitrary command execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns decompression in the `vcd2lxt` utility. |
2024-01-08 |
7.8 |
CVE-2023-35964
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of `FST_BL_VCDATA` and `FST_BL_VCDATA_DYN_ALIAS` section types. |
2024-01-08 |
7.8 |
CVE-2023-35969
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chain_table parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the chain_table of the `FST_BL_VCDATA_DYN_ALIAS2` section type. |
2024-01-08 |
7.8 |
CVE-2023-35970
talos-cna@cisco.com |
| gtkwave — gtkwave |
An integer overflow vulnerability exists in the LXT2 zlib block allocation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-35989
talos-cna@cisco.com |
| gtkwave — gtkwave |
An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-35992
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta initialization part. |
2024-01-08 |
7.8 |
CVE-2023-35994
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 1. |
2024-01-08 |
7.8 |
CVE-2023-35995
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 0. |
2024-01-08 |
7.8 |
CVE-2023-35996
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple improper array index validation vulnerabilities exist in the fstReaderIterBlocks2 tdelta functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the tdelta indexing when signal_lens is 2 or more. |
2024-01-08 |
7.8 |
CVE-2023-35997
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when parsing the time table. |
2024-01-08 |
7 |
CVE-2023-36746
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 fstWritex len functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the handling of `len` in `fstWritex` when `beg_time` does not match the start of the time table. |
2024-01-08 |
7 |
CVE-2023-36747
talos-cna@cisco.com |
| gtkwave — gtkwave |
An out-of-bounds write vulnerability exists in the VZT LZMA_read_varint functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-36861
talos-cna@cisco.com |
| gtkwave — gtkwave |
An integer overflow vulnerability exists in the fstReaderIterBlocks2 temp_signal_value_buf allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-36864
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table` array. |
2024-01-08 |
7.8 |
CVE-2023-36915
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the FST fstReaderIterBlocks2 chain_table allocation functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the allocation of the `chain_table_lengths` array. |
2024-01-08 |
7.8 |
CVE-2023-36916
talos-cna@cisco.com |
| gtkwave — gtkwave |
An out-of-bounds write vulnerability exists in the VZT LZMA_Read dmem extraction functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-37282
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI’s legacy VCD parsing code. |
2024-01-08 |
7.8 |
CVE-2023-37416
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the GUI’s interactive VCD parsing code. |
2024-01-08 |
7.8 |
CVE-2023-37417
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37418
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37419
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37420
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI’s default VCD parsing code. |
2024-01-08 |
7.8 |
CVE-2023-37442
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI’s legacy VCD parsing code. |
2024-01-08 |
7.8 |
CVE-2023-37443
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds read when triggered via the GUI’s interactive VCD parsing code. |
2024-01-08 |
7.8 |
CVE-2023-37444
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2vzt conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37445
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt2 conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37446
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when triggered via the vcd2lxt conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37447
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI’s recoder (default) VCD parsing code. |
2024-01-08 |
7.8 |
CVE-2023-37573
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI’s legacy VCD parsing code. |
2024-01-08 |
7.8 |
CVE-2023-37574
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the GUI’s interactive VCD parsing code. |
2024-01-08 |
7.8 |
CVE-2023-37575
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2vzt conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37576
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt2 conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37577
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the use-after-free when triggered via the vcd2lxt conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37578
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2vzt conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37921
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt2 conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37922
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. A specially crafted .vcd file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the arbitrary write when triggered via the vcd2lxt conversion utility. |
2024-01-08 |
7.8 |
CVE-2023-37923
talos-cna@cisco.com |
| gtkwave — gtkwave |
A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-38583
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array. |
2024-01-08 |
7.8 |
CVE-2023-38618
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array. |
2024-01-08 |
7.8 |
CVE-2023-38619
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array. |
2024-01-08 |
7.8 |
CVE-2023-38620
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array. |
2024-01-08 |
7.8 |
CVE-2023-38621
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array. |
2024-01-08 |
7.8 |
CVE-2023-38622
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array. |
2024-01-08 |
7.8 |
CVE-2023-38623
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop. |
2024-01-08 |
7.8 |
CVE-2023-38648
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop. |
2024-01-08 |
7.8 |
CVE-2023-38649
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero. |
2024-01-08 |
7.8 |
CVE-2023-38650
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero. |
2024-01-08 |
7.8 |
CVE-2023-38651
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero. |
2024-01-08 |
7.8 |
CVE-2023-38652
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero. |
2024-01-08 |
7.8 |
CVE-2023-38653
talos-cna@cisco.com |
| gtkwave — gtkwave |
An out-of-bounds write vulnerability exists in the LXT2 zlib block decompression functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. |
2024-01-08 |
7.8 |
CVE-2023-38657
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->numrealfacs`. |
2024-01-08 |
7.8 |
CVE-2023-39234
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_process_block autosort functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write when looping over `lt->num_time_ticks`. |
2024-01-08 |
7.8 |
CVE-2023-39235
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `rows` array. |
2024-01-08 |
7.8 |
CVE-2023-39270
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `msb` array. |
2024-01-08 |
7.8 |
CVE-2023-39271
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `lsb` array. |
2024-01-08 |
7.8 |
CVE-2023-39272
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `flags` array. |
2024-01-08 |
7.8 |
CVE-2023-39273
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `len` array. |
2024-01-08 |
7.8 |
CVE-2023-39274
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `value` array. |
2024-01-08 |
7.8 |
CVE-2023-39275
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_pointers` array. |
2024-01-08 |
7.8 |
CVE-2023-39316
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `string_lens` array. |
2024-01-08 |
7.8 |
CVE-2023-39317
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the left shift operation. |
2024-01-08 |
7.8 |
CVE-2023-39413
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. A specially crafted .lxt2 file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer underflow when performing the right shift operation. |
2024-01-08 |
7.3 |
CVE-2023-39414
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop. |
2024-01-08 |
7.8 |
CVE-2023-39443
talos-cna@cisco.com |
| gtkwave — gtkwave |
Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. A specially-crafted .lxt2 file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop. |
2024-01-08 |
7.8 |
CVE-2023-39444
talos-cna@cisco.com |
| hancom — hcell |
Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893. |
2024-01-12 |
8.8 |
CVE-2023-40250
vuln@krcert.or.kr |
| haokekeji — yiqiniu |
A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652. |
2024-01-13 |
7.3 |
CVE-2024-0510
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| hayyp — cherry |
handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. |
2024-01-05 |
9.8 |
CVE-2024-22086
cve@mitre.org |
| hex_workshop — hex_workshop |
A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown. |
2024-01-11 |
7.3 |
CVE-2024-0429
cve-coordination@incibe.es |
hyperledger — aries-cloudagent-python
|
Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own. This vulnerability has been present since version 0.7.0 and fixed in version 0.10.5. |
2024-01-11 |
9.9 |
CVE-2024-21669
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| ibm — cics_transaction_gateway |
IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. IBM X-Force ID: 270259. |
2024-01-08 |
8.1 |
CVE-2023-47140
psirt@us.ibm.com
psirt@us.ibm.com
nvd@nist.gov |
| ibm — db2 |
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. |
2024-01-07 |
7.8 |
CVE-2023-47145
psirt@us.ibm.com
psirt@us.ibm.com |
| ibm — security_verify_access_appliance |
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access due to improper access controls. IBM X-Force ID: 254658. |
2024-01-11 |
8.4 |
CVE-2023-31003
psirt@us.ibm.com
psirt@us.ibm.com |
| ibm — storage_fusion_hci |
IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 275671. |
2024-01-08 |
9.8 |
CVE-2023-50948
psirt@us.ibm.com
psirt@us.ibm.com |
| icegram — icegram_engage |
Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage – WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18. |
2024-01-05 |
8.8 |
CVE-2023-52119
audit@patchstack.com |
inc2734 — mw_wp_form
|
The MW WP Form plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘_single_file_upload’ function in versions up to, and including, 5.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. |
2024-01-11 |
9.8 |
CVE-2023-6316
security@wordfence.com
security@wordfence.com
security@wordfence.com |
| inis_project — inis |
A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p_url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249875. |
2024-01-08 |
8.8 |
CVE-2024-0308
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| irfanview — b3d |
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. |
2024-01-05 |
9.8 |
CVE-2020-13878
cve@mitre.org |
| irfanview — b3d |
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. |
2024-01-05 |
9.8 |
CVE-2020-13879
cve@mitre.org |
| irfanview — b3d |
IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. |
2024-01-05 |
9.8 |
CVE-2020-13880
cve@mitre.org |
| ivanti — connect_secure |
A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. |
2024-01-12 |
9.1 |
CVE-2024-21887
support@hackerone.com |
| ivanti — connect_secure |
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. |
2024-01-12 |
8.2 |
CVE-2023-46805
support@hackerone.com |
| ivanti — endpoint_manager |
An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. |
2024-01-09 |
8.8 |
CVE-2023-39336
support@hackerone.com |
| javik — randomize |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3. |
2024-01-08 |
8.8 |
CVE-2023-52204
audit@patchstack.com |
| juniper_networks — junos_os |
An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2. |
2024-01-12 |
7.5 |
CVE-2024-21595
sirt@juniper.net
sirt@juniper.net |
| juniper_networks — junos_os |
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a “tcp-encap-profile” is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3. |
2024-01-12 |
7.5 |
CVE-2024-21606
sirt@juniper.net
sirt@juniper.net |
| juniper_networks — junos_os |
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1. |
2024-01-12 |
7.5 |
CVE-2024-21611
sirt@juniper.net
sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS * 22.2 versions earlier than 22.2R2-S2, 22.2R3; * 22.3 versions earlier than 22.3R2, 22.3R3. Juniper Networks Junos OS Evolved * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO. This issue does not affect Juniper Networks: Junos OS versions earlier than 22.2R1; Junos OS Evolved versions earlier than 22.2R1-EVO. |
2024-01-12 |
7.5 |
CVE-2024-21614
sirt@juniper.net
sirt@juniper.net |
| juniper_networks — junos_os |
An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-poolPool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< – Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. |
2024-01-12 |
7.5 |
CVE-2024-21616
sirt@juniper.net
sirt@juniper.net |
juniper_networks — junos_os
|
An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3. |
2024-01-12 |
9.8 |
CVE-2024-21591
sirt@juniper.net
sirt@juniper.net |
| juniper_networks — junos_os_evolved |
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS. This issue does not happen with IPv6 packets. This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L: * 21.4-EVO versions earlier than 21.4R3-S6-EVO; * 22.1-EVO versions earlier than 22.1R3-S5-EVO; * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO. |
2024-01-12 |
7.5 |
CVE-2024-21602
sirt@juniper.net
sirt@juniper.net |
| juniper_networks — junos_os_evolved |
An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring. The following log messages can be seen when this issue occurs: kernel: nf_conntrack: nf_conntrack: table full, dropping packet This issue affects Juniper Networks Junos OS Evolved: * All versions earlier than 20.4R3-S7-EVO; * 21.2R1-EVO and later versions; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S2-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO; * 22.4-EVO versions earlier than 22.4R2-EVO. |
2024-01-12 |
7.5 |
CVE-2024-21604
sirt@juniper.net
sirt@juniper.net |
| juniper_networks — junos_os_evolved |
An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO. |
2024-01-12 |
7.5 |
CVE-2024-21612
sirt@juniper.net
sirt@juniper.net |
| juniper_networks — paragon_active_assurance |
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0. |
2024-01-12 |
7.4 |
CVE-2024-21589
sirt@juniper.net
sirt@juniper.net |
| kashipara — food_management_system |
A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848. |
2024-01-07 |
9.8 |
CVE-2024-0287
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| kashipara — food_management_system |
A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This affects an unknown part of the file rawstock_used_damaged_submit.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249849 was assigned to this vulnerability. |
2024-01-08 |
9.8 |
CVE-2024-0288
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| kashipara — food_management_system |
A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability. |
2024-01-08 |
9.8 |
CVE-2024-0289
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| kashipara — food_management_system |
A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851. |
2024-01-08 |
9.8 |
CVE-2024-0290
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| korenix — jetnet_series |
An Improper Authentication vulnerability in Korenix JetNet TFTP allows abuse of this service. This issue affects JetNet devices older than firmware version 2024/01. |
2024-01-09 |
8.6 |
CVE-2023-5376
office@cyberdanube.com
office@cyberdanube.com
office@cyberdanube.com
office@cyberdanube.com |
korenix — jetnet_series
|
An Improper Verification of Cryptographic Signature vulnerability in the update process of Korenix JetNet Series allows replacing the whole operating system including Trusted Executables. This issue affects JetNet devices older than firmware version 2024/01. |
2024-01-09 |
9.8 |
CVE-2023-5347
office@cyberdanube.com
office@cyberdanube.com
office@cyberdanube.com
office@cyberdanube.com |
| kutethemes — ovic_responsive_wpbakery |
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as ‘users_can_register’ and ‘default_role’. It also unserializes user input in the process, which may lead to Object Injection attacks. |
2024-01-08 |
8.8 |
CVE-2023-5235
contact@wpscan.com |
| likeshop — likeshop |
A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120. |
2024-01-09 |
7.3 |
CVE-2024-0352
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| linux — kernel |
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access. |
2024-01-12 |
7.8 |
CVE-2023-6040
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com |
| linux — linux_kernel |
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. |
2024-01-08 |
7.8 |
CVE-2022-2586
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com |
| linux — linux_kernel |
io_uring UAF, Unix SCM garbage collection |
2024-01-08 |
7 |
CVE-2022-2602
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com |
| linux — kernel |
It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code. |
2024-01-08 |
7.8 |
CVE-2021-3600
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com |
| linux — kernel |
It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. |
2024-01-08 |
7.8 |
CVE-2022-2588
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com |
| lopalopa — dynamic_lab_management_system |
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability. |
2024-01-08 |
7.5 |
CVE-2024-0306
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| lopalopa — dynamic_lab_management_system |
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability. |
2024-01-08 |
7.5 |
CVE-2024-0307
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| machothemes — strong_testimonials |
Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10. |
2024-01-05 |
8.8 |
CVE-2023-52123
audit@patchstack.com |
| manageengine — adselfservice_plus |
ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. |
2024-01-11 |
8.8 |
CVE-2024-0252
0fc0942c-577d-436f-ae8e-945763c79b02 |
| mariosalexandrou — republish_old_posts |
Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21. |
2024-01-05 |
8.8 |
CVE-2023-52145
audit@patchstack.com |
mate-desktop — atril
|
Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6. |
2024-01-12 |
9.6 |
CVE-2023-51698
security-advisories@github.com
security-advisories@github.com |
| meowapps — database_cleaner |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.This issue affects Database Cleaner: Clean, Optimize & Repair: from n/a through 0.9.8. |
2024-01-08 |
7.5 |
CVE-2023-51508
audit@patchstack.com |
| metagauss — profilegrid |
Missing Authorization vulnerability in Profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities.This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.0.3. |
2024-01-08 |
8.8 |
CVE-2022-36352
audit@patchstack.com |
| microchip — maxview_storage_manager |
In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339). |
2024-01-08 |
9.1 |
CVE-2024-22216
cve@mitre.org |
| microsoft — .net |
.NET Denial of Service Vulnerability |
2024-01-09 |
7.5 |
CVE-2024-20672
secure@microsoft.com |
microsoft — .net_8.0
|
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability |
2024-01-09 |
9.1 |
CVE-2024-0057
secure@microsoft.com |
| microsoft — .net_framework |
.NET Framework Denial of Service Vulnerability |
2024-01-09 |
7.5 |
CVE-2024-21312
secure@microsoft.com |
| microsoft — azure_storage_mover |
Azure Storage Mover Remote Code Execution Vulnerability |
2024-01-09 |
8 |
CVE-2024-20676
secure@microsoft.com |
| microsoft — azure_uamqp |
Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01. |
2024-01-09 |
9.8 |
CVE-2024-21646
security-advisories@github.com
security-advisories@github.com |
| microsoft — microsoft_office_2019 |
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.
3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.
This change is effective as of the January 9, 2024 security update.
|
2024-01-09 |
7.8 |
CVE-2024-20677
secure@microsoft.com |
| microsoft — microsoft_sql_server_2022_(gdr) |
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability |
2024-01-09 |
8.7 |
CVE-2024-0056
secure@microsoft.com |
| microsoft — microsoft_visual_studio_2017_version_15.9_(includes_15.0_-_15.8) |
Visual Studio Elevation of Privilege Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-20656
secure@microsoft.com |
| microsoft — printer_metadata_troubleshooter_tool |
Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-21325
secure@microsoft.com |
| microsoft — sharepoint_server |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
2024-01-09 |
8.8 |
CVE-2024-21318
secure@microsoft.com |
| microsoft — windows_10_1507 |
Windows Kerberos Security Feature Bypass Vulnerability |
2024-01-09 |
8.8 |
CVE-2024-20674
secure@microsoft.com |
| microsoft — windows_10_1507 |
Microsoft Message Queuing Denial of Service Vulnerability |
2024-01-09 |
7.5 |
CVE-2024-20661
secure@microsoft.com |
| microsoft — windows_10_1507 |
Windows Cryptographic Services Remote Code Execution Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-20682
secure@microsoft.com |
| microsoft — windows_10_1507 |
Win32k Elevation of Privilege Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-20683
secure@microsoft.com |
| microsoft — windows_10_1507 |
Microsoft AllJoyn API Denial of Service Vulnerability |
2024-01-09 |
7.5 |
CVE-2024-20687
secure@microsoft.com |
| microsoft — windows_10_1507 |
Remote Desktop Client Remote Code Execution Vulnerability |
2024-01-09 |
7.5 |
CVE-2024-21307
secure@microsoft.com |
| microsoft — windows_10_1809 |
Windows Libarchive Remote Code Execution Vulnerability |
2024-01-09 |
7.3 |
CVE-2024-20696
secure@microsoft.com |
| microsoft — windows_10_1809 |
Windows Kernel Elevation of Privilege Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-20698
secure@microsoft.com |
| microsoft — windows_10_1809 |
Windows Hyper-V Remote Code Execution Vulnerability |
2024-01-09 |
7.5 |
CVE-2024-20700
secure@microsoft.com |
| microsoft — windows_10_1809 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-21310
secure@microsoft.com |
| microsoft — windows_10_21h2 |
Windows Subsystem for Linux Elevation of Privilege Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-20681
secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft ODBC Driver Remote Code Execution Vulnerability |
2024-01-09 |
8 |
CVE-2024-20654
secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows HTML Platforms Security Feature Bypass Vulnerability |
2024-01-09 |
7.5 |
CVE-2024-20652
secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Windows Group Policy Elevation of Privilege Vulnerability |
2024-01-09 |
7 |
CVE-2024-20657
secure@microsoft.com |
| microsoft — windows_10_version_1809 |
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-20658
secure@microsoft.com |
| microsoft — windows_11_21h2 |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-21309
secure@microsoft.com |
| microsoft — windows_11_22h2 |
Windows Libarchive Remote Code Execution Vulnerability |
2024-01-09 |
7.3 |
CVE-2024-20697
secure@microsoft.com |
| microsoft — windows_server_2022,23h2_edition_(server_core_installation) |
Microsoft Common Log File System Elevation of Privilege Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-20653
secure@microsoft.com |
| microsoft — windows_server_2022_23h2 |
Win32k Elevation of Privilege Vulnerability |
2024-01-09 |
7.8 |
CVE-2024-20686
secure@microsoft.com |
| motopress — getwid_-_gutenberg_blocks |
Any unauthenticated user may send e-mail from the site with any title or content to the admin |
2024-01-08 |
7.5 |
CVE-2023-6042
contact@wpscan.com |
| mtrv — teachpress |
Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4. |
2024-01-05 |
8.8 |
CVE-2023-52129
audit@patchstack.com |
| ncast_project — ncast |
A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872. |
2024-01-08 |
7.5 |
CVE-2024-0305
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| netscout — ngeniusone |
An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file. |
2024-01-09 |
9.8 |
CVE-2023-26999
cve@mitre.org
cve@mitre.org
cve@mitre.org |
| nginx-ui — nginx-ui |
Nginx-UI is an online statistic for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `”desc”` and `”id”` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9. |
2024-01-11 |
7 |
CVE-2024-22196
security-advisories@github.com
security-advisories@github.com |
| nginx-ui — nginx-ui |
Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn’t allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9. |
2024-01-11 |
7.7 |
CVE-2024-22197
security-advisories@github.com
security-advisories@github.com |
| nginx-ui — nginx-ui |
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn’t allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9. |
2024-01-11 |
7.1 |
CVE-2024-22198
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| ninjateam — fastdup |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup – Fastest WordPress Migration & Duplicator.This issue affects FastDup – Fastest WordPress Migration & Duplicator: from n/a through 2.1.7. |
2024-01-08 |
7.5 |
CVE-2023-51406
audit@patchstack.com |
| nitropack — nitropack |
Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2. |
2024-01-05 |
8.8 |
CVE-2023-52121
audit@patchstack.com |
| nvidia — dgx_a100 |
NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service. |
2024-01-12 |
7.5 |
CVE-2023-31032
psirt@nvidia.com |
| nvidia — dgx_a100 |
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. |
2024-01-12 |
7.5 |
CVE-2023-31035
psirt@nvidia.com |
nvidia — dgx_a100
|
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. |
2024-01-12 |
9 |
CVE-2023-31024
psirt@nvidia.com |
nvidia — dgx_a100
|
NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. |
2024-01-12 |
9.3 |
CVE-2023-31029
psirt@nvidia.com |
nvidia — dgx_a100
|
NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. |
2024-01-12 |
9.3 |
CVE-2023-31030
psirt@nvidia.com |
| nvidia — triton_inference_server |
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option –model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. |
2024-01-12 |
7.5 |
CVE-2023-31036
psirt@nvidia.com |
| omron — cj-series/cs-series_cpu_modules |
An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files form the PLC internal memory and memory card. |
2024-01-10 |
8.6 |
CVE-2022-45794
ot-cert@dragos.com
ot-cert@dragos.com |
| onenav — onenav |
A vulnerability was found in OneNav up to 0.9.33. It has been classified as critical. This affects an unknown part of the file /index.php?c=api of the component API. The manipulation of the argument X-Token leads to improper authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249765 was assigned to this vulnerability. |
2024-01-07 |
9.8 |
CVE-2023-7210
nvd@nist.gov
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| online_food_ordering_system_project — online_food_ordering_system |
A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. |
2024-01-05 |
9.8 |
CVE-2024-0247
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| open-xchange — ox_app_suite |
The optional “LDAP contacts provider” could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Unauthorized users could break confidentiality of information in the directory and potentially cause high load on the directory server, leading to denial of service. Encoding has been added for user-provided fragments that are used when constructing the LDAP query. No publicly available exploits are known. |
2024-01-08 |
9.6 |
CVE-2023-29050
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com |
| open-xchange — ox_app_suite |
A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run system commands with limited privilege to gain unauthorized access to confidential information and potentially violate integrity by modifying resources. The template engine has been reconfigured to deny execution of harmful commands on a system level. No publicly available exploits are known. |
2024-01-08 |
8.8 |
CVE-2023-29048
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com |
| open-xchange — ox_app_suite |
User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case. Unauthorized users could discover and modify application state, including objects related to other users and contexts. We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product. No publicly available exploits are known. |
2024-01-08 |
8.1 |
CVE-2023-29051
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com
security@open-xchange.com |
| openvpn — connect |
OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable |
2024-01-08 |
7.8 |
CVE-2023-7224
security@openvpn.net |
| oretnom23 — clinic_queuing_system |
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820. |
2024-01-07 |
9.8 |
CVE-2024-0264
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| oretnom23 — clinic_queuing_system |
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability. |
2024-01-07 |
8.8 |
CVE-2024-0265
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| ovation — dynamic_content_for_elementor |
Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5. |
2024-01-05 |
8.8 |
CVE-2023-52150
audit@patchstack.com |
| phome — empirecms |
SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and obtain sensitive information via the DoExecSql function. |
2024-01-09 |
7.2 |
CVE-2023-50162
cve@mitre.org |
| phpgurukul — dairy_farm_shop_management_system |
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. |
2024-01-10 |
9.8 |
CVE-2024-0355
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| phpgurukul — hospital_management_system |
A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127. |
2024-01-10 |
9.8 |
CVE-2024-0360
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| phpgurukul — hospital_management_system |
A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128. |
2024-01-10 |
9.8 |
CVE-2024-0361
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| phpgurukul — hospital_management_system |
A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability. |
2024-01-10 |
9.8 |
CVE-2024-0362
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| phpgurukul — hospital_management_system |
A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability. |
2024-01-10 |
9.8 |
CVE-2024-0363
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| phpgurukul — hospital_management_system |
A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131. |
2024-01-10 |
9.8 |
CVE-2024-0364
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| presstigers — simple_job_board |
Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6. |
2024-01-05 |
8.8 |
CVE-2023-52122
audit@patchstack.com |
| prestashow — google_integrator |
Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. This attack is possible via command insertion in one of the cookies. |
2024-01-08 |
9.1 |
CVE-2023-6921
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl |
| ptc — kepware_kepserverex |
An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. |
2024-01-10 |
7.8 |
CVE-2023-29445
ot-cert@dragos.com
ot-cert@dragos.com
ot-cert@dragos.com |
| puma — puma |
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8. |
2024-01-08 |
7.5 |
CVE-2024-21647
security-advisories@github.com
security-advisories@github.com |
| pyload — pyload |
pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. |
2024-01-08 |
8.8 |
CVE-2023-47890
cve@mitre.org
cve@mitre.org |
| pyload — pyload |
pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77. |
2024-01-08 |
7.5 |
CVE-2024-21644
security-advisories@github.com
security-advisories@github.com |
| qnap — qcalagent |
An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QcalAgent 1.1.8 and later |
2024-01-05 |
8.8 |
CVE-2023-41289
security@qnapsecurity.com.tw |
| qnap — qts |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later |
2024-01-05 |
7.2 |
CVE-2023-39294
security@qnapsecurity.com.tw |
| qnap — qts |
A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later |
2024-01-05 |
7.5 |
CVE-2023-39296
security@qnapsecurity.com.tw |
| qnap — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later |
2024-01-05 |
7.2 |
CVE-2023-45039
security@qnapsecurity.com.tw |
| qnap — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later |
2024-01-05 |
7.2 |
CVE-2023-45040
security@qnapsecurity.com.tw |
| qnap — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later |
2024-01-05 |
7.2 |
CVE-2023-45041
security@qnapsecurity.com.tw |
| qnap — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later |
2024-01-05 |
7.2 |
CVE-2023-45042
security@qnapsecurity.com.tw |
| qnap — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later |
2024-01-05 |
7.2 |
CVE-2023-45043
security@qnapsecurity.com.tw |
| qnap — qts |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later |
2024-01-05 |
7.2 |
CVE-2023-45044
security@qnapsecurity.com.tw |
| qnap — qumagie |
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later |
2024-01-05 |
8.8 |
CVE-2023-47219
security@qnapsecurity.com.tw |
| qnap — qumagie |
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later |
2024-01-05 |
8.8 |
CVE-2023-47560
security@qnapsecurity.com.tw |
| qnap — video_station |
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later |
2024-01-05 |
8.8 |
CVE-2023-41287
security@qnapsecurity.com.tw |
| qnap — video_station |
An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.2 ( 2023/11/23 ) and later |
2024-01-05 |
8.8 |
CVE-2023-41288
security@qnapsecurity.com.tw |
| redis — redis |
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4. |
2024-01-10 |
8.1 |
CVE-2023-41056
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| reputeinfosystems — armember |
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. |
2024-01-08 |
9.8 |
CVE-2023-52200
audit@patchstack.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows a remote attacker to upload arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. By abusing this vulnerability, it is possible to obtain remote code execution (RCE) with root privileges on the device. |
2024-01-10 |
8.1 |
CVE-2023-48243
psirt@bosch.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. |
2024-01-10 |
8.1 |
CVE-2023-48250
psirt@bosch.com |
|
rexroth — nexo_cordless_nutrunner_nxa015s-36v
|
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. |
2024-01-10 |
8.1 |
CVE-2023-48251
psirt@bosch.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests. |
2024-01-10 |
8.8 |
CVE-2023-48252
psirt@bosch.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their accounts. |
2024-01-10 |
8.8 |
CVE-2023-48253
psirt@bosch.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
2024-01-10 |
8.1 |
CVE-2023-48262
psirt@bosch.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
2024-01-10 |
8.1 |
CVE-2023-48263
psirt@bosch.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
2024-01-10 |
8.1 |
CVE-2023-48264
psirt@bosch.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
2024-01-10 |
8.1 |
CVE-2023-48265
psirt@bosch.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request. |
2024-01-10 |
8.1 |
CVE-2023-48266
psirt@bosch.com |
| rexroth — nexo_cordless_nutrunner_nxa015s-36v |
The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution (RCE) with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticated users, by accessing already-exported backup packages, or crafting an import package and inducing an authenticated victim into sending the HTTP upload request. |
2024-01-10 |
7.8 |
CVE-2023-48257
psirt@bosch.com |
| sap — gui_connector |
Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) – version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality. |
2024-01-09 |
7.5 |
CVE-2024-22125
cna@sap.com
cna@sap.com |
| sap — lt_replication_server |
SAP LT Replication Server – version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system. |
2024-01-09 |
7.2 |
CVE-2024-21735
cna@sap.com
cna@sap.com |
|
sap_se — sap_application_interface_framework_(file_adapter)
|
In SAP Application Interface Framework File Adapter – version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behavior of the application. This leads to considerable impact on confidentiality, integrity and availability. |
2024-01-09 |
8.4 |
CVE-2024-21737
cna@sap.com
cna@sap.com |
| schneider_electric — easergy_studio |
A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. |
2024-01-09 |
7.8 |
CVE-2023-7032
cybersecurity@se.com |
| siemens — jt2go |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-51439
productcert@siemens.com |
| siemens — jt2go |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-51745
productcert@siemens.com |
| siemens — jt2go |
A vulnerability has been identified in JT2Go (All versions < V14.3.0.6), Teamcenter Visualization V13.3 (All versions < V13.3.0.13), Teamcenter Visualization V14.1 (All versions < V14.1.0.12), Teamcenter Visualization V14.2 (All versions < V14.2.0.9), Teamcenter Visualization V14.3 (All versions < V14.3.0.6). The affected applications contain a stack overflow vulnerability while parsing specially crafted CGM files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-51746
productcert@siemens.com |
| siemens — simatic_cn_4100 |
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The “intermediate installation” system state of the affected application allows an attacker to add their own login credentials to the device. This allows an attacker to remotely login as root and take control of the device even after the affected device is fully set up. |
2024-01-09 |
9.8 |
CVE-2023-49251
productcert@siemens.com |
| siemens — simatic_cn_4100 |
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The “intermediate installation” system state of the affected application uses default credential with admin privileges. An attacker could use the credentials to gain complete control of the affected device. |
2024-01-09 |
9.8 |
CVE-2023-49621
productcert@siemens.com |
| siemens — simatic_cn_4100 |
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The affected application allows IP configuration change without authentication to the device. This could allow an attacker to cause denial of service condition. |
2024-01-09 |
7.5 |
CVE-2023-49252
productcert@siemens.com |
siemens — simatic_ipc1047e
|
A vulnerability has been identified in SIMATIC IPC1047E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC647E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows), SIMATIC IPC847E (All versions with maxView Storage Manager < V4.14.00.26068 on Windows). In default installations of maxView Storage Manager where Redfish® server is configured for remote system management, a vulnerability has been identified that can provide unauthorized access. |
2F024-01-09 |
10 |
CVE-2023-51438
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49121
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49122
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49123
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49124
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49126
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49127
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49128
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected applications contain a stack overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49129
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49130
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49131
productcert@siemens.com |
| siemens — solid_edge_se2023 |
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 10). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. |
2024-01-09 |
7.8 |
CVE-2023-49132
productcert@siemens.com |
| siemens — spectrum_power_7 |
A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product’s sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code and gain root access. |
2024-01-09 |
7.8 |
CVE-2023-44120
productcert@siemens.com |
smartersite — wp_compress_–_image_optimizer_[all-in-one]
|
The WP Compress – Image Optimizer [All-In-One] plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 6.10.33 via the css parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. |
2024-01-11 |
9.1 |
CVE-2023-6699
security@wordfence.com
security@wordfence.com |
| smashballoon — custom_twitter_feeds |
Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds – A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds – A Tweets Widget or X Feed Widget: from n/a through 2.1.2. |
2024-01-05 |
8.8 |
CVE-2023-52136
audit@patchstack.com |
| snapcreek — duplicator |
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server. |
2024-01-08 |
9.8 |
CVE-2018-25095
contact@wpscan.com |
| studip — stud.ip |
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9. |
2024-01-08 |
9 |
CVE-2023-50982
cve@mitre.org
cve@mitre.org
cve@mitre.org |
| stylishpricelist — stylish_price_list |
Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List – Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List – Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17. |
2024-01-05 |
9.8 |
CVE-2023-51673
audit@patchstack.com |
| subnet — powersystem_center |
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. |
2024-01-08 |
7.8 |
CVE-2023-6631
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov |
| surajghosh — hospital_management_system |
A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823. |
2024-01-07 |
9.8 |
CVE-2024-0267
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| surajghosh — hospital_management_system |
A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824. |
2024-01-07 |
9.8 |
CVE-2024-0268
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| svnlabs — html5_mp3_player_with_folder_feedburner_playlist_free |
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0. |
2024-01-08 |
7.2 |
CVE-2023-52202
audit@patchstack.com |
| svnlabs — html5_mp3_player_with_playlist_free |
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0. |
2024-01-08 |
8.8 |
CVE-2023-52207
audit@patchstack.com |
| svnlabs — html5_soundcloud_player_with_playlist_free |
Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0. |
2024-01-08 |
7.2 |
CVE-2023-52205
audit@patchstack.com |
| taggbox — taggbox |
Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics. This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1. |
2024-01-08 |
9.8 |
CVE-2023-52225
audit@patchstack.com |
| taokeyun — taokeyun |
A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584. |
2024-01-13 |
7.3 |
CVE-2024-0479
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| taokeyun — taokeyun |
A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability. |
2024-01-13 |
7.3 |
CVE-2024-0480
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| tenda — a18_firmware |
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. |
2024-01-09 |
9.8 |
CVE-2023-50585
cve@mitre.org |
| tenda — ax12_firmware |
Buffer Overflow vulnerability in Tenda AX12 V22.03.01.46, allows remote attackers to cause a denial of service (DoS) via list parameter in SetNetControlList function. |
2024-01-10 |
7.5 |
CVE-2023-49427
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51952
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51953
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51954
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51955
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv |
2024-01-10 |
9.8 |
CVE-2023-51956
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51957
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51958
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51959
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51960
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51961
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo. |
2024-01-10 |
9.8 |
CVE-2023-51962
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo. |
2024-01-10 |
9.8 |
CVE-2023-51963
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo. |
2024-01-10 |
9.8 |
CVE-2023-51964
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo. |
2024-01-10 |
9.8 |
CVE-2023-51965
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function setIptvInfo. |
2024-01-10 |
9.8 |
CVE-2023-51966
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo. |
2024-01-10 |
9.8 |
CVE-2023-51967
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo. |
2024-01-10 |
9.8 |
CVE-2023-51968
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo. |
2024-01-10 |
9.8 |
CVE-2023-51969
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. |
2024-01-10 |
9.8 |
CVE-2023-51970
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo. |
2024-01-10 |
9.8 |
CVE-2023-51971
cve@mitre.org |
| tenda — ax1803_firmware |
Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp. |
2024-01-10 |
9.8 |
CVE-2023-51972
cve@mitre.org |
| tenda — i29_firmware |
Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. |
2024-01-05 |
7.5 |
CVE-2023-50991
cve@mitre.org |
| themepunch — slider_revolution |
The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. |
2024-01-08 |
8.8 |
CVE-2023-6528
contact@wpscan.com |
thimpress — learnpress_–_wordpress_lms_plugin
|
The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
2024-01-11 |
9.8 |
CVE-2023-6567
security@wordfence.com
security@wordfence.com |
| tianocore — edk2 |
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. |
2024-01-09 |
7 |
CVE-2022-36763
infosec@edk2.groups.io |
| tianocore — edk2 |
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. |
2024-01-09 |
7 |
CVE-2022-36764
infosec@edk2.groups.io |
| tianocore — edk2 |
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. |
2024-01-09 |
7 |
CVE-2022-36765
infosec@edk2.groups.io |
| tinowagner — jupyter_notebook_viewer |
nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. |
2024-01-05 |
9.8 |
CVE-2023-51277
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org |
| totolink — lr1200gb_firmware |
A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
9.8 |
CVE-2024-0292
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — lr1200gb_firmware |
A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
9.8 |
CVE-2024-0293
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — lr1200gb_firmware |
A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
9.8 |
CVE-2024-0294
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — lr1200gb_firmware |
A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
9.8 |
CVE-2024-0295
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — lr1200gb_firmware |
A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
8.8 |
CVE-2024-0291
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — n200re_firmware |
A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
9.8 |
CVE-2024-0296
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — n200re_firmware |
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
9.8 |
CVE-2024-0297
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — n200re_firmware |
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
9.8 |
CVE-2024-0298
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — n200re_firmware |
A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
9.8 |
CVE-2024-0299
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — n350rt_firmware |
A vulnerability has been found in Totolink N350RT 9.3.5u.6139_B202012 and classified as critical. Affected by this vulnerability is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-09 |
9.8 |
CVE-2023-7219
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — n350rt_firmware |
A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this vulnerability is the function main of the file /cgi-bin/cstecgi.cgi?action=login&flag=1 of the component HTTP POST Request Handler. The manipulation of the argument v33 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249769 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-07 |
8.8 |
CVE-2023-7213
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — n350rt_firmware |
A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139_B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249770 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-07 |
8.8 |
CVE-2023-7214
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — n350rt_firmware |
A vulnerability, which was classified as critical, was found in Totolink N350RT 9.3.5u.6139_B202012. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-249852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-08 |
7.2 |
CVE-2023-7218
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — nr1800x_firmware |
A vulnerability was found in Totolink NR1800X 9.1.0u.6279_B20210910 and classified as critical. Affected by this issue is the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-09 |
9.8 |
CVE-2023-7220
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — t6_firmware |
A vulnerability was found in Totolink T6 4.1.9cu.5241_B20210923. It has been classified as critical. This affects the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v41 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249855. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-09 |
9.8 |
CVE-2023-7221
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — x2000r_firmware |
A vulnerability classified as critical was found in Totolink X2000R_V2 2.0.0-B20230727.10434. This vulnerability affects the function formTmultiAP of the file /bin/boa. The manipulation leads to buffer overflow. VDB-249742 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-07 |
9.8 |
CVE-2023-7208
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| totolink — x2000r_firmware |
A vulnerability was found in Totolink X2000R 1.0.0-B20221212.1452. It has been declared as critical. This vulnerability affects the function formTmultiAP of the file /bin/boa of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249856. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-09 |
9.8 |
CVE-2023-7222
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| tp-link — tapo |
TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel. |
2024-01-09 |
7.5 |
CVE-2023-27098
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org |
| trellix — agent |
A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. |
2024-01-09 |
7.8 |
CVE-2024-0213
trellixpsirt@trellix.com |
| trellix — anti-malware_engine |
A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn’t normally have permission to. After a scan, the Engine would follow the links and remove the files |
2024-01-09 |
7.1 |
CVE-2024-0206
trellixpsirt@trellix.com |
| trendnet — tv-ip1314pi_firmware |
An issue was discovered in libremote_dbg.so on TRENDnet TV-IP1314PI 5.5.3 200714 devices. Filtering of debug information is mishandled during use of popen. Consequently, an attacker can bypass validation and execute a shell command. |
2024-01-09 |
9.8 |
CVE-2023-49235
cve@mitre.org
cve@mitre.org |
| trendnet — tv-ip1314pi_firmware |
A stack-based buffer overflow was discovered on TRENDnet TV-IP1314PI 5.5.3 200714 devices, leading to arbitrary command execution. This occurs because of lack of length validation during a sscanf of a user-entered scale field in the RTSP playback function of davinci. |
2024-01-09 |
9.8 |
CVE-2023-49236
cve@mitre.org
cve@mitre.org |
| uniwayinfo — uw-302vp_firmware |
A vulnerability was found in Uniway Router 2.0. It has been declared as critical. This vulnerability affects unknown code of the component Administrative Web Interface. The manipulation leads to reliance on ip address for authentication. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-249766 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-07 |
8.1 |
CVE-2023-7211
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| uniwayinfo — uw-302vp_firmware |
A vulnerability was found in Uniway Router up to 2.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boaform/device_reset.cgi of the component Device Reset Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249758 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. |
2024-01-07 |
7.5 |
CVE-2023-7209
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| wallix — bastion |
WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure. |
2024-01-08 |
7.5 |
CVE-2023-49961
cve@mitre.org |
| wazuh — wazuh |
Wazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3. |
2024-01-12 |
7.4 |
CVE-2023-42463
security-advisories@github.com |
| wiselyhub — js_help_desk |
Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Best Help Desk & Support Plugin: from n/a through 2.7.1. |
2024-01-05 |
9.8 |
CVE-2022-46839
audit@patchstack.com |
| wordpress — wordpress |
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway. This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. |
2024-01-05 |
9.8 |
CVE-2023-51502
audit@patchstack.com |
| wordpress — wordpress |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in UkrSolution Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce.This issue affects Simple Inventory Management – just scan barcode to manage products and orders. For WooCommerce: from n/a through 1.5.1. |
2024-01-08 |
9.8 |
CVE-2023-52215
audit@patchstack.com |
| wordpress — wordpress |
Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway. This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8. |
2024-01-08 |
9.8 |
CVE-2023-52218
audit@patchstack.com |
| wordpress — wordpress |
Missing Authorization vulnerability in Rymera Web Co Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.This issue affects Wholesale Suite – WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More: from n/a through 2.1.5. |
2024-01-08 |
8.8 |
CVE-2022-34344
audit@patchstack.com |
| wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1. |
2024-01-05 |
8.8 |
CVE-2023-52127
audit@patchstack.com |
| wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label – WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0. |
2024-01-05 |
8.8 |
CVE-2023-52128
audit@patchstack.com |
| wordpress — wordpress |
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Cool Plugins Events Shortcodes For The Events Calendar.This issue affects Events Shortcodes For The Events Calendar: from n/a through 2.3.1. |
2024-01-08 |
8.8 |
CVE-2023-52142
audit@patchstack.com |
| wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2. |
2024-01-08 |
8.8 |
CVE-2023-52222
audit@patchstack.com |
| wordpress — wordpress |
The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. This is due to missing or incorrect nonce validation on the update_password_validate function. This makes it possible for unauthenticated attackers to reset a user’s password via a forged request granted they can trick the user into performing an action such as clicking on a link. |
2024-01-11 |
8.8 |
CVE-2023-5448
security@wordfence.com
security@wordfence.com |
| wordpress — wordpress |
The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. This allows authenticated attackers to store backups in arbitrary folders on the server provided they can be written to by the server. Additionally, default settings will place an index.php and a .htaccess file into the chosen directory (unless already present) when the first backup job is run that are intended to prevent directory listing and file access. This means that an attacker could set the backup directory to the root of another site in a shared environment and thus disable that site. |
2024-01-11 |
8.7 |
CVE-2023-5504
security@wordfence.com
security@wordfence.com
security@wordfence.com |
| wordpress — wordpress |
The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution. |
2024-01-08 |
8.8 |
CVE-2023-6140
contact@wpscan.com |
| wordpress — wordpress |
The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘piotnetforms_ajax_form_builder’ function in versions up to, and including, 1.0.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible. |
2024-01-11 |
8.1 |
CVE-2023-6220
security@wordfence.com
security@wordfence.com |
| wordpress — wordpress |
The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution. |
2024-01-11 |
8.1 |
CVE-2023-6634
security@wordfence.com
security@wordfence.com |
| wordpress — wordpress |
The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks |
2024-01-08 |
8.8 |
CVE-2023-6845
contact@wpscan.com
contact@wpscan.com |
| wordpress — wordpress |
The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘dcssb_ajax_update’ function in versions up to, and including, 2.4.11. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. |
2024-01-11 |
8.8 |
CVE-2023-6878
security@wordfence.com
security@wordfence.com |
| wordpress — wordpress |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce.This issue affects WP Optin Wheel – Gamified Optin Email Marketing Tool for WordPress and WooCommerce: from n/a through 1.4.3. |
2024-01-08 |
7.5 |
CVE-2023-51408
audit@patchstack.com |
| wordpress — wordpress |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37. |
2024-01-05 |
7.5 |
CVE-2023-52143
audit@patchstack.com |
| wordpress — wordpress |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. |
2024-01-08 |
7.5 |
CVE-2023-52190
audit@patchstack.com |
| wordpress — wordpress |
The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell. |
2024-01-08 |
7.2 |
CVE-2023-5957
contact@wpscan.com |
| wordpress — wordpress |
The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data |
2024-01-08 |
7.5 |
CVE-2023-6383
contact@wpscan.com |
| wordpress — wordpress |
The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files. |
2024-01-08 |
7.5 |
CVE-2023-6505
contact@wpscan.com |
| wordpress — wordpress |
The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the ‘upload_import_file’ function in versions up to, and including, 2.4.8. This makes it possible for authenticated attackers with shop manager-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. |
2024-01-11 |
7.2 |
CVE-2023-6558
security@wordfence.com
security@wordfence.com
security@wordfence.com |
| wordpress — wordpress |
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the ‘gspb_save_files’ function in versions up to, and including, 7.6.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. |
2024-01-11 |
7.2 |
CVE-2023-6636
security@wordfence.com
security@wordfence.com
security@wordfence.com |
| wordpress — wordpress |
The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. This makes it possible for unauthenticated attackers to enable and disable maintenance mode. |
2024-01-11 |
7.3 |
CVE-2023-6751
security@wordfence.com
security@wordfence.com |
| wordpress — wordpress |
The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
2024-01-11 |
7.2 |
CVE-2023-6828
security@wordfence.com
security@wordfence.com |
wordpress — wordpress
|
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. |
2024-01-11 |
9.8 |
CVE-2023-6979
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
wordpress — wordpress
|
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all versions up to, and including, 1.3.6. This makes it possible for unauthenticated attackers to download back-up files which can contain sensitive information such as user passwords, PII, database credentials, and much more. |
2024-01-11 |
7.5 |
CVE-2023-6266
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
| wow-company — floating_button |
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0. |
2024-01-05 |
8.8 |
CVE-2023-52149
audit@patchstack.com |
| wp-blogs-planetarium_project — wp-blogs-planetarium |
The WP Blogs’ Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
2024-01-08 |
8.8 |
CVE-2023-6532
contact@wpscan.com
contact@wpscan.com |
| wpaffiliatemanager — affiliates_manager |
Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31. |
2024-01-05 |
8.8 |
CVE-2023-52130
audit@patchstack.com |
| wpchill — download_monitor |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.7.60. |
2024-01-08 |
7.5 |
CVE-2022-45354
audit@patchstack.com |
wpexpertsio — post_smtp_–_the_#1_wordpress_smtp_plugin_with_advanced_email_logging_and_delivery_failure_notifications
|
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to reset the API key used to authenticate to the mailer and view logs, including password reset emails, allowing site takeover. |
2024-01-11 |
9.8 |
CVE-2023-6875
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com |
| wpjobportal — wp_job_portal |
Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.6. |
2024-01-05 |
8.8 |
CVE-2023-52184
audit@patchstack.com |
| wpmudev — defender_security |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. |
2024-01-08 |
7.5 |
CVE-2023-51490
audit@patchstack.com |
| wpzone — inline_image_upload_for_bbpress |
Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18. |
2024-01-05 |
8.8 |
CVE-2023-51668
audit@patchstack.com |
| wwbn — avideo |
A cross-site scripting (xss) vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. |
2024-01-10 |
8.5 |
CVE-2023-48730
talos-cna@cisco.com |
| wwbn — avideo |
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this vulnerability. |
2024-01-10 |
8.8 |
CVE-2023-49589
talos-cna@cisco.com |
wwbn — avideo
|
A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. |
2024-01-10 |
9 |
CVE-2023-47861
talos-cna@cisco.com |
wwbn — avideo
|
A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability. |
2024-01-10 |
9.8 |
CVE-2023-47862
talos-cna@cisco.com |
wwbn — avideo
|
A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerability. |
2024-01-10 |
9.6 |
CVE-2023-48728
talos-cna@cisco.com |
wwbn — avideo
|
An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user. |
2024-01-10 |
9.8 |
CVE-2023-49599
talos-cna@cisco.com |
wwbn — avideo
|
An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read. |
2024-01-10 |
7.5 |
CVE-2023-49738
talos-cna@cisco.com |
wwbn — avideo
|
A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability. |
2024-01-10 |
7.3 |
CVE-2023-49810
talos-cna@cisco.com |
| xen — xen |
For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Since Xen itself needs to be mapped when PV guests run, Xen and shadowed PV guests run directly the respective shadow page tables. For 64-bit PV guests this means running on the shadow of the guest root page table. In the course of dealing with shortage of memory in the shadow pool associated with a domain, shadows of page tables may be torn down. This tearing down may include the shadow root page table that the CPU in question is presently running on. While a precaution exists to supposedly prevent the tearing down of the underlying live page table, the time window covered by that precaution isn’t large enough. |
2024-01-05 |
7.8 |
CVE-2023-34322
security@xen.org |
| xen — xen |
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them based on grub-legacy code. libfsimage is used by pygrub to inspect guest disks. Pygrub runs as the same user as the toolstack (root in a priviledged domain). At least one issue has been reported to the Xen Security Team that allows an attacker to trigger a stack buffer overflow in libfsimage. After further analisys the Xen Security Team is no longer confident in the suitability of libfsimage when run against guest controlled input with super user priviledges. In order to not affect current deployments that rely on pygrub patches are provided in the resolution section of the advisory that allow running pygrub in deprivileged mode. CVE-2023-4949 refers to the original issue in the upstream grub project (“An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.”) CVE-2023-34325 refers specifically to the vulnerabilities in Xen’s copy of libfsimage, which is decended from a very old version of grub. |
2024-01-05 |
7.8 |
CVE-2023-34325
security@xen.org |
| xen — xen |
The caching invalidation guidelines from the AMD-Vi specification (48882-Rev 3.07-PUB-Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of the DTE are updated but the IOMMU TLB is not flushed. Such stale DMA mappings can point to memory ranges not owned by the guest, thus allowing access to unindented memory regions. |
2024-01-05 |
7.8 |
CVE-2023-34326
security@xen.org |
| xwiki — xwiki |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the “first name” or “last name” fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1. |
2024-01-08 |
9.8 |
CVE-2024-21650
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| xwiki — xwiki |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don’t have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. |
2024-01-09 |
8.8 |
CVE-2024-21648
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com |
| yevhenkotelnytskyi — js_&_css_script_optimizer |
Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3. |
2024-01-08 |
8.8 |
CVE-2023-52216
audit@patchstack.com |
| youke365 — youke_365 |
A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability. |
2024-01-08 |
9.8 |
CVE-2024-0303
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| youke365 — youke_365 |
A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871. |
2024-01-08 |
9.8 |
CVE-2024-0304
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com |
| zohocorp — manageengine_firewall_analyzer |
A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability. |
2024-01-08 |
8.6 |
CVE-2023-47211
talos-cna@cisco.com
talos-cna@cisco.com |
| zoom_video_communications_inc. — zoom_desktop_client_for_windows/zoom_vdi_client_for_windows/zoom_sdks_for_windows |
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access. |
2024-01-12 |
8.8 |
CVE-2023-49647
security@zoom.us |
