Vulnerability Summary for the Week of September 25, 2023

Posted by:

|

On:

|

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
accusoft — imagegear An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-09-25 9.8 CVE-2023-32284
MISC
accusoft — imagegear A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-09-25 9.8 CVE-2023-32614
MISC
accusoft — imagegear A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. 2023-09-25 9.8 CVE-2023-35002
MISC
accusoft — imagegear A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability. 2023-09-25 9.8 CVE-2023-39453
MISC
accusoft — imagegear An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-09-25 9.8 CVE-2023-40163
MISC
accusoft — imagegear A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. 2023-09-25 8.8 CVE-2023-23567
MISC
accusoft — imagegear A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-09-25 8.8 CVE-2023-28393
MISC
accusoft — imagegear An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. 2023-09-25 8.8 CVE-2023-32653
MISC
acronis — cyber_protect Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. 2023-09-27 9.1 CVE-2023-44152
MISC
acronis — cyber_protect Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 9.1 CVE-2023-44154
MISC
acronis — cyber_protect Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 9.1 CVE-2023-44206
MISC
acronis — cyber_protect Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. 2023-09-27 7.8 CVE-2023-44157
MISC
acronis — cyber_protect Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. 2023-09-27 7.5 CVE-2023-44153
MISC
acronis — cyber_protect Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 7.5 CVE-2023-44155
MISC
acronis — cyber_protect Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 7.5 CVE-2023-44156
MISC
acronis — cyber_protect Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 7.5 CVE-2023-44158
MISC
acronis — cyber_protect Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 7.5 CVE-2023-44159
MISC
apple — iphone_os/ipad_os The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-40431
MISC
apple — iphone_os/ipad_os The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges. 2023-09-27 7.8 CVE-2023-40443
MISC
apple — macos An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. 2023-09-27 10 CVE-2023-38586
MISC
apple — macos A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. 2023-09-27 10 CVE-2023-40455
MISC
apple — macos The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. 2023-09-27 9.1 CVE-2023-40436
MISC
apple — macos A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-32377
MISC
apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-38615
MISC
apple — macos The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remote attacker may be able to cause a denial-of-service. 2023-09-27 7.5 CVE-2023-40407
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution. 2023-09-27 9.8 CVE-2023-40400
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. 2023-09-27 8.8 CVE-2023-35074
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. 2023-09-27 8.8 CVE-2023-39434
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. 2023-09-27 8.8 CVE-2023-41074
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox. 2023-09-27 8.6 CVE-2023-40448
MISC
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges. 2023-09-27 7.8 CVE-2023-32396
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-40409
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-40412
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges. 2023-09-27 7.8 CVE-2023-40419
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-40432
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-41063
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges. 2023-09-27 7.8 CVE-2023-41068
MISC
MISC
MISC
MISC
apple — multiple_products A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-41071
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-41174
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-41984
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. 2023-09-27 7.8 CVE-2023-41995
MISC
MISC
apple — multiple_products The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files. 2023-09-27 7.1 CVE-2023-40452
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission. 2023-09-27 7.1 CVE-2023-40454
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — safari This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code. 2023-09-27 8.8 CVE-2023-40451
MISC
MISC
automataci — automataci AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tool. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g., `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository. 2023-09-22 9.1 CVE-2023-42798
MISC
MISC
blog — blog SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php 2023-09-27 7.5 CVE-2023-43381
MISC
MISC
cadence — cadence Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible. 2023-09-22 7.5 CVE-2023-43783
MISC
MISC
cassia_networks — access_controller An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks. 2023-09-27 8.8 CVE-2023-35793
MISC
MISC
cesanta_software_ltd. — mjs Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. 2023-09-23 9.8 CVE-2023-43338
MISC
cilium — cilium Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect Cilium network policies that use the namespace, service account or cluster constructs to restrict traffic, Cilium clusterwide network policies that use Cilium namespace labels to select the Pod and Kubernetes network policies. Non-existent construct names can be provided, which bypass all network policies applicable to the construct. For example, providing a pod with a non-existent namespace as the value of the `io.kubernetes.pod.namespace` label results in none of the namespaced CiliumNetworkPolicies applying to the pod in question. This attack requires the attacker to have Kubernetes API Server access, as described in the Cilium Threat Model. This issue has been resolved in: Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users are advised to upgrade. As a workaround an admission webhook can be used to prevent pod label updates to the `k8s:io.kubernetes.pod.namespace` and `io.cilium.k8s.policy.*` keys. 2023-09-27 9 CVE-2023-39347
MISC
MISC
cilium — cilium Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted `endpointSelector` that uses the `DoesNotExist` operator on the `reserved:init` label, the attacker can create policies that bypass namespace restrictions and affect the entire Cilium cluster. This includes potentially allowing or denying all traffic. This attack requires API server access, as described in the Kubernetes API Server Attacker section of the Cilium Threat Model. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. As a workaround an admission webhook can be used to prevent the use of `endpointSelectors` that use the `DoesNotExist` operator on the `reserved:init` label in CiliumNetworkPolicies. 2023-09-27 8.1 CVE-2023-41333
MISC
MISC
MISC
cisco — ios_xe A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2023-09-27 8.6 CVE-2023-20033
MISC
cisco — sd-wan_manager A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled. This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial-of-service condition. 2023-09-27 8.8 CVE-2023-20254
MISC
collne_inc. — welcart_e-commerce SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations. 2023-09-27 8.8 CVE-2023-43610
MISC
MISC
collne_inc. — welcart_e-commerce Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. 2023-09-27 7.2 CVE-2023-40219
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function. 2023-09-28 9.8 CVE-2023-43869
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function. 2023-09-28 7.5 CVE-2023-43860
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function. 2023-09-28 7.5 CVE-2023-43861
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function. 2023-09-28 7.5 CVE-2023-43862
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function. 2023-09-28 7.5 CVE-2023-43863
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function. 2023-09-28 7.5 CVE-2023-43864
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function. 2023-09-28 7.5 CVE-2023-43865
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function. 2023-09-28 7.5 CVE-2023-43866
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function. 2023-09-28 7.5 CVE-2023-43867
MISC
MISC
d-link — dir-619l_firmware D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function. 2023-09-28 7.5 CVE-2023-43868
MISC
MISC
d-link — dir-806_firmware D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. 2023-09-22 9.8 CVE-2023-43129
MISC
MISC
d-link — dir-806_firmware D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. 2023-09-22 9.8 CVE-2023-43130
MISC
MISC
dedebiz — dedebiz DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. 2023-09-27 9.8 CVE-2023-43234
MISC
MISC
MISC
MISC
dedecms — dedecms An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. 2023-09-28 8.8 CVE-2023-43226
MISC
dell — networker Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity. 2023-09-27 8.8 CVE-2023-28055
MISC
docker — docker_desktop Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. 2023-09-25 9.8 CVE-2023-0625
MISC
docker — docker_desktop Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. 2023-09-25 9.8 CVE-2023-0626
MISC
docker — docker_desktop Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. 2023-09-25 8.8 CVE-2023-5165
MISC
docker — docker_desktop Docker Desktop 4.11.x allows –no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE). This issue affects Docker Desktop: 4.11.X. 2023-09-25 7.8 CVE-2023-0627
MISC
docker — docker_desktop In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE). This issue affects Docker Desktop: before 4.12.0. 2023-09-25 7.8 CVE-2023-0633
MISC
dreamer_cms — dreamer_cms Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. 2023-09-25 8.8 CVE-2023-43382
MISC
MISC
MISC
dreamer_cms — dreamer_cms Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. 2023-09-27 7.5 CVE-2023-43856
MISC
MISC
MISC
MISC
dst-admin — dst-admin dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. 2023-09-22 9.8 CVE-2023-43270
MISC
easyphp — webserver An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter. 2023-09-27 9.8 CVE-2023-3767
MISC
emlog_pro — emlog_pro Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. 2023-09-27 9.8 CVE-2023-43291
MISC
f-secure — client_security Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. 2023-09-22 7.5 CVE-2023-43760
MISC
MISC
f-secure — linux_protection Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. 2023-09-22 7.8 CVE-2023-43766
MISC
MISC
f-secure — linux_protection Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. 2023-09-22 7.5 CVE-2023-43761
MISC
MISC
f-secure — linux_protection Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. 2023-09-22 7.5 CVE-2023-43765
MISC
MISC
f-secure — linux_protection Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0, Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. 2023-09-22 7.5 CVE-2023-43767
MISC
MISC
f5 — big-ip_access_policy_manager BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2023-09-27 7.1 CVE-2023-43124
MISC
fortect — fortect Fortect – CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges. 2023-09-27 7.8 CVE-2023-42486
MISC
fuxa — fuxa FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. 2023-09-22 9.8 CVE-2023-31719
MISC
MISC
MISC
fuxa — fuxa FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log 2023-09-22 7.5 CVE-2023-31716
MISC
MISC
fuxa — fuxa A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. 2023-09-22 7.5 CVE-2023-31717
MISC
MISC
MISC
fuxa — fuxa FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. 2023-09-22 7.5 CVE-2023-31718
MISC
MISC
MISC
general_device_manager — general_device_manager General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow. 2023-09-25 9.8 CVE-2023-43131
MISC
gevent — gevent An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. 2023-09-25 9.8 CVE-2023-41419
MISC
MISC
glpi — glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be used to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. 2023-09-27 9.8 CVE-2023-41320
MISC
glpi — glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. 2023-09-27 9.8 CVE-2023-42461
MISC
glpi — glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. 2023-09-27 9.1 CVE-2023-42462
MISC
glpi — glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter’s password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work arounds for this vulnerability. 2023-09-27 8.8 CVE-2023-41322
MISC
glpi — glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that has read access on users’ resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. 2023-09-27 8.8 CVE-2023-41324
MISC
glpi — glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. 2023-09-27 8.8 CVE-2023-41326
MISC
gnu — gawk A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. 2023-09-25 7.1 CVE-2023-4156
MISC
MISC
gnu — glibc A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. 2023-09-25 7.5 CVE-2023-5156
MISC
MISC
MISC
MISC
gomarkdown — markdown The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue. 2023-09-22 7.5 CVE-2023-42821
MISC
MISC
MISC
google — chrome Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) 2023-09-28 8.8 CVE-2023-5186
MISC
MISC
MISC
MISC
MISC
MISC
google — chrome Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-09-28 8.8 CVE-2023-5187
MISC
MISC
MISC
MISC
MISC
MISC
hancom — hancom_office_2020 A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability. 2023-09-27 7.8 CVE-2023-32541
MISC
hedef_tracking — admin_panel Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2. 2023-09-27 9.8 CVE-2023-4737
MISC
huawei — emui Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking. 2023-09-25 9.8 CVE-2023-41297
MISC
MISC
huawei — emui Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality. 2023-09-25 9.1 CVE-2023-41296
MISC
MISC
huawei — emui Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability. 2023-09-27 7.5 CVE-2022-48606
MISC
MISC
huawei — emui DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. 2023-09-25 7.5 CVE-2023-39408
MISC
MISC
huawei — emui DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. 2023-09-25 7.5 CVE-2023-39409
MISC
MISC
huawei — emui Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. 2023-09-25 7.5 CVE-2023-41300
MISC
MISC
huawei — emui Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. 2023-09-25 7.5 CVE-2023-41301
MISC
MISC
huawei — emui Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally. 2023-09-25 7.5 CVE-2023-41302
MISC
MISC
huawei — emui Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified. 2023-09-25 7.5 CVE-2023-41303
MISC
MISC
huawei — emui Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality. 2023-09-27 7.5 CVE-2023-41305
MISC
MISC
huawei — harmonyos Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. 2023-09-25 9.8 CVE-2022-48605
MISC
MISC
huawei — harmonyos The DP module has a service hijacking vulnerability. Successful exploitation of this vulnerability may affect some Super Device services. 2023-09-25 9.8 CVE-2023-41294
MISC
huawei — harmonyos The Watchkit has a risk of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality and integrity. 2023-09-25 9.1 CVE-2023-39407
MISC
huawei — harmonyos Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality. 2023-09-25 7.5 CVE-2023-41293
MISC
MISC
huawei — harmonyos Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. 2023-09-25 7.5 CVE-2023-41298
MISC
MISC
huawei — harmonyos DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. 2023-09-25 7.5 CVE-2023-41299
MISC
MISC
huawei — harmonyos Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability. 2023-09-27 7.5 CVE-2023-41307
MISC
MISC
huawei — harmonyos Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. 2023-09-27 7.5 CVE-2023-41308
MISC
MISC
huawei — harmonyos Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability. 2023-09-27 7.5 CVE-2023-41309
MISC
MISC
ibm — i Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. 2023-09-28 7.8 CVE-2023-40375
MISC
MISC
jeecg — jeecg_boot SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. 2023-09-22 9.8 CVE-2023-40989
MISC
jumpserver — jumpserver JumpServer is an open-source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the ‘Job-Template’ menu and create a playbook named ‘test’. Get the playbook id from the detail page, like ‘e0adabef-c38f-492d-bd92-832bacc3df5f’. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd` a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-09-27 8.8 CVE-2023-42819
MISC
MISC
jumpserver — jumpserver JumpServer is an open-source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affected. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue. 2023-09-27 8.2 CVE-2023-42820
MISC
MISC
juplink — rx4-1500_firmware Credential disclosure in the ‘/webs/userpasswd.htm’ endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. 2023-09-22 8.8 CVE-2023-41027
MISC
juplink — rx4-1500_firmware Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint. 2023-09-22 8.8 CVE-2023-41029
MISC
juplink — rx4-1500_firmware Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint. 2023-09-22 8.8 CVE-2023-41031
MISC
kubernetes — cri-o A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. 2023-09-25 7.8 CVE-2022-4318
MISC
MISC
MISC
MISC
kubernetes — kube-apiserver An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions “update, patch” the “pods/ephemeralcontainers” subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. 2023-09-24 9.1 CVE-2023-1260
MISC
MISC
MISC
MISC
MISC
MISC
libvpx — libvpx Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-09-28 8.8 CVE-2023-5217
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
linux — kernel An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. 2023-09-25 7.8 CVE-2023-42753
MISC
MISC
MISC
MISC
mediawiki — mediawiki Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. 2023-09-25 9 CVE-2023-3550
MISC
MISC
metersphere — metersphere MeterSphere is a one-stop open-source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-09-27 9.8 CVE-2023-41878
MISC
MISC
mozilla — firefox A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. 2023-09-27 9.8 CVE-2023-5168
MISC
MISC
MISC
MISC
mozilla — firefox If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. 2023-09-27 9.8 CVE-2023-5174
MISC
MISC
MISC
MISC
mozilla — firefox During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. 2023-09-27 9.8 CVE-2023-5175
MISC
MISC
mozilla — firefox In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. *This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118. 2023-09-27 7.5 CVE-2023-5173
MISC
MISC
mozilla — multiple_products Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. 2023-09-27 9.8 CVE-2023-5176
MISC
MISC
MISC
MISC
MISC
MISC
mrv_tech — logging_administration_panel Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915. 2023-09-27 9.8 CVE-2023-35071
MISC
nodebb_inc. — nodebb A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. 2023-09-27 9.8 CVE-2023-43187
MISC
online_book_store_project — online_book_store_project The ‘bookisbn’ parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-09-28 9.8 CVE-2023-43739
MISC
MISC
online_job_portal — online_job_portal SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component. 2023-09-23 9.8 CVE-2023-43468
MISC
MISC
MISC
online_job_portal — online_job_portal SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component. 2023-09-23 9.8 CVE-2023-43469
MISC
MISC
MISC
online_voting_system — online_voting_system SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component. 2023-09-23 9.8 CVE-2023-43470
MISC
MISC
MISC
opencart — opencart Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server 2023-09-27 8.8 CVE-2023-2315
MISC
MISC
pgadmin — pgadmin A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. 2023-09-22 8.8 CVE-2023-5002
MISC
MISC
phpkobo — ajaxnewsticker An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. 2023-09-27 9.8 CVE-2023-41449
MISC
MISC
MISC
phpkobo — ajaxnewsticker An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. 2023-09-28 8.8 CVE-2023-41450
MISC
MISC
MISC
phpkobo — ajaxnewsticker Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. 2023-09-27 8.8 CVE-2023-41452
MISC
MISC
MISC
progress — ws_ftp_server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system. 2023-09-27 9.6 CVE-2023-42657
MISC
MISC
progress — ws_ftp_server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. 2023-09-27 8.8 CVE-2023-40044
MISC
MISC
progress — ws_ftp_server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. 2023-09-27 7.2 CVE-2023-40046
MISC
MISC
projectworlds — asset_management_system Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the ’email’ parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. 2023-09-28 9.8 CVE-2023-43013
MISC
MISC
projectworlds — asset_management_system Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the ‘first_name’ and ‘last_name’ parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. 2023-09-28 8.8 CVE-2023-43014
MISC
MISC
projectworlds — asset_management_system_project_in_php Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the “id” parameter in delete.php. 2023-09-22 9.8 CVE-2023-43144
MISC
projectworlds — gym_management_system_project Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the ‘file’ parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 2023-09-28 8.8 CVE-2023-5185
MISC
MISC
projectworlds — online_movie_ticket_booking_system The ‘search’ parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-09-28 9.8 CVE-2023-44163
MISC
MISC
projectworlds — online_movie_ticket_booking_system The ‘Email’ parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-09-28 9.8 CVE-2023-44164
MISC
MISC
projectworlds — online_movie_ticket_booking_system The ‘Password’ parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-09-28 9.8 CVE-2023-44165
MISC
MISC
projectworlds — online_movie_ticket_booking_system The ‘age’ parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-09-28 9.8 CVE-2023-44166
MISC
MISC
projectworlds — online_movie_ticket_booking_system The ‘name’ parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-09-28 9.8 CVE-2023-44167
MISC
MISC
projectworlds — online_movie_ticket_booking_system The ‘phone’ parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. 2023-09-28 9.8 CVE-2023-44168
MISC
MISC
qnap — multimedia_console A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 (2023/03/29) and later Multimedia Console 1.4.7 (2023/03/20) and later 2023-09-22 9.8 CVE-2023-23364
MISC
qnap — qts A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later 2023-09-22 9.8 CVE-2023-23363
MISC
qnap — qutscloud An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later 2023-09-22 8.8 CVE-2023-23362
MISC
redhat — apicast A flaw was found in APICast, when 3Scale’s OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. 2023-09-27 7.5 CVE-2023-0456
MISC
MISC
redhat — satellite A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. 2023-09-22 9.1 CVE-2022-3874
MISC
MISC
redhat — single_sign-on A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. 2023-09-22 9.8 CVE-2022-4039
MISC
MISC
MISC
redhat — undertow A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it’s possible to bypass the limit by setting the file name in the request to null. 2023-09-27 7.5 CVE-2023-3223
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
sagernet — sing-box Sing-box is an open-source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments. 2023-09-25 9.8 CVE-2023-43644
MISC
seacms — seacms SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. 2023-09-27 9.8 CVE-2023-43216
MISC
seacms — seacms SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. 2023-09-27 9.8 CVE-2023-43222
MISC
seacms — seacms SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. 2023-09-27 9.8 CVE-2023-44169
MISC
seacms — seacms SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. 2023-09-27 9.8 CVE-2023-44170
MISC
seacms — seacms SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. 2023-09-27 9.8 CVE-2023-44171
MISC
seacms — seacms SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. 2023-09-27 9.8 CVE-2023-44172
MISC
seacms — seacms A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. 2023-09-25 8.8 CVE-2023-43278
MISC
MISC
MISC
siberiancms — siberiancms SiberianCMS – CWE-274: Improper Handling of Insufficient Privileges 2023-09-27 9.8 CVE-2023-39375
MISC
siberiancms — siberiancms SiberianCMS – CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) by an unauthenticated user 2023-09-27 8.8 CVE-2023-39378
MISC
siberiancms — siberiancms SiberianCMS – CWE-434: Unrestricted Upload of File with Dangerous Type – A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method 2023-09-27 7.2 CVE-2023-39377
MISC
soundminer — soundminer Soundminer – CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) 2023-09-27 7.5 CVE-2023-42487
MISC
sourcecodester — packers_and_movers_management_system Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. 2023-09-28 9.8 CVE-2023-30415
MISC
MISC
sourcecodester — service_provider_management_system An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. 2023-09-25 9.8 CVE-2023-43457
MISC
MISC
MISC
sourcecodester — toll_tax_management_system Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. 2023-09-27 7.2 CVE-2023-44047
MISC
MISC
super_store_finder — super_store_finder Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. 2023-09-27 7.2 CVE-2023-44044
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function. 2023-09-27 9.8 CVE-2023-44013
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters. 2023-09-27 9.8 CVE-2023-44014
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function. 2023-09-27 9.8 CVE-2023-44015
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. 2023-09-27 9.8 CVE-2023-44016
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. 2023-09-27 9.8 CVE-2023-44017
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function. 2023-09-27 9.8 CVE-2023-44018
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function. 2023-09-27 9.8 CVE-2023-44019
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. 2023-09-27 9.8 CVE-2023-44020
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function. 2023-09-27 9.8 CVE-2023-44021
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. 2023-09-27 9.8 CVE-2023-44022
MISC
tenda — ac10u_firmware Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. 2023-09-27 9.8 CVE-2023-44023
MISC
totolink — a3700r_firmware TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. 2023-09-25 9.8 CVE-2023-43141
MISC
MISC
tp-link — tapo_l530e_firmware An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function. 2023-09-25 7.5 CVE-2023-38907
MISC
MISC
uplight — cookie_law UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). 2023-09-25 9.8 CVE-2023-39640
MISC
usta — aybs Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before 1.0.3. 2023-09-27 8.8 CVE-2023-4934
MISC
vyperlang — vyper Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626. 2023-09-27 7.5 CVE-2023-42460
MISC
MISC
webcatalog — webcatalog WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. 2023-09-28 8.8 CVE-2023-42222
MISC
MISC
MISC
wind_river — vxworks An issue was discovered in Wind River VxWorks 6.9 and 7. The function “tarExtract“ implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the “tarExtract” function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior. 2023-09-22 8.8 CVE-2023-38346
MISC
MISC
MISC
withsecure — f-secure_policy_manager Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. 2023-09-22 9.8 CVE-2023-43762
MISC
MISC
withsecure — f-secure_policy_manager Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affects WithSecure Policy Manager 15 on Windows and Linux. 2023-09-22 9.8 CVE-2023-43764
MISC
MISC
wordpress — wordpress The WP Job Portal WordPress plugin through 2.0.3 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users 2023-09-25 9.8 CVE-2023-4490
MISC
wordpress — wordpress The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version. 2023-09-25 9.8 CVE-2023-4521
MISC
wordpress — wordpress The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. 2023-09-25 8.8 CVE-2023-3547
MISC
wordpress — wordpress The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. 2023-09-25 7.2 CVE-2023-3664
MISC
wordpress — wordpress The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. 2023-09-25 7.2 CVE-2023-4238
MISC
wordpress — wordpress The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. 2023-09-25 7.2 CVE-2023-4300
MISC
wordpress — wordpress The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the ‘php’ shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site. 2023-09-30 9.9 CVE-2023-5201
MISC
MISC
MISC
xen — xen The fix for XSA-423 added logic to Linux’es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately, the logic introduced there didn’t account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that’s specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver. 2023-09-22 7.8 CVE-2023-34319
MISC
xerial — snappy-java snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources. 2023-09-25 7.5 CVE-2023-43642
MISC
MISC
xunruicms — xunruicms xunruicms <=4.5.1 is vulnerable to Remote Code Execution. 2023-09-27 9.8 CVE-2021-38243
MISC
yt-dlp — yt-dlp yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `–exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python’s `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `–exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `–exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `n` will be replaced by `r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using –exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in –exec other than {} (filepath). 2. If expansion in –exec is needed, verify the fields you are using do not contain “, | or &. 3. Instead of using –exec, write the info json and load the fields from it instead. 2023-09-25 7.8 CVE-2023-40581
MISC
MISC
MISC
MISC
MISC
zephyr — zephyr Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. 2023-09-27 10 CVE-2023-4260
MISC
zephyr — zephyr Possible buffer overflow in Zephyr mgmt subsystem when asserts are disabled. 2023-09-27 10 CVE-2023-4262
MISC
zephyr — zephyr Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. 2023-09-26 8.8 CVE-2023-4259
MISC
zephyr — zephyr Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. 2023-09-27 9.6 CVE-2023-4264
MISC
zod — zod Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails 2023-09-28 7.5 CVE-2023-4316
MISC
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
acronis — cyber_protect Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 6.5 CVE-2023-44160
MISC
acronis — cyber_protect Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 6.5 CVE-2023-44161
MISC
acronis — cyber_protect Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 5.4 CVE-2023-44207
MISC
acronis — cyber_protect Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. 2023-09-27 5.3 CVE-2023-44205
MISC
aes-gcm — aes-gcm aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e., the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate’s `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue. 2023-09-22 5.5 CVE-2023-42811
MISC
MISC
apple — iphone_os/ipad_os The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to access sensitive user data. 2023-09-27 5.5 CVE-2023-40428
MISC
apple — macos The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information. 2023-09-27 6.5 CVE-2023-39233
MISC
apple — macos A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. 2023-09-27 5.5 CVE-2023-23495
MISC
apple — macos A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data. 2023-09-27 5.5 CVE-2023-32421
MISC
apple — macos A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. 2023-09-27 5.5 CVE-2023-40402
MISC
apple — macos The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files. 2023-09-27 5.5 CVE-2023-40406
MISC
MISC
MISC
apple — macos The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service. 2023-09-27 5.5 CVE-2023-40422
MISC
apple — macos A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. 2023-09-27 5.5 CVE-2023-40426
MISC
apple — macos The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. 2023-09-27 5.5 CVE-2023-40450
MISC
apple — macos This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent. 2023-09-27 5.5 CVE-2023-40541
MISC
apple — macos An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user’s credentials from secure text fields. 2023-09-27 5.5 CVE-2023-41066
MISC
apple — macos A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. 2023-09-27 5.5 CVE-2023-41067
MISC
apple — macos An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. 2023-09-27 5.5 CVE-2023-41078
MISC
apple — macos The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences. 2023-09-27 5.5 CVE-2023-41079
MISC
apple — macos The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch. 2023-09-27 5.5 CVE-2023-41996
MISC
apple — macos A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system. 2023-09-27 4.7 CVE-2023-41979
MISC
apple — macos A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location. 2023-09-27 4.3 CVE-2023-40388
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. 2023-09-27 6.5 CVE-2023-40403
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. 2023-09-27 6.5 CVE-2023-40420
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. 2023-09-27 6.5 CVE-2023-40441
MISC
MISC
apple — multiple_products The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. 2023-09-27 5.5 CVE-2023-32361
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security. 2023-09-27 5.5 CVE-2023-38596
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. 2023-09-27 5.5 CVE-2023-40391
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory. 2023-09-27 5.5 CVE-2023-40399
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory. 2023-09-27 5.5 CVE-2023-40410
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. 2023-09-27 5.5 CVE-2023-40424
MISC
MISC
MISC
apple — multiple_products A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data. 2023-09-27 5.5 CVE-2023-40429
MISC
MISC
MISC
MISC
apple — multiple_products A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link. 2023-09-27 5.5 CVE-2023-41070
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data. 2023-09-27 5.5 CVE-2023-41073
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory. 2023-09-27 5.5 CVE-2023-41232
MISC
MISC
MISC
MISC
apple — multiple_products This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files. 2023-09-27 5.5 CVE-2023-41968
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences. 2023-09-27 5.5 CVE-2023-41980
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system. 2023-09-27 5.5 CVE-2023-41986
MISC
MISC
apple — multiple_products A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. 2023-09-27 5.4 CVE-2023-40417
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. 2023-09-27 4.4 CVE-2023-41981
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write. 2023-09-27 4.3 CVE-2023-35984
MISC
MISC
MISC
MISC
apple — watchos An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app. 2023-09-27 5.5 CVE-2023-40418
MISC
apple — xcode This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. 2023-09-27 5.5 CVE-2023-40435
MISC
black_cat_cms — black_cat_cms A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website footer parameter. 2023-09-27 6.1 CVE-2023-44043
MISC
black_cat_cms — black_cat_cms A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter. 2023-09-27 5.4 CVE-2023-44042
MISC
cadence — cadence Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. 2023-09-22 5.5 CVE-2023-43782
MISC
MISC
cmsmadesimple — cmsmadesimple Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. 2023-09-25 6.1 CVE-2023-43339
MISC
MISC
MISC
cmsmadesimple — cmsmadesimple A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). 2023-09-28 5.4 CVE-2023-43872
MISC
collne_inc. — welcart Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. 2023-09-27 4.3 CVE-2023-40532
MISC
MISC
collne_inc. — welcart_e-commerce Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. 2023-09-27 6.1 CVE-2023-41233
MISC
MISC
collne_inc. — welcart_e-commerce Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. 2023-09-27 6.1 CVE-2023-41962
MISC
MISC
collne_inc. — welcart_e-commerce Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. 2023-09-27 6.1 CVE-2023-43484
MISC
MISC
collne_inc. — welcart_e-commerce Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. 2023-09-27 6.1 CVE-2023-43614
MISC
MISC
collne_inc. — welcart_e-commerce SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. 2023-09-27 4.9 CVE-2023-43493
MISC
MISC
dedebiz — dedebiz A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. 2023-09-27 5.4 CVE-2023-43232
MISC
MISC
MISC
docker — docker_desktop Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. 2023-09-25 6.5 CVE-2023-5166
MISC
dreamer_cms — dreamer_cms Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. 2023-09-27 5.4 CVE-2023-43857
MISC
e017_cms — e017_cms A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. 2023-09-28 5.4 CVE-2023-43873
MISC
e017_cms — e017_cms Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. 2023-09-28 5.4 CVE-2023-43874
MISC
f5 — big-ip_edge_client BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2023-09-27 6.8 CVE-2023-43125
MISC
froala — froala_editor Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the ‘Insert link’ parameter in the ‘Insert Image’ component. 2023-09-25 6.1 CVE-2023-42426
MISC
MISC
MISC
froala — froala_editor A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. 2023-09-27 6.1 CVE-2023-43263
MISC
MISC
galaxy — galaxy Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue. 2023-09-22 4.3 CVE-2023-42812
MISC
MISC
github — enterprise_server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-09-22 6.5 CVE-2023-23766
MISC
MISC
MISC
MISC
MISC
gladys_assistant — gladys_assistant A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. 2023-09-25 6.5 CVE-2023-43256
MISC
MISC
glpi — glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. 2023-09-27 6.5 CVE-2023-41321
MISC
glpi — glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page that can be used to attempt a phishing attack on user credentials. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. 2023-09-27 5.4 CVE-2023-41888
MISC
glpi — glpi GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users’ logins. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. 2023-09-27 5.3 CVE-2023-41323
MISC
gnome — gnome-shell A vulnerability was found in GNOME Shell. GNOME Shell’s lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. 2023-09-22 5.5 CVE-2023-43090
MISC
MISC
MISC
MISC
h3c — multiple_products A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-09-24 5.3 CVE-2023-5142
MISC
MISC
MISC
MISC
hitachi_vantara — pentaho_business_analytics Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. 2023-09-27 4.9 CVE-2023-2358
MISC
huawei — emui Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable. 2023-09-27 5.3 CVE-2023-4565
MISC
MISC
huawei — harmonyos Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. 2023-09-25 5.3 CVE-2023-41295
MISC
MISC
huawei — harmonyos Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. 2023-09-27 5.3 CVE-2023-41311
MISC
MISC
huawei — harmonyos Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically. 2023-09-27 5.3 CVE-2023-41312
MISC
MISC
icewarp — webclient Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. 2023-09-25 6.1 CVE-2023-43319
MISC
intelliants — subrion A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into ‘Title’ parameter. 2023-09-27 5.4 CVE-2023-43828
MISC
intelliants — subrion A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: ‘Minimum deposit’, ‘Maximum deposit’ and/or ‘Maximum balance’. 2023-09-27 5.4 CVE-2023-43830
MISC
intelliants — subrion A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into ‘Reference ID’ parameter. 2023-09-28 5.4 CVE-2023-43884
MISC
juniper_networks — junos A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn’t require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. This issue affects Juniper Networks Junos OS on SRX Series: * 22.4 versions prior to 22,4R2-S2, 22.4R3; * 23.2 versions prior to 23.2R2. 2023-09-27 5.3 CVE-2023-36851
MISC
keycloak — keycloak A reflected cross-site scripting (XSS) vulnerability was found in the ‘oob’ OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. 2023-09-25 6.1 CVE-2022-4137
MISC
MISC
MISC
MISC
MISC
MISC
kiali — kiali A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. 2023-09-23 4.3 CVE-2022-3962
MISC
MISC
MISC
linux — kernel A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor. 2023-09-25 5.5 CVE-2023-5158
MISC
MISC
matrix — synapse Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. 2023-09-27 4.3 CVE-2023-42453
MISC
MISC
microweber — microweber Cross-site Scripting (XSS) – Reflected in GitHub repository microweber/microweber prior to 2.0. 2023-09-28 6.1 CVE-2023-5244
MISC
MISC
moosocial — moosocial mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple – messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]. 2023-09-28 6.5 CVE-2023-43323
MISC
moosocial — moosocial A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user’s session cookies and impersonate their account via a crafted URL. 2023-09-26 6.1 CVE-2023-43325
MISC
MISC
MISC
moosocial — moosocial A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user’s session cookies and impersonate their account via a crafted URL. 2023-09-25 6.1 CVE-2023-43326
MISC
MISC
multibit_hd — multibit_hd MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC). 2023-09-25 5.3 CVE-2015-6964
MISC
not_quite_ptp — not_quite_ptp In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. 2023-09-22 5.5 CVE-2023-43771
MISC
MISC
MISC
october_cms — october_cms A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. 2023-09-28 5.4 CVE-2023-43876
MISC
one_identity_password_manager — one_identity_password_manager One Identity Password Manager version 5.9.7.1. An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. 2023-09-27 6.8 CVE-2023-4003
MISC
openstack — openstack A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. 2023-09-24 5.5 CVE-2023-1633
MISC
MISC
openstack — openstack A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. 2023-09-24 5 CVE-2023-1636
MISC
MISC
openstack — openstack An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the ‘stack show’ command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. 2023-09-24 5 CVE-2023-1625
MISC
MISC
MISC
MISC
palantir — apollo_autopilot In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. 2023-09-27 5.4 CVE-2023-30959
MISC
phpkobo — ajaxnewsticker Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. 2023-09-27 6.1 CVE-2023-41445
MISC
MISC
MISC
phpkobo — ajaxnewsticker Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. 2023-09-28 6.1 CVE-2023-41446
MISC
MISC
MISC
phpkobo — ajaxnewsticker Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. 2023-09-28 6.1 CVE-2023-41447
MISC
MISC
MISC
phpkobo — ajaxnewsticker Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. 2023-09-27 6.1 CVE-2023-41448
MISC
MISC
MISC
phpkobo — ajaxnewsticker Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. 2023-09-27 6.1 CVE-2023-41451
MISC
MISC
MISC
phpkobo — ajaxnewsticker Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. 2023-09-27 6.1 CVE-2023-41453
MISC
MISC
MISC
pimcore — pimcore Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0. 2023-09-27 6.5 CVE-2023-5192
MISC
MISC
pimcore — pimcore Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually. 2023-09-25 5.4 CVE-2023-42817
MISC
MISC
progress — ws_ftp_server In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function. 2023-09-27 6.5 CVE-2023-40048
MISC
MISC
progress — ws_ftp_server In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server’s Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victim’s browser. 2023-09-27 6.1 CVE-2023-40045
MISC
MISC
progress — ws_ftp_server In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the ‘WebServiceHost’ directory listing. 2023-09-27 5.3 CVE-2023-40049
MISC
MISC
progress — ws_ftp_server In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server’s Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victim’s browser. 2023-09-27 4.8 CVE-2023-40047
MISC
MISC
projectworlds — online_movie_ticket_booking_system Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. 2023-09-28 5.4 CVE-2023-44173
MISC
MISC
projectworlds — online_movie_ticket_booking_system Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. 2023-09-28 5.4 CVE-2023-44174
MISC
MISC
real_time_automation — 460_series_firmware Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway’s HTTP interface would redirect to the main page, which is index.htm. 2023-09-27 6.1 CVE-2023-4523
MISC
resort_reservation_system — resort_reservation_system Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function. 2023-09-25 5.4 CVE-2023-43458
MISC
MISC
rite_cms — rite_cms Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. 2023-09-28 5.4 CVE-2023-43878
MISC
rite_cms — rite_cms Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. 2023-09-28 4.8 CVE-2023-43879
MISC
roundcube — webmail Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. 2023-09-22 6.1 CVE-2023-43770
MISC
MISC
MLIST
siberiancms — siberiancms SiberianCMS – CWE-284 Improper Access Control Authorized user may disable a security feature over the network 2023-09-27 6.5 CVE-2023-39376
MISC
small_crm — small_crm A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-09-27 5.4 CVE-2023-43331
MISC
sourcecodester — expense_tracker_app Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. 2023-09-27 5.4 CVE-2023-44048
MISC
MISC
sourcecodester — service_provider_management_system Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint. 2023-09-25 5.4 CVE-2023-43456
MISC
MISC
MISC
symantec — protection_engine Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. 2023-09-27 6.5 CVE-2023-23958
MISC
taxonworks — taxonworks TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue. 2023-09-22 6.5 CVE-2023-43640
MISC
MISC
teedy — teedy Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. 2023-09-25 4.6 CVE-2023-4892
MISC
MISC
vmqphp — vmqphp szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password. 2023-09-25 6.5 CVE-2023-43132
MISC
MISC
MISC
vmware — aria_operations_cloud_foundation VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to ‘root’. 2023-09-27 6.7 CVE-2023-34043
MISC
wbce_cms — wbce_cms A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). 2023-09-28 5.4 CVE-2023-43871
MISC
withsecure — f-secure_policy_manager Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux. 2023-09-22 6.1 CVE-2023-43763
MISC
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions. 2023-09-27 5.4 CVE-2023-27628
MISC
wordpress — wordpress The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. 2023-09-27 6.5 CVE-2023-4506
MISC
MISC
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. 2023-09-27 6.1 CVE-2023-27616
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions. 2023-09-27 6.1 CVE-2023-28490
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.7 versions. 2023-09-27 6.1 CVE-2023-30471
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeShop URL Shortener by MyThemeShop plugin <= 1.0.17 versions. 2023-09-27 6.1 CVE-2023-30472
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions. 2023-09-27 6.1 CVE-2023-30493
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions. 2023-09-27 6.1 CVE-2023-40330
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <= 3.0.9 versions. 2023-09-27 6.1 CVE-2023-40333
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions. 2023-09-27 6.1 CVE-2023-40663
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. 2023-09-27 6.1 CVE-2023-40664
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <= 117 versions. 2023-09-27 6.1 CVE-2023-40667
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Everest News Pro theme <= 1.1.7 versions. 2023-09-27 6.1 CVE-2023-41235
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions. 2023-09-27 6.1 CVE-2023-41236
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose Pro theme <= 1.0.8 versions. 2023-09-27 6.1 CVE-2023-41237
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.3 versions. 2023-09-27 6.1 CVE-2023-41238
MISC
wordpress — wordpress The Ditty WordPress plugin before 3.1.25 does not sanitize and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2023-09-25 6.1 CVE-2023-4148
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon’e – Sermons Online plugin <= 1.0.0 versions. 2023-09-27 6.1 CVE-2023-41653
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions. 2023-09-29 6.1 CVE-2023-41691
MISC
wordpress — wordpress Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <= 1.0.1 versions. 2023-09-27 6.1 CVE-2023-41860
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions. 2023-09-27 6.1 CVE-2023-41861
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <= 1.7.0 versions. 2023-09-25 6.1 CVE-2023-41863
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions. 2023-09-25 6.1 CVE-2023-41867
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions. 2023-09-25 6.1 CVE-2023-41868
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions. 2023-09-25 6.1 CVE-2023-41871
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions. 2023-09-25 6.1 CVE-2023-41872
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions. 2023-09-25 6.1 CVE-2023-41874
MISC
wordpress — wordpress The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitize and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. 2023-09-25 6.1 CVE-2023-4476
MISC
wordpress — wordpress The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress’ login form. 2023-09-25 6.1 CVE-2023-4549
MISC
wordpress — wordpress Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6 versions. 2023-09-27 5.4 CVE-2023-40605
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in twinpictures, baden03 Collapse-O-Matic plugin <= 1.8.5.5 versions. 2023-09-27 5.4 CVE-2023-40669
MISC
wordpress — wordpress The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mla_gallery’ shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-22 5.4 CVE-2023-4716
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wp-piwik’ shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-22 5.4 CVE-2023-4774
MISC
MISC
MISC
wordpress — wordpress The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘formget’ shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-23 5.4 CVE-2023-5125
MISC
MISC
wordpress — wordpress The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-27 5.4 CVE-2023-5161
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘social-links’ shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-27 5.4 CVE-2023-5162
MISC
MISC
MISC
wordpress — wordpress This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. 2023-09-25 5.3 CVE-2023-4281
MISC
wordpress — wordpress The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. 2023-09-25 5.3 CVE-2023-4631
MISC
wordpress — wordpress The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. 2023-09-27 4.9 CVE-2023-4505
MISC
MISC
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <= 2.3 versions. 2023-09-27 4.8 CVE-2023-25483
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. 2023-09-27 4.8 CVE-2023-27617
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions. 2023-09-27 4.8 CVE-2023-27622
MISC
wordpress — wordpress Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions. 2023-09-27 4.8 CVE-2023-28790
MISC
wordpress — wordpress The Popup Builder WordPress plugin through 4.1.15 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-09-25 4.8 CVE-2023-3226
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <= 1.0 versions. 2023-09-27 4.8 CVE-2023-40604
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin <= 2.16.0 versions. 2023-09-27 4.8 CVE-2023-40665
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin <= 2.16.0 versions. 2023-09-27 4.8 CVE-2023-40668
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <= 1.5.1.2 versions. 2023-09-27 4.8 CVE-2023-40675
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.8 versions. 2023-09-27 4.8 CVE-2023-40676
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions. 2023-09-27 4.8 CVE-2023-40677
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <= 2.5.0 versions. 2023-09-27 4.8 CVE-2023-41241
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions. 2023-09-27 4.8 CVE-2023-41242
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions. 2023-09-25 4.8 CVE-2023-41948
MISC
wordpress — wordpress Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions. 2023-09-25 4.8 CVE-2023-41949
MISC
wordpress — wordpress The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2023-09-27 4.8 CVE-2023-4423
MISC
MISC
MISC
MISC
wordpress — wordpress The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters. 2023-09-25 4.8 CVE-2023-4502
MISC
wordpress — wordpress The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the ‘erforms_user_meta’ shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta. 2023-09-23 4.3 CVE-2023-5134
MISC
MISC
wordpress — wordpress The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘gravity-simple-turnstile’ shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-27 6.4 CVE-2023-5135
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘tm_woo_wishlist_table’ shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-28 6.4 CVE-2023-5230
MISC
MISC
wordpress — wordpress The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘icon’ shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-28 6.4 CVE-2023-5232
MISC
MISC
wordpress — wordpress The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘fawesome’ shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-28 6.4 CVE-2023-5233
MISC
MISC
wordpress — wordpress The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘vivafbcomment’ shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-09-30 6.4 CVE-2023-5295
MISC
MISC
zephyr — zephyr In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. 2023-09-25 6.5 CVE-2023-4258
MISC
zoho_corp — manageengine_admanager_plus Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. 2023-09-27 5.4 CVE-2023-41904
MISC

Back to top

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — macos A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory. 2023-09-27 3.3 CVE-2023-29497
MISC
apple — macos A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen. 2023-09-27 3.3 CVE-2023-37448
MISC
apple — macos A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments. 2023-09-27 3.3 CVE-2023-40386
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. 2023-09-27 3.3 CVE-2023-35990
MISC
MISC
MISC
MISC
apple — multiple_products A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information. 2023-09-27 3.3 CVE-2023-40384
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts. 2023-09-27 3.3 CVE-2023-40395
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information. 2023-09-27 3.3 CVE-2023-40427
MISC
MISC
MISC
MISC
MISC
MISC
apple — multiple_products A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user’s Photos Library. 2023-09-27 3.3 CVE-2023-40434
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. 2023-09-27 3.3 CVE-2023-40456
MISC
MISC
MISC
apple — multiple_products The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. 2023-09-27 3.3 CVE-2023-40520
MISC
MISC
MISC
apple — multiple_products A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information. 2023-09-27 3.3 CVE-2023-41065
MISC
MISC
MISC
MISC
cilium — cilium Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium’s Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `io.cilium.proxy-visibility` annotations (in Cilium <= v1.12) causes the Cilium agent to segfault on the node to which the workload is assigned. Existing traffic on the affected node will continue to flow, but the Cilium agent on the node will not be able to process changes to workloads running on the node. This will also prevent workloads from being able to start on the affected node. The denial of service will be limited to the node on which the workload is scheduled, however an attacker may be able to schedule workloads on the node of their choosing, which could lead to targeted attacks. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users unable to upgrade can avoid this denial-of-service attack by enabling the Layer 7 proxy. 2023-09-27 3.5 CVE-2023-41332
MISC
MISC
huawei — emui Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable. 2023-09-27 3.7 CVE-2023-41306
MISC
MISC
huawei — emui Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background. 2023-09-27 3.3 CVE-2023-41310
MISC
MISC
matrix — synapse Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn’t grant the server any added capabilities-it already learns the users’ passwords as part of the authentication process-it does disrupt the expectation that passwords won’t be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. 2023-09-27 3.7 CVE-2023-41335
MISC
MISC

Back to top

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — macos An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data. 2023-09-28 not yet calculated CVE-2023-40307
MISC
argo_cd — argo_cd Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. User’s still using Argo CD 2.3 or below are advised to update to a supported version. If this is not possible, disabling Helm chart rendering, or using an additional repo-server for each Helm chart would prevent possible exploitation. 2023-09-27 not yet calculated CVE-2023-40026
MISC
MISC
binalyze — binalyze An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. 2023-09-28 not yet calculated CVE-2023-41444
MISC
MISC
MISC
cambium_networks — multiple_products Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. 2023-09-29 not yet calculated CVE-2022-35908
CONFIRM
MISC
caphyon — advanced_installer A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903. 2023-09-30 not yet calculated CVE-2022-4956
MISC
MISC
MISC
MISC
cisco — cisco_aironet_access_point_software A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service. This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear down and reset, causing a denial of service (DoS) condition. 2023-09-27 not yet calculated CVE-2023-20176
MISC
cisco — cisco_aironet_access_point_software A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic. 2023-09-27 not yet calculated CVE-2023-20268
MISC
cisco — cisco_catalyst_sd-wan_manager A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected. This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service. 2023-09-27 not yet calculated CVE-2023-20262
MISC
cisco — cisco_digital_network_architecture_center A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. 2023-09-27 not yet calculated CVE-2023-20223
MISC
cisco — cisco_ios_xe_software A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition. 2023-09-27 not yet calculated CVE-2023-20187
MISC
cisco — cisco_ios_xe_software A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition. 2023-09-27 not yet calculated CVE-2023-20202
MISC
cisco — cisco_ios_xe_software A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2023-09-27 not yet calculated CVE-2023-20226
MISC
cisco — cisco_ios_xe_software A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. 2023-09-27 not yet calculated CVE-2023-20227
MISC
cisco — cisco_ios_xe_software A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default. 2023-09-27 not yet calculated CVE-2023-20231
MISC
cisco — cisco_sd-wan_vmanage Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user. This vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content. There are workarounds that address this vulnerability. 2023-09-27 not yet calculated CVE-2023-20034
MISC
cisco — cisco_sd-wan_vmanage A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application. 2023-09-27 not yet calculated CVE-2023-20179
MISC
cisco — cisco_sd-wan_vmanage A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. 2023-09-27 not yet calculated CVE-2023-20252
MISC
cisco — cisco_sd-wan_vmanage A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device. This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system. 2023-09-27 not yet calculated CVE-2023-20253
MISC
cisco — cisco_wireless_lan_controller A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition. 2023-09-27 not yet calculated CVE-2023-20251
MISC
cisco — ios A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details [“#details”] section of this advisory. 2023-09-27 not yet calculated CVE-2023-20109
MISC
cisco — ios A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device. 2023-09-27 not yet calculated CVE-2023-20186
MISC
codehaus-plexus — codehaus-plexus A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with “dot-dot-slash (../)” sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files. 2023-09-25 not yet calculated CVE-2022-4244
MISC
MISC
MISC
codehaus-plexus — codehaus-plexus A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a –> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. 2023-09-25 not yet calculated CVE-2022-4245
MISC
MISC
MISC
composer — composer Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini and avoid publishing composer.phar to the web as this is not best practice. 2023-09-29 not yet calculated CVE-2023-43655
MISC
MISC
MISC
MISC
consensys — gnark-crypto Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval. 2023-09-28 not yet calculated CVE-2023-44273
MISC
MISC
MISC
dedebiz — dedebiz A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879. 2023-09-29 not yet calculated CVE-2023-5266
MISC
MISC
MISC
MISC
dedebiz — dedebiz A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5268
MISC
MISC
MISC
dedecms — dedecms A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940. 2023-09-30 not yet calculated CVE-2023-5301
MISC
MISC
MISC
dell — common_event_enabler Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges. 2023-09-29 not yet calculated CVE-2023-32477
MISC
dell — data_protection_central Dell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. 2023-09-27 not yet calculated CVE-2023-4129
MISC
dell — dell_emc_appsync Dell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation. 2023-09-27 not yet calculated CVE-2023-32458
MISC
discourse — discourse discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured. 2023-09-28 not yet calculated CVE-2023-43657
MISC
MISC
MISC
drupal — core In certain scenarios, Drupal’s JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected. 2023-09-28 not yet calculated CVE-2023-5256
MISC
eaton — smp_sg-4260 Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause the SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is not vulnerable anymore. 2023-09-27 not yet calculated CVE-2023-43775
MISC
economizzer — economizzer A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the ‘category_id’ parameter is vulnerable to SQL Injection. 2023-09-28 not yet calculated CVE-2023-38870
MISC
MISC
MISC
economizzer — economizzer The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it’s not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses. 2023-09-28 not yet calculated CVE-2023-38871
MISC
MISC
MISC
economizzer — economizzer An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. 2023-09-28 not yet calculated CVE-2023-38872
MISC
MISC
MISC
economizzer — economizzer The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a “UI redress attack”, is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both. 2023-09-28 not yet calculated CVE-2023-38873
MISC
MISC
MISC
economizzer — economizzer A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan’s Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands. 2023-09-28 not yet calculated CVE-2023-38874
MISC
MISC
MISC
economizzer — economizzer A host header injection vulnerability exists in gugoan’s Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users’ passwords. 2023-09-28 not yet calculated CVE-2023-38877
MISC
MISC
MISC
ecshop — ecshop A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240924. 2023-09-29 not yet calculated CVE-2023-5293
MISC
MISC
MISC
ecshop — ecshop A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240925 was assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5294
MISC
MISC
MISC
ekakin — shihonkanri_plus Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product. 2023-09-27 not yet calculated CVE-2023-43825
MISC
MISC
foru_cms — foru_cms A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-09-27 not yet calculated CVE-2023-5221
MISC
MISC
MISC
foru_cms — foru_cms A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continuous delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-240868. 2023-09-29 not yet calculated CVE-2023-5259
MISC
MISC
MISC
generex — ups_cs141 There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the “upload” directory. 2023-09-28 not yet calculated CVE-2022-47186
MISC
MISC
generex — ups_cs141 There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file. 2023-09-28 not yet calculated CVE-2022-47187
MISC
MISC
get-func-name — get-func-name get-func-name is a module to retrieve a function’s name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial-of-service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: ‘t’.repeat(54773) + ‘t/function/i’. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-09-27 not yet calculated CVE-2023-43646
MISC
MISC
gitlab — gitlab An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. 2023-09-29 not yet calculated CVE-2023-0989
MISC
MISC
gitlab — gitlab An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner’s Sentry instance projects. 2023-09-29 not yet calculated CVE-2023-2233
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories. 2023-09-29 not yet calculated CVE-2023-3115
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members. 2023-09-29 not yet calculated CVE-2023-3413
MISC
MISC
gitlab — gitlab An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy. 2023-09-29 not yet calculated CVE-2023-3906
MISC
MISC
gitlab — gitlab A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects. 2023-09-29 not yet calculated CVE-2023-3914
MISC
MISC
gitlab — gitlab Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. 2023-09-29 not yet calculated CVE-2023-3917
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation. 2023-09-29 not yet calculated CVE-2023-3920
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. 2023-09-29 not yet calculated CVE-2023-3922
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. 2023-09-29 not yet calculated CVE-2023-3979
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. 2023-09-29 not yet calculated CVE-2023-4532
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys. 2023-09-29 not yet calculated CVE-2023-5198
MISC
MISC
gitlab — gitlab A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. 2023-09-30 not yet calculated CVE-2023-5207
MISC
MISC
MISC
hashicorp — vault The Vault and Vault Enterprise (“Vault”) Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0. 2023-09-29 not yet calculated CVE-2023-5077
MISC
hashicorp — vault_enterprise A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. 2023-09-29 not yet calculated CVE-2023-3775
MISC
himitzh — hoj A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240365 was assigned to this vulnerability. 2023-09-27 not yet calculated CVE-2023-5223
MISC
MISC
MISC
hospital-management-system — hospital-management-system Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. 2023-09-29 not yet calculated CVE-2023-43909
MISC
hospital-management-system — hospital-management-system Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. 2023-09-28 not yet calculated CVE-2023-5004
MISC
MISC
hospital-management-system — hospital-management-system Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. 2023-09-28 not yet calculated CVE-2023-5053
MISC
MISC
huakecms — huakecms A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5264
MISC
MISC
MISC
ibm — license_metric_tool IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893. 2023-09-28 not yet calculated CVE-2023-43044
MISC
MISC
illumio — core_pce Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user. 2023-09-27 not yet calculated CVE-2023-5183
MISC
imagination_technologies — powervr_image_compression_(pvric) PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. 2023-09-27 not yet calculated CVE-2023-44216
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
inure — inure Missing Authorization in GitHub repository hamza417/inure prior to build94. 2023-09-30 not yet calculated CVE-2023-5321
MISC
MISC
jfinalcms — jfinalcms JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user’s browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft 2023-09-27 not yet calculated CVE-2023-43191
MISC
jfinalcms — jfinalcms SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. 2023-09-27 not yet calculated CVE-2023-43192
MISC
jumpserver — jumpserver JumpServer is an open-source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue. 2023-09-27 not yet calculated CVE-2023-42818
MISC
jumpserver — jumpserver JumpServer is an open-source bastion host. The verification code for resetting user’s password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code, ranging from 000000 to 999999, to facilitate the password reset. Although the code is only available in 1 minute, this window potentially allows for up to 1,000,000 validation attempts. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-09-27 not yet calculated CVE-2023-43650
MISC
jumpserver — jumpserver JumpServer is an open-source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-09-27 not yet calculated CVE-2023-43651
MISC
jumpserver — jumpserver JumpServer is an open-source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not be used as an authentication secret alone. JumpServer provides an API for the KoKo component to validate user private key logins. This API does not verify the source of requests and will generate a personal authentication token. Given that public keys can be easily leaked, an attacker can exploit the leaked public key and username to authenticate, subsequently gaining access to the current user’s information and authorized actions. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-09-27 not yet calculated CVE-2023-43652
MISC
lemonldap::ng — lemonldap::ng A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770. 2023-09-29 not yet calculated CVE-2023-44469
MISC
MISC
MISC
lg_electronics — lg_v60_thin_q_5g The vulnerability is an intent redirection in LG ThinQ Service (“com.lge.lms2”) in the “com/lge/lms/things/ui/notification/NotificationManager.java” file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action “com.lge.lms.things.notification.ACTION”. Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId=”android.uid.system” setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps. 2023-09-27 not yet calculated CVE-2023-44121
MISC
lg_electronics — lg_v60_thin_q_5g The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings (“com.lge.lockscreensettings”) app in the “com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java” file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the “onActivityResult()” method. The LockScreenSettings app copies the received file to the “/data/shared/dw/mycategory/wallpaper_01.png” path and then changes the file access mode to world-readable and world-writable. 2023-09-27 not yet calculated CVE-2023-44122
MISC
lg_electronics — lg_v60_thin_q_5g The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (“com.lge.bluetoothsetting”) app. The attacker’s app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=”true”` flag. 2023-09-27 not yet calculated CVE-2023-44123
MISC
lg_electronics — lg_v60_thin_q_5g The vulnerability is to theft of arbitrary files with system privilege in the Screen recording (“com.lge.gametools.gamerecorder”) app in the “com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java” file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the “onActivityResult()” method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage. 2023-09-27 not yet calculated CVE-2023-44124
MISC
lg_electronics — lg_v60_thin_q_5g The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service (“com.lge.abba”) app. The attacker’s app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=”true”` flag. 2023-09-27 not yet calculated CVE-2023-44125
MISC
lg_electronics — lg_v60_thin_q_5g The vulnerability is that the Call management (“com.android.server.telecom”) app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc. 2023-09-27 not yet calculated CVE-2023-44126
MISC
lg_electronics — lg_v60_thin_q_5g The vulnerability is that the Call management (“com.android.server.telecom”) app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers. 2023-09-27 not yet calculated CVE-2023-44127
MISC
lg_electronics — lg_v60_thin_q_5g The vulnerability is to delete arbitrary files in LGInstallService (“com.lge.lginstallservies”) app. The app contains the exported “com.lge.lginstallservies.InstallService” service that exposes an AIDL interface. All its “installPackage*” methods are finally calling the “installPackageVerify()” method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted. 2023-09-27 not yet calculated CVE-2023-44128
MISC
lg_electronics — lg_v60_thin_q_5g The vulnerability is that the Messaging (“com.android.mms”) app patched by LG forwards attacker-controlled intents back to the attacker in the exported “com.android.mms.ui.QClipIntentReceiverActivity” activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the “com.lge.message.action.QCLIP” action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the “onActivityResult()” method, they would have access to arbitrary content providers that have the `android:grantUriPermissions=”true”` flag set. 2023-09-27 not yet calculated CVE-2023-44129
MISC
libhv — libhv All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered. 2023-09-29 not yet calculated CVE-2023-26146
MISC
MISC
libhv — libhv All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the rn (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability. 2023-09-29 not yet calculated CVE-2023-26147
MISC
MISC
libhv — libhv All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the rn (carriage return line feeds) characters and inject additional headers in the request sent. 2023-09-29 not yet calculated CVE-2023-26148
MISC
MISC
libnbd — libnbd A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn’t treat the return value of the nbd_get_size() function correctly. 2023-09-28 not yet calculated CVE-2023-5215
MISC
MISC
MISC
libvpx — libvpx VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. 2023-09-30 not yet calculated CVE-2023-44488
MISC
MISC
MISC
MISC
MLIST
MLIST
linux — kernel A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. 2023-09-28 not yet calculated CVE-2023-42756
MISC
MISC
MISC
linux — kernel An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. 2023-09-29 not yet calculated CVE-2023-44466
MISC
MISC
MISC
MISC
linux — kernel A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. Addition and removal of rules from chain bindings within the same transaction causes leads to use-after-free. We recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325. 2023-09-27 not yet calculated CVE-2023-5197
MISC
MISC
macs_framework_content_management_system — macs_framework_content_management_system In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in “isValidLogin()” function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. 2023-09-27 not yet calculated CVE-2023-43154
MISC
MISC
mariadb — mariadb A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. 2023-09-27 not yet calculated CVE-2023-5157
MISC
MISC
matrix-org — matrix-hookshot matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If you have only enabled a limited set of trusted users, this threat is reduced (though not eliminated). Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. Users are advised to upgrade. Users unable to upgrade should disable `generic.allowJsTransformationFunctions` in the config. 2023-09-27 not yet calculated CVE-2023-43656
MISC
MISC
mattermost — mattermost Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots. 2023-09-29 not yet calculated CVE-2023-5159
MISC
mattermost — mattermost Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation. 2023-09-29 not yet calculated CVE-2023-5193
MISC
mattermost — mattermost Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager 2023-09-29 not yet calculated CVE-2023-5194
MISC
mattermost — mattermost Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of 2023-09-29 not yet calculated CVE-2023-5195
MISC
mattermost — mattermost Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users. 2023-09-29 not yet calculated CVE-2023-5196
MISC
microweber — microweber Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. 2023-09-30 not yet calculated CVE-2023-5318
MISC
MISC
mozilla — firefox In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to affect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118. 2023-09-27 not yet calculated CVE-2023-5170
MISC
MISC
mozilla — firefox A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118. 2023-09-27 not yet calculated CVE-2023-5172
MISC
MISC
mozilla — multiple_products A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. 2023-09-27 not yet calculated CVE-2023-5169
MISC
MISC
MISC
MISC
MISC
MISC
mozilla — multiple_products During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. 2023-09-27 not yet calculated CVE-2023-5171
MISC
MISC
MISC
MISC
MISC
MISC
nodebb_inc. — nodebb Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively. 2023-09-29 not yet calculated CVE-2023-30591
MISC
MISC
MISC
MISC
okhttp — okhttp A flaw was found in Red Hat’s AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. 2023-09-27 not yet calculated CVE-2023-0833
MISC
MISC
MISC
MISC
MISC
online_banquet_booking_system — online_banquet_booking_system A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability. 2023-09-30 not yet calculated CVE-2023-5303
MISC
MISC
online_banquet_booking_system — online_banquet_booking_system A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943. 2023-09-30 not yet calculated CVE-2023-5304
MISC
MISC
online_banquet_booking_system — online_banquet_booking_system A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944. 2023-09-30 not yet calculated CVE-2023-5305
MISC
MISC
online_book_store_project — online_book_store_project Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the ‘image’ parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 2023-09-28 not yet calculated CVE-2023-43740
MISC
MISC
openfga — openfga OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial-of-service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it’s possible for the server to exhaust resources and die. Users are advised to upgrade to v1.3.2 and update any offending models. There are no known workarounds for this vulnerability. Note that for models which contained cycles or a relation definition that has the relation itself in its evaluation path, checks and queries that require evaluation will no longer be evaluated on v1.3.2+ and will return errors instead. Users who do not have cyclic models are unaffected. 2023-09-27 not yet calculated CVE-2023-43645
MISC
MISC
openrapid — rapidcms A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867. 2023-09-29 not yet calculated CVE-2023-5258
MISC
MISC
MISC
MISC
openrapid — rapidcms A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871. 2023-09-29 not yet calculated CVE-2023-5262
MISC
MISC
MISC
MISC
opnsense — opnsense OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. 2023-09-28 not yet calculated CVE-2023-44275
MISC
MISC
MISC
opnsense — opnsense OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. 2023-09-28 not yet calculated CVE-2023-44276
MISC
MISC
MISC
oracle — apache_avro When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue. 2023-09-29 not yet calculated CVE-2023-39410
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “tracking_number” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43702
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “product_info[][name]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43703
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “title” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43704
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “translation_value[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43705
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “email_templates_key” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43706
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “CatalogsPageDescriptionForm[1][name] ” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43707
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43708
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “configuration_title[1](MODULE)” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43709
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43710
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “admin_firstname” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43711
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “access_levels_name” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43712
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the “title” parameter, in the “/admin/admin-menu/add-submit” endpoint, which can lead to unauthorized execution of scripts in a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43713
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “SKIP_CART_PAGE_TITLE[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43714
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43715
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43716
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43717
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “MSEARCH_ENABLE_TITLE[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43718
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “SHIPPING_GENDER_TITLE[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43719
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “BILLING_GENDER_TITLE[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43720
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “PACKING_SLIPS_SUMMARY_TITLE[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43721
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “orders_status_groups_name[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43722
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “orders_status_name[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43723
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43724
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “orders_products_status_name_long[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43725
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “orders_products_status_manual_name_long[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43726
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “stock_indication_text[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43727
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “stock_delivery_terms_text[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43728
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “xsell_type_name[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43729
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “countries_name[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43730
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “zone_name” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43731
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “tax_class_title” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43732
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “company_address” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43733
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “name” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43734
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “formats_titles[7]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-43735
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “featured_type_name[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-5111
MISC
MISC
os_commerce — os_commerce Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the “specials_type_name[1]” parameter, potentially leading to unauthorized execution of scripts within a user’s web browser. 2023-09-30 not yet calculated CVE-2023-5112
MISC
MISC
palantir — gotham-fe-bundle Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link. 2023-09-27 not yet calculated CVE-2023-30961
MISC
pgyer — codefever An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. 2023-09-27 not yet calculated CVE-2023-44080
MISC
phpkobo — ajax_poll_script A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability. 2023-09-30 not yet calculated CVE-2023-5313
MISC
MISC
MISC
phpmyfaq — phpmyfaq Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8. 2023-09-30 not yet calculated CVE-2023-5227
MISC
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. 2023-09-30 not yet calculated CVE-2023-5316
MISC
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. 2023-09-30 not yet calculated CVE-2023-5317
MISC
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. 2023-09-30 not yet calculated CVE-2023-5319
MISC
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. 2023-09-30 not yet calculated CVE-2023-5320
MISC
MISC
postcss — postcss An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be r discrepancies, as demonstrated by @font-face{ font:(r/*);} in a rule. 2023-09-29 not yet calculated CVE-2023-44270
MISC
MISC
MISC
prestashop — prestashop PrestaShop is an open-source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shop’s functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue. 2023-09-28 not yet calculated CVE-2023-43663
MISC
MISC
prestashop — prestashop PrestaShop is an open-source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn’t check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue. 2023-09-28 not yet calculated CVE-2023-43664
MISC
MISC
pretix — pretix pretix before 2023.7.2 allows Pillow to parse EPS files. 2023-09-29 not yet calculated CVE-2023-44464
MISC
MISC
MISC
MISC
proxmox_server_solutions_gmbh — multiple_products An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. 2023-09-27 not yet calculated CVE-2023-43320
MISC
MISC
MISC
pydash — pydash This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects. **Note:** The pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied: 1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible) 2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method) The pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function. 2023-09-28 not yet calculated CVE-2023-26145
MISC
MISC
MISC
pytorch — serve TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue. 2023-09-28 not yet calculated CVE-2023-43654
MISC
MISC
MISC
quill-mention — quill-mention Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. **Note:** If the mentions list is sourced from unsafe (user-sourced) data, this might allow an injection attack when a Quill user hits @. 2023-09-28 not yet calculated CVE-2023-26149
MISC
MISC
MISC
MISC
MISC
MISC
rdiffweb — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. 2023-09-29 not yet calculated CVE-2023-5289
MISC
MISC
red_hat — amq_broker A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. 2023-09-27 not yet calculated CVE-2023-4065
MISC
MISC
MISC
red_hat — amq_broker A flaw was found in Red Hat’s AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. 2023-09-27 not yet calculated CVE-2023-4066
MISC
MISC
MISC
samsung– exynos Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). 2023-09-28 not yet calculated CVE-2023-41911
MISC
scylladb — scylladb Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don’t have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace and create new tables on behalf of other users. 2023-09-27 not yet calculated CVE-2023-33972
MISC
shokoanime — shokoserver ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191. 2023-09-28 not yet calculated CVE-2023-43662
MISC
MISC
sick_ag — sim1012 A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device. 2023-09-29 not yet calculated CVE-2023-5288
MISC
MISC
MISC
silabs.com — gsdk Forcing the Bluetooth LE stack to segment ‘prepare write response’ packets can lead to an out-of-bounds memory access. 2023-09-29 not yet calculated CVE-2023-3024
MISC
MISC
sourcecodester — best_courier_management_system A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5269
MISC
MISC
MISC
sourcecodester — best_courier_management_system A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240883. 2023-09-29 not yet calculated CVE-2023-5270
MISC
MISC
MISC
sourcecodester — best_courier_management_system A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240884. 2023-09-29 not yet calculated CVE-2023-5271
MISC
MISC
MISC
sourcecodester — best_courier_management_system A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5272
MISC
MISC
MISC
sourcecodester — best_courier_management_system A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240886 is the identifier assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5273
MISC
MISC
MISC
sourcecodester — best_courier_management_system A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability. 2023-09-30 not yet calculated CVE-2023-5302
MISC
MISC
MISC
sourcecodester — engineers_online_portal A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-240904. 2023-09-29 not yet calculated CVE-2023-5276
MISC
MISC
MISC
sourcecodester — engineers_online_portal A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5277
MISC
MISC
MISC
sourcecodester — engineers_online_portal A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240906 is the identifier assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5278
MISC
MISC
MISC
sourcecodester — engineers_online_portal A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240907. 2023-09-29 not yet calculated CVE-2023-5279
MISC
MISC
MISC
sourcecodester — engineers_online_portal A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240908. 2023-09-29 not yet calculated CVE-2023-5280
MISC
MISC
MISC
sourcecodester — engineers_online_portal A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240909 was assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5281
MISC
MISC
MISC
sourcecodester — engineers_online_portal A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240910 is the identifier assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5282
MISC
MISC
MISC
sourcecodester — engineers_online_portal A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240911. 2023-09-29 not yet calculated CVE-2023-5283
MISC
MISC
MISC
sourcecodester — engineers_online_portal A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912. 2023-09-29 not yet calculated CVE-2023-5284
MISC
MISC
MISC
sourcecodester — expense_tracker_app A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5286
MISC
MISC
MISC
sourcecodester — simple_membership_system A vulnerability, which was classified as critical, has been found in SourceCodester Simple Membership System 1.0. This issue affects some unknown processing of the file group_validator.php. The manipulation of the argument club_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240869 was assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5260
MISC
MISC
MISC
sourcecodester — task_management_system A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list. 2023-09-29 not yet calculated CVE-2023-43944
MISC
tibco_software_inc. — tibco_nimbus The Web Client component of TIBCO Software Inc.’s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim’s local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s TIBCO Nimbus: versions 10.6.0 and below. 2023-09-29 not yet calculated CVE-2023-26218
MISC
tongda — oa_2017 A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240870 is the identifier assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5261
MISC
MISC
MISC
tongda — oa_2017 A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5265
MISC
MISC
MISC
tongda — oa_2017 A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880. 2023-09-29 not yet calculated CVE-2023-5267
MISC
MISC
MISC
tongda — oa_2017 A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-240913 was assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5285
MISC
MISC
MISC
tongda — oa_2017 A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability. 2023-09-30 not yet calculated CVE-2023-5298
MISC
MISC
MISC
ttsplanning — ttsplanning A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939. 2023-09-30 not yet calculated CVE-2023-5300
MISC
MISC
MISC
viessmann — vitogate_300 A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-09-27 not yet calculated CVE-2023-5222
MISC
MISC
MISC
warp-tech — warpgate Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn’t need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user’s public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-09-27 not yet calculated CVE-2023-43660
MISC
MISC
whitehsbg — jndiexploit A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5257
MISC
MISC
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <=1.0.7 versions. 2023-09-29 not yet calculated CVE-2023-39308
MISC
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <=2.5.9 versions. 2023-09-29 not yet calculated CVE-2023-41655
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <=2.3.2 versions. 2023-09-29 not yet calculated CVE-2023-41657
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <=1.0.13 versions. 2023-09-29 not yet calculated CVE-2023-41658
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions. 2023-09-29 not yet calculated CVE-2023-41661
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. 2023-09-29 not yet calculated CVE-2023-41662
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions. 2023-09-29 not yet calculated CVE-2023-41663
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions. 2023-09-29 not yet calculated CVE-2023-41666
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions. 2023-09-29 not yet calculated CVE-2023-41687
MISC
xinhu — rockoa A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability. 2023-09-29 not yet calculated CVE-2023-5296
MISC
MISC
MISC
xinhu — rockoa A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927. 2023-09-29 not yet calculated CVE-2023-5297
MISC
MISC
MISC
xrdp — xrdp xrdp is an open-source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-09-27 not yet calculated CVE-2023-42822
MISC
MISC
yzncms — yzncms A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. 2023-09-27 not yet calculated CVE-2023-43233
MISC
zephyr — zephyr Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. 2023-09-27 not yet calculated CVE-2023-5184
MISC
zyxel — zyxel Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component. 2023-09-27 not yet calculated CVE-2023-43314
MISC
zzzcms — zzzcms A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872. 2023-09-29 not yet calculated CVE-2023-5263
MISC
MISC
MISC

Back to top

Posted by

in