High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
|
projectworlds_pvt._limited — online_art_gallery |
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘fnm’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-26 | 9.8 | CVE-2023-43737 MISC MISC |
|
projectworlds_pvt._limited — online_art_gallery |
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ’email’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-43738 MISC MISC |
|
projectworlds_pvt._limited — online_art_gallery |
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘contact’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44162 MISC MISC |
|
projectworlds_pvt._limited — online_art_gallery |
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘lnm’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-26 | 9.8 | CVE-2023-44267 MISC MISC |
|
projectworlds_pvt._limited — online_art_gallery |
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘gender’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-26 | 9.8 | CVE-2023-44268 MISC MISC |
|
projectworlds_pvt._limited — online_art_gallery |
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add1’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44375 MISC MISC |
|
projectworlds_pvt._limited — online_art_gallery |
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add2’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44376 MISC MISC |
|
projectworlds_pvt._limited — online_art_gallery |
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add3’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44377 MISC MISC |
| apache — http_server | Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.57. | 2023-10-23 | 9.1 | CVE-2023-31122 MISC MISC MISC |
| byzoro — smart_s85f_firmware | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-21 | 9.8 | CVE-2023-5683 MISC MISC MISC |
| byzoro — smart_s85f_firmware | A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-21 | 9.8 | CVE-2023-5684 MISC MISC MISC |
| calibre-ebook — calibre | link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. | 2023-10-22 | 7.5 | CVE-2023-46303 MISC MISC |
| codeastro — internet_banking_system | A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131. | 2023-10-22 | 9.8 | CVE-2023-5693 MISC MISC MISC |
| color — demoiccmax | In International Color Consortium DemoIccMAX 79ecb74, there is a stack-based buffer overflow in the icFixXml function in IccXML/IccLibXML/IccUtilXml.cpp in libIccXML.a. | 2023-10-23 | 8.8 | CVE-2023-46602 MISC |
| color — demoiccmax | In International Color Consortium DemoIccMAX 79ecb74, there is an out-of-bounds read in the CIccPRMG::GetChroma function in IccProfLib/IccPrmg.cpp in libSampleICC.a. | 2023-10-23 | 7.8 | CVE-2023-46603 MISC |
| dell — unity_operating_environment | Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands. | 2023-10-23 | 7.8 | CVE-2023-43066 MISC |
| dell — unity_operating_environment | Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server. | 2023-10-23 | 7.5 | CVE-2023-43074 MISC |
| edm_informatics — e-invoice |
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1. | 2023-10-27 | 7.5 | CVE-2023-5443 MISC |
| f5 — big-ip | Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2023-10-26 | 9.8 | CVE-2023-46747 MISC |
| f5 — big-ip | An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2023-10-26 | 8.8 | CVE-2023-46748 MISC |
| frostming — pdm | pdm is a Python package and dependency manager supporting the latest PEP standards. It’s possible to craft a malicious `pdm.lock` file that could allow e.g., an insider or a malicious open source project to appear to depend on a trusted PyPI project, but actually install another project. A project `foo` can be targeted by creating the project `foo-2` and uploading the file `foo-2-2.tar.gz` to pypi.org. PyPI will see this as project `foo-2` version `2`, while PDM will see this as project `foo` version `2-2`. The version must only be `parseable as a version` and the filename must be a prefix of the project name, but it’s not verified to match the version being installed. Version `2-2` is also not a valid normalized version per PEP 440. Matching the project name exactly (not just prefix) would fix the issue. When installing dependencies with PDM, what’s actually installed could differ from what’s listed in `pyproject.toml` (including arbitrary code execution on install). It could also be used for downgrade attacks by only changing the version. This issue has been addressed in commit `6853e2642df` which is included in release version `2.9.4`. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-10-20 | 7.8 | CVE-2023-45805 MISC MISC MISC MISC MISC |
| ibm — cognos_dashboards_on_cloud_pak_for_data | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. IBM X-Force ID: 260730. | 2023-10-22 | 7.5 | CVE-2023-38275 MISC MISC |
| ibm — cognos_dashboards_on_cloud_pak_for_data | IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. IBM X-Force ID: 260736. | 2023-10-22 | 7.5 | CVE-2023-38276 MISC MISC |
| ibm — security_verify_governance | IBM Security Verify Governance 10.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 225222. | 2023-10-23 | 9.8 | CVE-2022-22466 MISC MISC |
| ibm — security_verify_governance | IBM Security Verify Governance 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 256036. | 2023-10-23 | 8.8 | CVE-2023-33839 MISC MISC |
| ibm — security_verify_governance | IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission. IBM X-Force ID: 256020. | 2023-10-23 | 7.5 | CVE-2023-33837 MISC MISC |
| ibm — sterling_partner_engagement_manager | IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to perform unauthorized actions due to improper authentication. IBM X-Force ID: 266896. | 2023-10-23 | 7.5 | CVE-2023-43045 MISC MISC |
| idattend — idweb | Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26568 MISC |
| idattend — idweb | Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26569 MISC |
| idattend — idweb | Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26572 MISC |
| idattend — idweb | Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. | 2023-10-25 | 9.1 | CVE-2023-26573 MISC |
| idattend — idweb | Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26581 MISC |
| idattend — idweb | Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26582 MISC |
| idattend — idweb | Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26583 MISC |
| idattend — idweb | Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-26584 MISC |
| idattend — idweb | Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-27254 MISC |
| idattend — idweb | Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-27255 MISC |
| idattend — idweb | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-27260 MISC |
| idattend — idweb | Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. | 2023-10-25 | 9.1 | CVE-2023-27262 MISC |
| idattend — idweb | Arbitrary file upload to web root in the IDAttend’s IDWeb application 3.1.013 allows authenticated attackers to upload dangerous files to web root such as ASP or ASPX, gaining command execution on the affected server. | 2023-10-25 | 8.8 | CVE-2023-26578 MISC |
| idattend — idweb | Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26570 MISC |
| idattend — idweb | Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26571 MISC |
| idattend — idweb | Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26574 MISC |
| idattend — idweb | Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26575 MISC |
| idattend — idweb | Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26576 MISC |
| idattend — idweb | Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-26580 MISC |
| idattend — idweb | Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27257 MISC |
| idattend — idweb | Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27258 MISC |
| idattend — idweb | Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27259 MISC |
| idattend — idweb | Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27375 MISC |
| idattend — idweb | Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27376 MISC |
| idattend — idweb | Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. | 2023-10-25 | 7.5 | CVE-2023-27377 MISC |
| inohom — home_manager_gateway |
Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting. This issue affects Home Manager Gateway: before v.1.27.12. | 2023-10-27 | 7.5 | CVE-2023-5570 MISC |
| langchain — langchain | In Langchain through 0.0.155, prompt injection allows execution of arbitrary code against the SQL service provided by the chain. | 2023-10-20 | 9.8 | CVE-2023-32785 MISC |
| langchain — langchain | In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. | 2023-10-20 | 7.5 | CVE-2023-32786 MISC |
| m-files — web_companion | Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution | 2023-10-20 | 7.8 | CVE-2023-5523 MISC |
| modoboa — modoboa | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. | 2023-10-20 | 8.8 | CVE-2023-5690 MISC MISC |
| mosparo — mosparo | Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. | 2023-10-20 | 8.8 | CVE-2023-5687 MISC MISC |
| netentsec — application_security_gateway | A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/iscgwtunnel/uploadiscgwrouteconf.php. The manipulation of the argument GWLinkId leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-243138 is the identifier assigned to this vulnerability. | 2023-10-23 | 9.8 | CVE-2023-5700 MISC MISC MISC |
| netentsec — application_security_gateway | A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /admin/list_addr_fwresource_ip.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-20 | 7.2 | CVE-2023-5681 MISC MISC MISC |
| openimageio — openimageio | An issue in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_rle_image function of file bifs/unquantize.c | 2023-10-23 | 8.8 | CVE-2023-42295 MISC |
| pleaser — pleaser | please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.) | 2023-10-20 | 7.8 | CVE-2023-46277 MISC MISC MISC MISC |
| projectworlds_pvt._limited — leave_management_system_project |
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The ‘setcasualleave’ parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-10-27 | 9.8 | CVE-2023-44480 MISC MISC |
| qnap — qusbcam2 | An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later | 2023-10-20 | 8.8 | CVE-2023-23373 MISC |
| radare — radare2 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. | 2023-10-20 | 8.8 | CVE-2023-5686 MISC MISC |
| reconftw — reconftw | reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. A vulnerability has been identified in reconftw where inadequate validation of retrieved subdomains may lead to a Remote Code Execution (RCE) attack. An attacker can exploit this vulnerability by crafting a malicious CSP entry on it’s own domain. Successful exploitation can lead to the execution of arbitrary code within the context of the application, potentially compromising the system. This issue has been addressed in version 2.7.1.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-10-20 | 8.8 | CVE-2023-46117 MISC MISC |
| secudos — qiata | SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every user on the system has write permission for previewRm.sh, which is executed by the root user. | 2023-10-20 | 7.8 | CVE-2023-40361 MISC |
| silabs — gecko_bootloader | An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. | 2023-10-20 | 7.8 | CVE-2023-3487 MISC MISC |
| sitolog — sitolog_application_connect | Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. | 2023-10-20 | 9.8 | CVE-2023-37824 MISC |
| sollace — unicopia | Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. | 2023-10-20 | 9.8 | CVE-2023-39680 MISC |
| stb_image.h — stb_image.h | stb_image is a single file MIT licensed library for processing images. It may look like `stbi__load_gif_main` doesn’t give guarantees about the content of output value `*delays` upon failure. Although it sets `*delays` to zero at the beginning, it doesn’t do it in case the image is not recognized as GIF and a call to `stbi__load_gif_main_outofmem` only frees possibly allocated memory in `*delays` without resetting it to zero. It would be fair to say the caller of `stbi__load_gif_main` is responsible to free the allocated memory in `*delays` only if `stbi__load_gif_main` returns a non-null value. However, at the same time the function may return null value but fail to free the memory in `*delays` if internally `stbi__convert_format` is called and fails. The issue may lead to a memory leak if the caller chooses to free `delays` only when `stbi__load_gif_main` didn’t fail or to a double-free if the `delays` is always freed | 2023-10-21 | 9.8 | CVE-2023-45666 MISC MISC MISC |
| stb_image.h — stb_image.h | stb_image is a single file MIT licensed library for processing images. A crafted image file can trigger `stbi__load_gif_main_outofmem` attempt to double-free the out variable. This happens in `stbi__load_gif_main` because when the `layers * stride` value is zero the behavior is implementation defined, but common that realloc frees the old memory and returns null pointer. Since it attempts to double-free the memory a few lines below the first “free”, the issue can be potentially exploited only in a multi-threaded environment. In the worst case this may lead to code execution. | 2023-10-21 | 8.8 | CVE-2023-45664 MISC MISC |
| stb_image.h — stb_image.h | stb_image is a single file MIT licensed library for processing images. When `stbi_set_flip_vertically_on_load` is set to `TRUE` and `req_comp` is set to a number that doesn’t match the real number of components per pixel, the library attempts to flip the image vertically. A crafted image file can trigger `memcpy` out-of-bounds read because `bytes_per_pixel` used to calculate `bytes_per_row` doesn’t match the real image array dimensions. | 2023-10-21 | 8.1 | CVE-2023-45662 MISC MISC |
| stb_image.h — stb_image.h | stb_image is a single file MIT licensed library for processing images. If `stbi__load_gif_main` in `stbi_load_gif_from_memory` fails, it returns a null pointer and may keep the `z` variable uninitialized. In case the caller also sets the flip vertically flag, it continues and calls `stbi__vertical_flip_slices` with the null pointer result value and the uninitialized `z` value. This may result in a program crash. | 2023-10-21 | 7.5 | CVE-2023-45667 MISC MISC MISC |
| stb_image.h — stb_image.h | stb_image is a single file MIT licensed library for processing images. A crafted image file may trigger out of bounds memcpy read in `stbi__gif_load_next`. This happens because two_back points to a memory address lower than the start of the buffer out. This issue may be used to leak internal memory allocation information. | 2023-10-21 | 7.1 | CVE-2023-45661 MISC MISC MISC |
| stb_image.h — stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[i] = get8_packet(f);`. The root cause is an integer overflow in `setup_malloc`. A sufficiently large value in the variable `sz` overflows with `sz+7` in and the negative value passes the maximum available memory buffer check. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45676 MISC MISC MISC |
| stb_image.h — stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)’�’;`. The root cause is that if `len` read in `start_decoder` is a negative number and `setup_malloc` successfully allocates memory in that case, but memory write is done with a negative index `len`. Similarly if len is INT_MAX the integer overflow len+1 happens in `f->vendor = (char*)setup_malloc(f, sizeof(char) * (len+1));` and `f->comment_list[i] = (char*)setup_malloc(f, sizeof(char) * (len+1));`. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45677 MISC MISC MISC MISC MISC MISC |
| stb_image.h — stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of buffer write in `start_decoder` because at maximum `m->submaps` can be 16 but `submap_floor` and `submap_residue` are declared as arrays of 15 elements. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45678 MISC MISC MISC |
| stb_image.h — stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory allocation failure in `start_decoder`. In that case the function returns early, but some of the pointers in `f->comment_list` are left initialized and later `setup_free` is called on these pointers in `vorbis_deinit`. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45679 MISC MISC MISC |
| stb_image.h — stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger memory write past an allocated heap buffer in `start_decoder`. The root cause is a potential integer overflow in `sizeof(char*) * (f->comment_list_length)` which may make `setup_malloc` allocate less memory than required. Since there is another integer overflow an attacker may overflow it too to force `setup_malloc` to return 0 and make the exploit more reliable. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45681 MISC MISC |
| stb_image.h — stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds read in `DECODE` macro when `var` is negative. As it can be seen in the definition of `DECODE_RAW` a negative `var` is a valid value. This issue may be used to leak internal memory allocation information. | 2023-10-21 | 7.1 | CVE-2023-45682 MISC MISC MISC MISC |
| stb_image.h — stb_vorbis.c | stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in `f->vendor[len] = (char)’�’;`. The root cause is that if the len read in `start_decoder` is `-1` and `len + 1` becomes 0 when passed to `setup_malloc`. The `setup_malloc` behaves differently when `f->alloc.alloc_buffer` is pre-allocated. Instead of returning `NULL` as in `malloc` case it shifts the pre-allocated buffer by zero and returns the currently available memory block. This issue may lead to code execution. | 2023-10-21 | 7.8 | CVE-2023-45675 MISC MISC MISC MISC |
| superwebmailer — superwebmailer | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter. | 2023-10-21 | 8.8 | CVE-2023-38190 MISC MISC |
| superwebmailer — superwebmailer | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Remote Code Execution via a crafted sendmail command line. | 2023-10-21 | 8.8 | CVE-2023-38193 MISC MISC |
| thingnario — photon | An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the “thingnario Logger Maintenance Webpage” endpoint. | 2023-10-21 | 8.8 | CVE-2023-46055 MISC |
| tongda — oa | A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/training/record/delete.php. The manipulation of the argument RECORD_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-243058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-20 | 9.8 | CVE-2023-5682 MISC MISC MISC |
| totolink — a3700r_firmware | An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function. | 2023-10-25 | 9.8 | CVE-2023-46574 MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel. | 2023-10-25 | 9.8 | CVE-2023-46554 MISC MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw. | 2023-10-25 | 9.8 | CVE-2023-46555 MISC MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter. | 2023-10-25 | 9.8 | CVE-2023-46556 MISC MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN. | 2023-10-25 | 9.8 | CVE-2023-46557 MISC MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice. | 2023-10-25 | 9.8 | CVE-2023-46558 MISC MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr. | 2023-10-25 | 9.8 | CVE-2023-46559 MISC MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup. | 2023-10-25 | 9.8 | CVE-2023-46560 MISC MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg. | 2023-10-25 | 9.8 | CVE-2023-46562 MISC MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS. | 2023-10-25 | 9.8 | CVE-2023-46563 MISC MISC |
| totolink — x2000r_firmware | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ. | 2023-10-25 | 9.8 | CVE-2023-46564 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle. | 2023-10-25 | 9.8 | CVE-2023-46520 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister. | 2023-10-25 | 9.8 | CVE-2023-46521 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister. | 2023-10-25 | 9.8 | CVE-2023-46522 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function upgradeInfoRegister. | 2023-10-25 | 9.8 | CVE-2023-46523 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister. | 2023-10-25 | 9.8 | CVE-2023-46525 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister. | 2023-10-25 | 9.8 | CVE-2023-46526 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle. | 2023-10-25 | 9.8 | CVE-2023-46527 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister. | 2023-10-25 | 9.8 | CVE-2023-46534 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister. | 2023-10-25 | 9.8 | CVE-2023-46535 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister. | 2023-10-25 | 9.8 | CVE-2023-46536 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister. | 2023-10-25 | 9.8 | CVE-2023-46537 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister. | 2023-10-25 | 9.8 | CVE-2023-46538 MISC MISC |
| tp-link — tl-wr886n_firmware | TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle. | 2023-10-25 | 9.8 | CVE-2023-46539 MISC MISC |
| trtek_software — education_portal | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in TRtek Software Education Portal allows SQL Injection. This issue affects Education Portal: before 3.2023.29. | 2023-10-27 | 9.8 | CVE-2023-5807 MISC |
| vercel — next.js | Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. | 2023-10-22 | 7.5 | CVE-2023-46298 MISC MISC MISC |
| vmware — fusion | VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | 2023-10-20 | 7.8 | CVE-2023-34045 MISC |
| vmware — fusion | VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | 2023-10-20 | 7 | CVE-2023-34046 MISC |
| wallix — bastion | WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface. | 2023-10-23 | 7.5 | CVE-2023-46319 MISC |
| wordpress — wordpress | The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins (present and active), active theme, various plugin settings, WordPress version, as well as some server settings such as memory limit, installation paths. | 2023-10-20 | 7.5 | CVE-2023-4668 MISC MISC |
| wordpress — wordpress | The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the ‘zeroBSCRM_CSVImporterLitehtml_app’ function in versions up to, and including, 5.3.1. While the function performs a nonce check, steps 2 and 3 of the check do not take any action upon a failed check. These steps then perform a ‘file_exists’ check on the value of ‘zbscrmcsvimpf’. If a phar:// archive is supplied, its contents will be deserialized and an object injected in the execution stream. This allows an unauthenticated attacker to obtain object injection if they are able to upload a phar archive (for instance if the site supports image uploads) and then trick an administrator into performing an action, such as clicking a link. | 2023-10-20 | 8.8 | CVE-2022-3342 MISC MISC MISC |
| wordpress — wordpress | The Brizy plugin for WordPress is vulnerable to authorization bypass due to an incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it possible for authenticated attackers to access and interact with available AJAX functions. | 2023-10-20 | 8.1 | CVE-2020-36714 MISC MISC |
| wordpress — wordpress | The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks on several AJAX actions and nonce disclosure in the source page of the administrative dashboard. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to call functions and delete and/or upload files. | 2023-10-20 | 8.8 | CVE-2020-36698 MISC MISC MISC |
| wordpress — wordpress | The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the ‘ctl_sanitize_title’ function in versions up to, and including, 3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This potentially allows authenticated users with the ability to add or modify terms or tags to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. A partial patch became available in version 3.6 and the issue was fully patched in version 3.7. | 2023-10-20 | 8.8 | CVE-2022-4290 MISC MISC |
| wordpress — wordpress | The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin’s [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-10-20 | 8.8 | CVE-2023-4999 MISC MISC |
| wordpress — wordpress | The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | 2023-10-20 | 9.8 | CVE-2023-4488 MISC MISC |
| wordpress — wordpress | The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents of arbitrary files on the server, which can contain sensitive information including those belonging to other sites, for example in shared hosting environments. | 2023-10-20 | 7.2 | CVE-2023-5414 MISC MISC MISC |
| wordpress — wordpress | The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the ‘cli_path’ parameter in versions up to and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server. | 2023-10-20 | 8.8 | CVE-2022-2441 MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions. | 2023-10-21 | 8.8 | CVE-2023-46078 MISC |
| wordpress — wordpress | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Additionally, input sanitization and escaping is insufficient resulting in the possibility of malicious script injection. | 2023-10-20 | 8.8 | CVE-2023-4920 MISC MISC MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions. | 2023-10-21 | 8.8 | CVE-2023-46067 MISC |
| wordpress — wordpress | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. | 2023-10-20 | 8.8 | CVE-2021-4334 MISC MISC |
| wordpress — wordpress | The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including, 6.6.0. This makes it possible for attackers to upload arbitrary files on the affected sites server which may make remote code execution possible. | 2023-10-20 | 9.8 | CVE-2020-36706 MISC MISC MISC MISC |
| wordpress — wordpress | The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including, 6.0.1. This makes it possible for unauthenticated attackers with knowledge of an existing WooCommerce Order ID to expose sensitive WooCommerce order information (e.g., Name, Address, Email Address, and other order metadata). | 2023-10-21 | 7.5 | CVE-2023-5132 MISC MISC |
| wordpress — wordpress | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2023-10-20 | 8.1 | CVE-2023-4386 MISC MISC |
| wordpress — wordpress | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2023-10-20 | 9.8 | CVE-2023-4402 MISC MISC |
| wordpress — wordpress | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext in the publicly visible plugin source. This could allow unauthenticated attackers to impersonate the WPVivid Google Drive account via the API if they can trick a user into reauthenticating via another vulnerability or social engineering. | 2023-10-20 | 9.3 | CVE-2023-5576 MISC MISC MISC |
| zscaler — client_connector | An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 | 2023-10-23 | 9.8 | CVE-2023-28805 MISC |
| zscaler — client_connector | The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges. | 2023-10-23 | 7.8 | CVE-2021-26735 MISC |
| zscaler — client_connector | Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges. | 2023-10-23 | 7.8 | CVE-2021-26736 MISC |
| zscaler — client_connector | Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. | 2023-10-23 | 7.8 | CVE-2021-26738 MISC |
| zscaler — client_connector | Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 2023-10-23 | 7.8 | CVE-2023-28793 MISC |
| zscaler — client_connector | Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 2023-10-23 | 7.8 | CVE-2023-28795 MISC |
| zscaler — client_connector | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | 2023-10-23 | 7.8 | CVE-2023-28796 MISC |
| zscaler — client_connector | Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. A malicious user can replace the folder and execute code as a privileged user. | 2023-10-23 | 7.3 | CVE-2023-28797 MISC |
| zzzcms — zzzcms | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. | 2023-10-25 | 9.8 | CVE-2023-45554 MISC |
| zzzcms — zzzcms | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | 2023-10-25 | 7.8 | CVE-2023-45555 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — airflow | Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348. | 2023-10-23 | 4.3 | CVE-2023-46288 MISC MISC |
| apache — santuario_xml_security_for_java | All versions of Apache Santuario – XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to upgrade to version 2.2.6, 2.3.4, or 3.0.3, which fixes this issue. | 2023-10-20 | 6.5 | CVE-2023-44483 MISC MISC |
| cmsmadesimple — cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. | 2023-10-20 | 5.4 | CVE-2023-43353 MISC |
| cmsmadesimple — cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. | 2023-10-20 | 5.4 | CVE-2023-43354 MISC |
| cmsmadesimple — cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences – Add user component. | 2023-10-20 | 5.4 | CVE-2023-43355 MISC MISC |
| cmsmadesimple — cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. | 2023-10-20 | 5.4 | CVE-2023-43356 MISC |
| cmsmadesimple — cmsmadesimple | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. | 2023-10-20 | 5.4 | CVE-2023-43357 MISC |
| codeastro — internet_banking_system | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132. | 2023-10-22 | 6.1 | CVE-2023-5694 MISC MISC MISC |
| codeastro — internet_banking_system | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com’%26%25 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability. | 2023-10-22 | 6.1 | CVE-2023-5695 MISC MISC MISC |
| codeastro — internet_banking_system | A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file pages_transfer_money.php. The manipulation of the argument account_number with the input 357146928–> |