US-CERT Vulnerability Summary for the Week of November 6, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
1e — platformThe 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI2023-11-067.2CVE-2023-45161
MISC
MISC
1e — platformThe 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI2023-11-067.2CVE-2023-45163
MISC
MISC
1e — platformThe 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue DELETE the instruction “Show dialogue with caption %Caption% and message %Message%” from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as “Show %Type% type notification with header %Header% and message %Message%” with a version of 7.1 or above.2023-11-067.2CVE-2023-5964
MISC
MISC
7-zip — 7-zip7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive.2023-11-037.8CVE-2023-31102
MISC
MISC
MISC
advanced_export_products_orders_cron_csv_excel_project — advanced_export_products_orders_cron_csv_excelInsecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table.2023-11-077.5CVE-2023-43984
arm — valhall_gpu_kernel_driverA local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory.2023-11-077.8CVE-2023-3889
arm — valhall_gpu_kernel_driverA local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.2023-11-077.8CVE-2023-4295
asus — rt-ax55_firmwareASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.2023-11-038.8CVE-2023-41345
MISC
asus — rt-ax55_firmwareASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.2023-11-038.8CVE-2023-41346
MISC
asus — rt-ax55_firmwareASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.2023-11-038.8CVE-2023-41347
MISC
asus — rt-ax55_firmwareASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.2023-11-038.8CVE-2023-41348
MISC
asus — rt-ax57_firmwareAn issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_ln 2C318 function.2023-11-099.8CVE-2023-47005
asus — rt-ax57_firmwareAn issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ipaddr field in the sub_6FC74 function.2023-11-099.8CVE-2023-47006
asus — rt-ax57_firmwareAn issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_391B8 function.2023-11-099.8CVE-2023-47007
asus — rt-ax57_firmwareAn issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the ifname field in the sub_4CCE4 function.2023-11-099.8CVE-2023-47008
best_courier_management_system — best_courier_management_systemAn issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.2023-11-039.8CVE-2023-46980
MISC
MISC
bestpractical — request_trackerBest Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.2023-11-037.5CVE-2023-41259
MISC
CONFIRM
CONFIRM
bestpractical — request_trackerBest Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.2023-11-037.5CVE-2023-41260
MISC
CONFIRM
CONFIRM
bestpractical — request_trackerBest Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.2023-11-037.5CVE-2023-45024
MISC
CONFIRM
bleachbit — bleachbitBleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.2023-11-087.3CVE-2023-47113
boltwire — boltwireAn issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function.2023-11-079.1CVE-2023-46501
 
botan_project — botanbcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.2023-11-037.5CVE-2017-7252
CONFIRM
MISC
clickbar — dot-diverDot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.2023-11-069.8CVE-2023-45827
MISC
MISC
couchbase — couchbase_serverCouchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal.2023-11-087.5CVE-2023-36667
 
djangoproject — djangoIn Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.2023-11-037.5CVE-2023-41164
CONFIRM
MISC
 
djangoproject — djangoIn Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.2023-11-037.5CVE-2023-43665
CONFIRM
MISC
 
ec-cube — ec-cubeEC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege.2023-11-077.2CVE-2023-46845

 

eclipse — glassfishIn Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.2023-11-039.8CVE-2023-5763
MISC
MISC
eclipse — parssonIn Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.2023-11-037.5CVE-2023-4043
MISC
MISC
espressif — esptoolAn issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm.2023-11-097.5CVE-2023-46894
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions.2023-11-098.8CVE-2023-34171
exiv2 — exiv2Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-068.8CVE-2023-44398
MISC
MISC
felixwelberg — sis_handballImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45.2023-11-069.8CVE-2023-33924
MISC
froxlor — froxlorImproper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0.2023-11-108.8CVE-2023-6069
 
frrouting — frroutingbgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a “flowspec overflow.”2023-11-069.8CVE-2023-38406
MISC
MISC
frrouting — frroutingbgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.2023-11-067.5CVE-2023-38407
MISC
MISC
MISC
frrouting — frroutingAn issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).2023-11-037.5CVE-2023-47234
MISC
frrouting — frroutingAn issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.2023-11-037.5CVE-2023-47235
MISC
ge — micom_s1_agileGeneral Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.2023-11-077.3CVE-2023-0898
gitlab — gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.2023-11-067.7CVE-2023-3399
MISC
MISC
google — androidIn video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357.2023-11-067.8CVE-2023-32837
MISC
google — androidIn video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273.2023-11-067CVE-2023-32832
MISC
google — chromeUse after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-11-088.8CVE-2023-5996

 

gpac — gpacOut-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV.2023-11-077.5CVE-2023-5998
 
group-office — group_officeGroup-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-078.8CVE-2023-46730
 
gss — vitals_enterprise_social_platformGalaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service.2023-11-038.8CVE-2023-41357
MISC
huawei — emuiVulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.2023-11-087.5CVE-2023-44098
 
huawei — emuiVulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.2023-11-087.5CVE-2023-46765
 
huawei — emuiSecurity vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.2023-11-087.5CVE-2023-46771
 
huawei — emuiVulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability.2023-11-087.5CVE-2023-46774
 
huawei — harmonyosVulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.2023-11-089.1CVE-2023-5801
 
huawei — harmonyosVulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.2023-11-087.5CVE-2023-44115
 
huawei — harmonyosThe remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality.2023-11-087.5CVE-2023-46757
 
huawei — harmonyosPermission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.2023-11-087.5CVE-2023-46758
 
huawei — harmonyosPermission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality.2023-11-087.5CVE-2023-46759
 
huawei — harmonyosOut-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.2023-11-087.5CVE-2023-46760
 
huawei — harmonyosOut-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.2023-11-087.5CVE-2023-46761
 
huawei — harmonyosOut-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.2023-11-087.5CVE-2023-46762
 
huawei — harmonyosOut-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.2023-11-087.5CVE-2023-46766
 
huawei — harmonyosOut-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions.2023-11-087.5CVE-2023-46767
 
huawei — harmonyosMulti-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally.2023-11-087.5CVE-2023-46768
 
huawei — harmonyosUse-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability.2023-11-087.5CVE-2023-46769
 
huawei — harmonyosOut-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users’ mobile phones.2023-11-087.5CVE-2023-46770
 
ibm — cics_txIBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.2023-11-037.5CVE-2023-43018
MISC
MISC
ibm — mq_applianceIBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.2023-11-037.8CVE-2023-46176
MISC
MISC
ibm — txseries_for_multiplatformsIBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.2023-11-038.8CVE-2023-42027
MISC
MISC
MISC
intelliants — subrionSubrion 4.2.1 has a remote command execution vulnerability in the backend.2023-11-038.8CVE-2023-46947
MISC
ivanti — automationA locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.2023-11-037.8CVE-2022-44569
MISC
ivanti — avalancheIvanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability2023-11-037.8CVE-2022-43554
MISC
ivanti — avalancheIvanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability2023-11-037.8CVE-2022-43555
MISC
ivanti — avalancheIvanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability2023-11-037.8CVE-2023-41725
MISC
ivanti — avalancheIvanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability2023-11-037.8CVE-2023-41726
MISC
kerawen — kerawenkerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().2023-11-049.8CVE-2023-40922
MISC
kubernetes — apiserverA security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client’s API server credentials to third parties.2023-11-038.2CVE-2022-3172
MISC
MISC
kubernetes — csi_proxyA security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.2023-11-038.8CVE-2023-3893
MISC
MISC
kyocera — d-copia253mf_plus_firmwareKyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.2023-11-037.5CVE-2023-34260
MISC
MISC
linagora — twakeImproper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223.2023-11-079.8CVE-2023-2675
 
linux — kernelAn out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.2023-11-038.1CVE-2023-1194
MISC
MISC
MISC
linux — kernelA use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.2023-11-037CVE-2023-1476
MISC
MISC
MISC
MISC
lost_and_found_information_system — lost_and_found_information_systemLost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.2023-11-039.8CVE-2023-38965
MISC
MISC
macvim — macvimMacvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root – this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue.2023-11-077.8CVE-2023-41036

 

mediatek — nr15In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.2023-11-067.5CVE-2023-20702
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability2023-11-107.3CVE-2023-36014
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability2023-11-037.3CVE-2023-36034
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-11-107.1CVE-2023-36024
midori-global — better_pdf_exporterLocal File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export.2023-11-077.8CVE-2023-42361

 

mitsubishi_electric — fx3u-32mt/es_firmwareInsufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.2023-11-069.1CVE-2023-4699
MISC
MISC
MISC
mongodb — atlas_kubernetes_operatorThe affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version. Required Configuration:  DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 )2023-11-077.5CVE-2023-0436
nationaledtech — boomerangAn issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.2023-11-039.1CVE-2023-36621
MISC
MISC
MISC
ncsist — mobile_device_managerNCSIST ManageEngine Mobile Device Manager(MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.2023-11-037.5CVE-2023-41344
MISC
netskope — netskopeNetskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. 2023-11-068.8CVE-2023-4996
MISC
nokia — g-040w-q_firmwareChunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.2023-11-039.8CVE-2023-41350
MISC
nokia — g-040w-q_firmwareChunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.2023-11-039.8CVE-2023-41351
MISC
nokia — g-040w-q_firmwareChunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.2023-11-039.8CVE-2023-41355
MISC
nokia — g-040w-q_firmwareChunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.2023-11-038.8CVE-2023-41353
MISC
nokia — g-040w-q_firmwareChunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.2023-11-037.2CVE-2023-41352
MISC
opayweb — opayAn Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app.2023-11-077.5CVE-2021-43419
 
opendesign — drawings_sdkAn issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution.2023-11-077.8CVE-2023-5179
openssl — opensslIssue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn’t make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn’t check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the “-pubcheck” option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.2023-11-067.5CVE-2023-5678
MISC
MISC
MISC
MISC
MISC
ortussolutions — coldbox_elixirA vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability.2023-11-067.5CVE-2021-4430
MISC
MISC
MISC
MISC
perforce — helix_coreAn arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner.2023-11-089.8CVE-2023-45849
perforce — helix_coreIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner.  2023-11-087.5CVE-2023-35767
perforce — helix_coreIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner. 2023-11-087.5CVE-2023-45319
perforce — helix_coreIn Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner.  2023-11-087.5CVE-2023-5759
phpfox — phpfoxAn issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.2023-11-039.8CVE-2023-46817
MISC
MISC
MISC
MISC
MISC
prestashop– prestashopIn the module “Order Duplicator ” Clone and Delete Existing Order” (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from ps_customer/ps_address tables such as name / surname / phone number / full postal address.2023-11-078.8CVE-2023-45380
progress — ws_ftp_serverIn WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application.2023-11-078.8CVE-2023-42659
 
projectworlds — online_job_portalOnline Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_password’ parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-079.8CVE-2023-46680
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-079.8CVE-2023-46785
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘pass’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-079.8CVE-2023-46798
 
puppet — puppet_enterpriseVersions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.2023-11-079.8CVE-2023-5309
python — pillowAn issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.2023-11-037.5CVE-2023-44271
MISC
MISC
MISC
qemu — qemuA bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM’s boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.2023-11-037CVE-2023-5088
MISC
MISC
MISC
qnap — music_stationA path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later2023-11-037.5CVE-2023-39299
MISC
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later2023-11-039.8CVE-2023-23368
MISC
qnap — qtsAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later2023-11-039.8CVE-2023-23369
MISC
qualcomm — snapdragonMemory Corruption in Multi-mode Call Processor while processing bit mask API.2023-11-079.8CVE-2023-22388
qualcomm — snapdragonMemory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.2023-11-079.8CVE-2023-33045
qualcomm — snapdragonMemory corruption in WLAN HOST while processing the WLAN scan descriptor list.2023-11-078.8CVE-2023-28572
qualcomm — snapdragonMemory Corruption in Core during syscall for Sectools Fuse comparison feature.2023-11-077.8CVE-2023-21671
qualcomm — snapdragonMemory Corruption in Core due to secure memory access by user while loading modem image.2023-11-077.8CVE-2023-24852
qualcomm — snapdragonMemory corruption in TZ Secure OS while loading an app ELF.2023-11-077.8CVE-2023-28545
qualcomm — snapdragonCryptographic issue in HLOS during key management.2023-11-077.8CVE-2023-28556
qualcomm — snapdragonMemory corruption while processing audio effects.2023-11-077.8CVE-2023-28570
qualcomm — snapdragonMemory corruption in core services when Diag handler receives a command to configure event listeners.2023-11-077.8CVE-2023-28574
qualcomm — snapdragonMemory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer.2023-11-077.8CVE-2023-33031
qualcomm — snapdragonMemory Corruption in Audio while invoking callback function in driver from ADSP.2023-11-077.8CVE-2023-33055
qualcomm — snapdragonMemory corruption in Audio while processing the VOC packet data from ADSP.2023-11-077.8CVE-2023-33059
qualcomm — snapdragonMemory corruption in Audio when SSR event is triggered after music playback is stopped.2023-11-077.8CVE-2023-33074
qualcomm — snapdragonTransient DOS in WLAN Firmware while parsing no-inherit IES.2023-11-077.5CVE-2023-33047
qualcomm — snapdragonTransient DOS in WLAN Firmware while parsing t2lm buffers.2023-11-077.5CVE-2023-33048
qualcomm — snapdragonTransient DOS in WLAN Firmware when firmware receives beacon including T2LM IE.2023-11-077.5CVE-2023-33056
qualcomm — snapdragonTransient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame.2023-11-077.5CVE-2023-33061
qualitor — qalitorQualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.2023-11-069.8CVE-2023-47253
MISC
MISC
MISC
MISC
redlion — crimsonThe Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.2023-11-069.8CVE-2023-5719
MISC
MISC
relativity — relativityoneSQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.2023-11-039.8CVE-2023-46954
MISC
remoteclinic — remote_clinicRemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php.2023-11-079.8CVE-2023-33478
remoteclinic — remote_clinicRemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file.2023-11-079.8CVE-2023-33479
remoteclinic — remote_clinicRemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the ‘start’ GET parameter of patients/index.php.2023-11-079.8CVE-2023-33481
remoteclinic — remote_clinicRemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell.2023-11-078.8CVE-2023-33480
samba — sambaA path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.2023-11-039.8CVE-2023-3961
MISC
MISC
MISC
MISC
MISC
MISC
samsung — androidImproper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows attacker to bypass restrictions on starting activities from the background.2023-11-079.8CVE-2023-42531
samsung — androidAn improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write.2023-11-079.8CVE-2023-42536
samsung — androidAn improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write.2023-11-079.8CVE-2023-42537
samsung — androidAn improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write.2023-11-079.8CVE-2023-42538
samsung — androidArbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.2023-11-077.8CVE-2023-30739
samsung — androidImproper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.2023-11-077.8CVE-2023-42528
samsung — androidOut-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.2023-11-077.8CVE-2023-42529
samsung — androidOut-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.2023-11-077.8CVE-2023-42535
samsung — androidImproper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.2023-11-077.5CVE-2023-42530
samsung — androidImproper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.2023-11-077.5CVE-2023-42532
samsung — bixby_voiceImproper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege.2023-11-077.5CVE-2023-42543
samsung — exynos_9810_firmwareAn issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.2023-11-087.5CVE-2023-41111
samsung — exynos_9810_firmwareAn issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.2023-11-087.5CVE-2023-41112
samsung — phoneUse of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data.2023-11-077.5CVE-2023-42545
schedmd — slurmSchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.2023-11-037CVE-2023-41914
MISC
CONFIRM
softing — smartlink_sw-htWeak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).2023-11-067.5CVE-2022-48193
MISC
MISC
squid-cache — squidSquid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid’s Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.2023-11-067.5CVE-2023-46728
MISC
MISC
squid-cache — squidSquid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.2023-11-037.5CVE-2023-46847
MISC
MISC
MISC
MISC
MISC
MISC

 

squid-cache — squidSquid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.2023-11-037.5CVE-2023-46848
MISC
MISC
MISC
MISC
MISC
squid-cache — squidSquid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.2023-11-037.5CVE-2023-5824
MISC
MISC
MISC
squidex.io — squidexSquidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the `squidex.admin.restore` permission to create and restore backups. Part of these backups are the assets uploaded to an App. For each asset, the backup zip archive contains a `.asset` file with the actual content of the asset as well as a related `AssetCreatedEventV2` event, which is stored in a JSON file. Amongst other things, the JSON file contains the event type (`AssetCreatedEventV2`), the ID of the asset (`46c05041-9588-4179-b5eb-ddfcd9463e1e`), its filename (`test.txt`), and its file version (`0`). When a backup with this event is restored, the `BackupAssets.ReadAssetAsync` method is responsible for re-creating the asset. For this purpose, it determines the name of the `.asset` file in the zip archive, reads its content, and stores the content in the filestore. When the asset is stored in the filestore via the UploadAsync method, the assetId and fileVersion are passed as arguments. These are further passed to the method GetFileName, which determines the filename where the asset should be stored. The assetId is inserted into the filename without any sanitization and an attacker with squidex.admin.restore privileges to run arbitrary operating system commands on the underlying server (RCE).2023-11-077.2CVE-2023-46253
strapi — strapistrapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-067.5CVE-2023-39345
MISC
swtpm — swtpmIn swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.2023-11-037.1CVE-2020-28407
MISC
CONFIRM
CONFIRM
sysaid — sysaid_on-premisesIn SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.2023-11-109.8CVE-2023-47246

 

wordpress — wordpressThe Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.2023-11-067.5CVE-2023-5454
MISC
tenda — ax1806_firmwareTenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size.2023-11-079.1CVE-2023-47455
tenda — ax1806_firmwareTenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat.2023-11-079.1CVE-2023-47456
tigera — calico_cloudIn certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.2023-11-067.5CVE-2023-41378
MISC
MISC
MISC
tyk — tykBlind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.2023-11-079.8CVE-2023-42283
tyk — tykBlind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query.2023-11-079.8CVE-2023-42284
utoronto — pcrsPCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.2023-11-039.9CVE-2023-46404
MISC
MISC
vaerys-dawn — discordsailv2A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483.2023-11-059.8CVE-2018-25092
MISC
MISC
MISC
MISC
vaerys-dawn — discordsailv2A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484.2023-11-069.8CVE-2018-25093
MISC
MISC
MISC
MISC
veeam — oneA vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database.2023-11-079.8CVE-2023-38547
videolan — vlc_media_playerVideolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption.2023-11-079.8CVE-2023-47359
videolan — vlc_media_playerVideolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length.2023-11-077.5CVE-2023-47360
webidsupport — webidWeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.2023-11-089.8CVE-2023-47397
weintek — easybuilder_proWeintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.2023-11-069.8CVE-2023-5777
MISC
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75.2023-11-079.8CVE-2022-45357
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1.2023-11-079.8CVE-2022-45360
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1.2023-11-079.8CVE-2022-45370
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.2023-11-069.8CVE-2022-45373
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.2023-11-039.8CVE-2022-45805
MISC
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2.2023-11-079.8CVE-2022-45810
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews. This issue affects Site Reviews: from n/a through 6.2.0.2023-11-079.8CVE-2022-46801
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce. This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8.2023-11-079.8CVE-2022-46802
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin – Noptin. This issue affects Simple Newsletter Plugin – Noptin: from n/a through 1.9.5.2023-11-079.8CVE-2022-46803
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.2023-11-039.8CVE-2022-46808
MISC
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7.2023-11-079.8CVE-2022-46809
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2.2023-11-039.8CVE-2022-46818
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Weblizar Coming Soon Page – Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page – Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9.2023-11-069.8CVE-2022-46849
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.2023-11-039.8CVE-2022-46859
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.2023-11-069.8CVE-2022-46860
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.2023-11-069.8CVE-2022-47420
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4.2023-11-039.8CVE-2022-47426
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.2023-11-069.8CVE-2022-47428
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1.2023-11-069.8CVE-2022-47430
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Kemal YAZICI – PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.2023-11-069.8CVE-2022-47432
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0.2023-11-039.8CVE-2022-47445
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1.2023-11-039.8CVE-2022-47588
MISC
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1.2023-11-079.8CVE-2023-22719
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms. This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0.2023-11-079.8CVE-2023-23796
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.2023-11-039.8CVE-2023-25700
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.2023-11-039.8CVE-2023-25960
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection. This issue affects MapPress Maps for WordPress: from n/a through 2.85.4.2023-11-039.8CVE-2023-26015
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6.2023-11-069.8CVE-2023-27605
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.2023-11-069.8CVE-2023-28748
MISC
wordpress — wordpressThe MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user’s email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin’s team 30 days ago.2023-11-039.8CVE-2023-3277
MISC
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.2023-11-039.8CVE-2023-34383
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0.2023-11-069.8CVE-2023-35911
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Favethemes Houzez – Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez – Real Estate WordPress Theme: from n/a through 1.3.4.2023-11-039.8CVE-2023-36529
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4.2023-11-069.8CVE-2023-38382
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in RedNao Donations Made Easy – Smart Donations allows SQL Injection.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.2023-11-069.8CVE-2023-40207
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.2023-11-069.8CVE-2023-40609
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.2023-11-039.8CVE-2023-41652
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.2023-11-069.8CVE-2023-41685
MISC
wordpress — wordpressBon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call.2023-11-039.8CVE-2023-43982
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.2023-11-069.8CVE-2023-45001
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3.2023-11-069.8CVE-2023-45046
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.2023-11-069.8CVE-2023-45055
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Video Gallery by Total-Soft Video Gallery – Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery – Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.2023-11-069.8CVE-2023-45069
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Page Visit Counter Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter – Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.2023-11-069.8CVE-2023-45074
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.2023-11-069.8CVE-2023-45657
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.2023-11-069.8CVE-2023-45830
MISC
wordpress — wordpressThe WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.2023-11-069.8CVE-2023-5601
MISC
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter. This issue affects WP CSV Exporter: from n/a through 2.0.2023-11-078.8CVE-2022-38702
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV. This issue affects Export Users Data CSV: from n/a through 2.1.2023-11-078.8CVE-2022-41616
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter. This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8.2023-11-078.8CVE-2022-42882
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats. This issue affects Posts and Users Stats: from n/a through 1.1.3.2023-11-078.8CVE-2022-44738
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users. This issue affects amr users: from n/a through 4.59.4.2023-11-078.8CVE-2022-45348
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History – user activity log, audit tool. This issue affects Simple History – user activity log, audit tool: from n/a through 3.3.1.2023-11-078.8CVE-2022-45350
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct. This issue affects Export Users Data Distinct: from n/a through 1.3.2023-11-078.8CVE-2022-46804
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2.2023-11-078.8CVE-2022-47181
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9.2023-11-078.8CVE-2022-47442
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.2023-11-038.8CVE-2023-25800
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions.2023-11-098.8CVE-2023-25975
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84.2023-11-078.8CVE-2023-25983
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.2023-11-038.8CVE-2023-25990
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions.2023-11-098.8CVE-2023-25994
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions.2023-11-108.8CVE-2023-29426
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions.2023-11-108.8CVE-2023-29428
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions.2023-11-108.8CVE-2023-29440
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions.2023-11-108.8CVE-2023-30478
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions.2023-11-108.8CVE-2023-31078
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.2023-11-098.8CVE-2023-31086
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.2023-11-098.8CVE-2023-31087
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin <= 1.2.1 versions.2023-11-098.8CVE-2023-31088
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions.2023-11-098.8CVE-2023-31093
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions.2023-11-098.8CVE-2023-31235
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions.2023-11-098.8CVE-2023-32092
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin <= 1.0.7 versions.2023-11-098.8CVE-2023-32093
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.2023-11-098.8CVE-2023-32125
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart – Multipurpose WooCommerce Theme <= 7.1.1 versions.2023-11-098.8CVE-2023-32500
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions.2023-11-098.8CVE-2023-32501
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types – Manage file media types plugin <= 1.0.7 versions.2023-11-098.8CVE-2023-32502
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions.2023-11-098.8CVE-2023-32512
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin <= 2.1.2 versions.2023-11-098.8CVE-2023-32579
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin <= 1.3.8 versions.2023-11-098.8CVE-2023-32587
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions.2023-11-098.8CVE-2023-32592
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.2023-11-098.8CVE-2023-32594
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions.2023-11-098.8CVE-2023-32602
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.2023-11-098.8CVE-2023-32739
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions.2023-11-098.8CVE-2023-32744
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions.2023-11-098.8CVE-2023-32745
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions.2023-11-098.8CVE-2023-32794
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions.2023-11-098.8CVE-2023-34002
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions.2023-11-098.8CVE-2023-34024
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin <= 2.1.6 versions.2023-11-098.8CVE-2023-34025
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.2023-11-098.8CVE-2023-34031
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagination and Infinite Scroll plugin <= 2.0.1 versions.2023-11-098.8CVE-2023-34033
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in SAKURA Internet Inc. TS Webfonts for ??????????? plugin <= 3.1.2 versions.2023-11-098.8CVE-2023-34169
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Kenth Hagström WP-Cache.Com plugin <= 1.1.1 versions.2023-11-098.8CVE-2023-34177
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11 versions.2023-11-098.8CVE-2023-34178
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= 0.6.11 versions.2023-11-098.8CVE-2023-34181
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Password Changer plugin <= 1.55 versions.2023-11-098.8CVE-2023-34182
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions.2023-11-098.8CVE-2023-34371
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions.2023-11-098.8CVE-2023-34386
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.2023-11-048.8CVE-2023-35910
MISC
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0.2023-11-078.8CVE-2023-36527
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67.2023-11-038.8CVE-2023-36677
MISC
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist – WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist – WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1.2023-11-078.8CVE-2023-41798
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection. This issue affects Icons Font Loader: from n/a through 1.1.2.2023-11-068.8CVE-2023-46084
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1 versions.2023-11-098.8CVE-2023-46614
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions.2023-11-068.8CVE-2023-46775
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions.2023-11-068.8CVE-2023-46776
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions.2023-11-068.8CVE-2023-46777
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions.2023-11-068.8CVE-2023-46778
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions.2023-11-068.8CVE-2023-46779
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions.2023-11-068.8CVE-2023-46780
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions.2023-11-068.8CVE-2023-46781
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions.2023-11-068.8CVE-2023-47182
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions.2023-11-068.8CVE-2023-47186
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 – WordPress Popular posts by WebberZone plugin <= 3.3.2 versions.2023-11-098.8CVE-2023-47238
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions.2023-11-068.8CVE-2023-5823
MISC
wordpress — wordpressThe Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.2023-11-068.1CVE-2023-5355
MISC
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker. This issue affects User Blocker: from n/a through 1.5.5.2023-11-077.2CVE-2022-45078
wordpress — wordpressImproper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.2023-11-077.2CVE-2023-23678
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4.2023-11-037.2CVE-2023-32121
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5.2023-11-037.2CVE-2023-32508
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.2023-11-047.2CVE-2023-32741
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.2023-11-037.2CVE-2023-34179
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.2023-11-047.2CVE-2023-38391
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.2023-11-047.2CVE-2023-40215
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.2023-11-067.2CVE-2023-46821
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4.2023-11-067.2CVE-2023-46823
MISC
wordpress — wordpressThe History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it.2023-11-067.2CVE-2023-5082
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto Publish for Google My Business plugin <= 3.7 versions.2023-11-098.8CVE-2023-47237
wpn-xm — wpn-xmA local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.2023-11-039.8CVE-2023-4591
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn’t properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins).2023-11-069.8CVE-2023-46731
MISC
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability.2023-11-078.8CVE-2023-46242

 

xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for a user to execute any content with the right of an existing document’s content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D&xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. Users are advised to update. There are no known workarounds for this issue.2023-11-078.8CVE-2023-46243

 

xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programming right and the user does not have it, the expected result is `$doc.document.authors.contentAuthor` (not executed script), unfortunately with the security vulnerability it is possible for the attacker to get `XWiki.superadmin` which shows that the title was executed with the right of the unmodified document. This has been patched in XWiki versions 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-078.8CVE-2023-46244

 

xxyopen — novel-plusSQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.2023-11-059.8CVE-2023-46981
MISC
zavio — cf7500_firmwareZavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.2023-11-089.8CVE-2023-39435
zavio — cf7500_firmwareZavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.2023-11-089.8CVE-2023-3959
zavio — cf7500_firmwareZavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests.2023-11-089.8CVE-2023-4249
zavio — cf7500_firmwareZavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.2023-11-089.8CVE-2023-43755
zavio — cf7500_firmwareZavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras  with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution.2023-11-089.8CVE-2023-45225
zohocorp — manageengine_desktop_centralA SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.2023-11-038.8CVE-2023-4769
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache — alluraAllura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them.  Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution. This issue affects Apache Allura from 1.0.1 through 1.15.0. Users are recommended to upgrade to version 1.16.0, which fixes the issue.  If you are unable to upgrade, set “disable_entry_points.allura.importers = forge-tracker, forge-discussion” in your .ini config file.2023-11-074.9CVE-2023-46851
 
apache — ofbizMissing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09.  Users are recommended to upgrade to version 18.12.092023-11-075.3CVE-2023-46819

 

arm — bifrost_gpu_kernel_driverA local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory.2023-11-075.5CVE-2023-4272
bootboxjs — bootboxCross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions.2023-11-076.1CVE-2023-46998
 
clastix — capsulecapsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example, consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `–disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn’t allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-11-064.3CVE-2023-46254
MISC
MISC
cloudnet360 — cloudnet360Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <= 3.2.0 versions.2023-11-086.1CVE-2023-46643
color — demoiccmaxIn International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read.2023-11-056.5CVE-2023-47249
MISC
cure53 — dompurifyDOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a ‘rel=”noopener noreferrer”‘ attribute.2023-11-076.1CVE-2019-25155
 
docker — machineDocker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.2023-11-076.5CVE-2023-40453

 

dstar2018 — agencyA vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is named 975b56953efabb434519d9feefcc53685fb8d0ab. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-244495.2023-11-076.1CVE-2019-25156

 

gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.2023-11-066.5CVE-2023-3909
MISC
MISC
gitlab — gitlabAn authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.2023-11-066.5CVE-2023-4700
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.2023-11-066.5CVE-2023-5825
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.2023-11-065.3CVE-2023-5831
MISC
gitlab — gitlabAn issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attacker to block Sidekiq job processor.2023-11-064.3CVE-2023-3246
MISC
MISC
gitlab — gitlabAn issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.2023-11-064.3CVE-2023-5963
MISC
google — androidIn vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.2023-11-066.7CVE-2023-32818
MISC
google — androidIn secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.2023-11-066.7CVE-2023-32834
MISC
google — androidIn keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.2023-11-066.7CVE-2023-32835
MISC
google — androidIn display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725.2023-11-066.7CVE-2023-32836
MISC
google — androidIn dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.2023-11-066.7CVE-2023-32838
MISC
google — androidIn dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.2023-11-066.7CVE-2023-32839
MISC
google — androidIn bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.2023-11-065.5CVE-2023-32825
MISC
gvectors — wpdiscuzUnauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments – wpDiscuz plugin <= 7.6.11 versions.2023-11-066.1CVE-2023-47185
MISC
hillstonenet — sc-6000-e3960_firmwareCross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering.2023-11-056.1CVE-2023-46964
MISC
huawei — emuiRace condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed.2023-11-085.9CVE-2022-48613
 
huawei — emuiVulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart.2023-11-085.3CVE-2023-46755
 
huawei — emuiVulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously.2023-11-085.3CVE-2023-46763
 
huawei — emuiUnauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.2023-11-085.3CVE-2023-46764
 
huawei — harmonyosPermission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows.2023-11-085.3CVE-2023-46756
 
ibm — content_navigatorIBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.2023-11-035.4CVE-2023-35896
MISC
MISC
ibm — robotic_process_automation_for_cloud_pakA vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.2023-11-036.5CVE-2023-45189
MISC
MISC
ibm — txseries_for_multiplatformsIBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.2023-11-035.4CVE-2023-42029
MISC
MISC
MISC
jbig2enc_project — jbig2encjbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc.2023-11-085.5CVE-2023-46362
 
jbig2enc_project — jbig2encjbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512.2023-11-085.5CVE-2023-46363
 
kaoshifeng — yunfan_learning_examination_systemAn issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.2023-11-045.3CVE-2023-46963
MISC
kyocera — d-copia253mf_plus_firmwareKyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a “nicht einloggen” error rather than a falsch error.2023-11-035.3CVE-2023-34261
MISC
MISC
kyocera — d-copia253mf_plus_firmwareKyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.2023-11-034.9CVE-2023-34259
MISC
MISC
lenovo — desktop_biosA buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-086.7CVE-2023-43571
lenovo — desktop_biosA buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-086.7CVE-2023-43573
lenovo — desktop_biosA buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-086.7CVE-2023-43575
lenovo — desktop_biosA buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-086.7CVE-2023-43576
lenovo — desktop_biosA buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-086.7CVE-2023-43577
lenovo — desktop_biosA buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-086.7CVE-2023-43578
lenovo — desktop_biosA buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-086.7CVE-2023-43579
lenovo — desktop_biosA buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-086.7CVE-2023-43580
lenovo — desktop_biosA buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-086.7CVE-2023-43581
lenovo — desktop_biosA buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.2023-11-084.4CVE-2023-43572
lenovo — desktop_biosA buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.2023-11-084.4CVE-2023-43574
linux — kernelThe brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this “could be exploited in a real world scenario.” This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.2023-11-034.3CVE-2023-47233
MISC
MISC
linux — linux_kernelA flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.2023-11-065.5CVE-2023-5090
MISC
MISC
mattermost — mattermostMattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items.2023-11-065.3CVE-2023-5969
MISC
mattermost — mattermostMattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. 2023-11-064.9CVE-2023-5968
MISC
mattermost — mattermostMattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin2023-11-064.3CVE-2023-5967
MISC
mediatek — lr12aIn modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).2023-11-066.5CVE-2023-32840
MISC
mediawiki — mediawikiAn issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.2023-11-035.4CVE-2023-45360
MISC
mediawiki — mediawikiAn issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka “X intermediate revisions by the same user not shown”) ignores username suppression. This is an information leak.2023-11-034.3CVE-2023-45362
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Remote Code Execution Vulnerability2023-11-036.6CVE-2023-36022
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Information Disclosure Vulnerability2023-11-076.5CVE-2023-36409
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Spoofing Vulnerability2023-11-034.3CVE-2023-36029
MISC
microsoft — onenoteMicrosoft OneNote Spoofing Vulnerability2023-11-065.4CVE-2023-36769
MISC
microweber — microweberMicroweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality.2023-11-085.4CVE-2023-47379

 

microweber — microweberImproper Access Control in GitHub repository microweber/microweber prior to 2.0.2023-11-074.3CVE-2023-5976
 
mitsubishi_electric — fx5u-32mt/es_firmwareImproper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.2023-11-065.3CVE-2023-4625
MISC
MISC
MISC
moodle — moodleThe CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content.2023-11-096.1CVE-2023-5541

 

moodle — moodleThe course upload preview contained an XSS risk for users uploading unsafe data.2023-11-096.1CVE-2023-5547

 

moodle — moodleWiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk.2023-11-095.4CVE-2023-5544

 

moodle — moodleID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk.2023-11-095.4CVE-2023-5546

 

msyk — fmdataapiA vulnerability classified as problematic has been found in msyk FMDataAPI up to 22. Affected is an unknown function of the file FMDataAPI_Sample.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 23 is able to address this issue. The patch is identified as 3bd1709a8f7b1720529bf5dfc9855ad609f436cf. It is recommended to upgrade the affected component. VDB-244494 is the identifier assigned to this vulnerability.2023-11-076.1CVE-2021-4431

 

mybb — mybbMyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn’t escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP ? Configuration ? Settings_): – _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP ? Your Profile ? Edit Options_) _Show the MyCode formatting options on the posting pages_.2023-11-066.1CVE-2023-46251
MISC
MISC
MISC
mybb — mybbCross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.2023-11-065.4CVE-2023-45556
MISC
MISC
MISC
nasa — openmctCross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin.2023-11-096.5CVE-2023-45884
nasa — openmctCross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin.2023-11-095.4CVE-2023-45885
nationaledtech — boomerangAn issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup=”false” attribute in the manifest. This allows the user to back up the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.2023-11-034.6CVE-2023-36620
MISC
MISC
MISC
ni — topografix_data_pluginAn incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file.2023-11-085.5CVE-2023-5136
nta — e-taxe-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.2023-11-065.5CVE-2023-46802
MISC
MISC
opensc_project — openscA flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user’s awareness.2023-11-066.6CVE-2023-40660
MISC
MISC
MISC
MISC
MISC
opensc — openscSeveral memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment.2023-11-066.4CVE-2023-40661
MISC
MISC
MISC
MISC
MISC
prestashop — prestashopblockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4.2023-11-095.3CVE-2023-47110
proofpoint — enterprise_protectionProofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.2023-11-066.1CVE-2023-5771
MISC
qnap — qtsA server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later2023-11-034.3CVE-2023-39301
MISC
qualcomm — snapdragonInformation Disclosure in WLAN Host when processing WMI event command.2023-11-075.5CVE-2023-28553
qualcomm — snapdragonInformation Disclosure in Qualcomm IPC while reading values from shared memory in VM.2023-11-075.5CVE-2023-28554
qualcomm — snapdragonInformation disclosure in IOE Firmware while handling WMI command.2023-11-075.5CVE-2023-28563
qualcomm — snapdragonInformation disclosure in WLAN HAL while handling the WMI state info command.2023-11-075.5CVE-2023-28566
qualcomm — snapdragonInformation disclosure in WLAN HAL when reception status handler is called.2023-11-075.5CVE-2023-28568
qualcomm — snapdragonInformation disclosure in WLAN HAL while handling command through WMI interfaces.2023-11-075.5CVE-2023-28569
ragic — enterprise_cloud_databaseRogic No-Code Database Builder’s file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.2023-11-035.4CVE-2023-41343
MISC
rapid7 — velociraptorRapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user’s web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).2023-11-066.1CVE-2023-5950
MISC
redhat — 3scale_api_managementA flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.2023-11-065.5CVE-2023-4910
MISC
MISC
redhat — quayA flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance.2023-11-074.3CVE-2023-4956
 
redmine — redmineRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.2023-11-056.1CVE-2023-47258
MISC
redmine — redmineRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.2023-11-056.1CVE-2023-47259
MISC
redmine — redmineRedmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.2023-11-056.1CVE-2023-47260
MISC
roundcube — webmailRoundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).2023-11-066.1CVE-2023-47272
MISC
MISC
MISC

 

samba — sambaA vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module “acl_xattr” is configured with “acl_xattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba’s permissions.2023-11-036.5CVE-2023-4091
MISC
MISC
MISC
MISC
MISC
MISC
samba — sambaA design flaw was found in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence.2023-11-076.5CVE-2023-4154

 

samba — sambaA vulnerability was found in Samba’s “rpcecho” development server, a non-Windows RPC server used to test Samba’s DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the “rpcecho” service operates with only one worker in the main RPC task, allowing calls to the “rpcecho” server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a “sleep()” call in the “dcesrv_echo_TestSleep()” function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the “rpcecho” server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as “rpcecho” runs in the main RPC task.2023-11-066.5CVE-2023-42669
MISC
MISC
MISC
MISC
MISC
samba — sambaA flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba’s RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation “classic DCs”) can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as “The procedure number is out of range” when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.2023-11-036.5CVE-2023-42670
MISC
MISC
MISC
MISC
MISC
samsung — accountUse of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.2023-11-076.5CVE-2023-42546
samsung — accountUse of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.2023-11-076.5CVE-2023-42547
samsung — accountUse of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.2023-11-076.5CVE-2023-42548
samsung — accountUse of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.2023-11-076.5CVE-2023-42549
samsung — accountUse of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.2023-11-076.5CVE-2023-42550
samsung — accountUse of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.2023-11-076.5CVE-2023-42551
samsung — accountImproper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.2023-11-075.5CVE-2023-42540
samsung — androidImproper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.2023-11-076.8CVE-2023-42533
samsung — androidImproper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.2023-11-075.5CVE-2023-42527
samsung — androidImproper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.2023-11-075.5CVE-2023-42534
samsung — easysetupUse of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device.2023-11-075.5CVE-2023-42555
samsung — emailImproper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email.2023-11-075.3CVE-2023-42553
samsung — healthPendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data.2023-11-075.5CVE-2023-42539
samsung — passImproper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.2023-11-076.8CVE-2023-42554
samsung — push_serviceImproper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id.2023-11-075.3CVE-2023-42541
samsung — quick_shareImproper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files.2023-11-075.5CVE-2023-42544
samsung — ue40d7000_firmwareImproper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools.2023-11-084.3CVE-2023-41270
 
sfu — pkp_web_application_libraryMissing Authorization in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-075.4CVE-2023-5900
 
sfu — pkp_web_application_libraryCross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-075.4CVE-2023-5903
 
sfu — pkp_web_application_libraryCross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-075.4CVE-2023-5904
 
sfu — pkp_web_application_libraryPKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.2023-11-065.3CVE-2023-47271
MISC
sfu — pkp_web_application_libraryUnrestricted Upload of File with Dangerous Type in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-074.8CVE-2023-5901
 
sigstore — cosignCosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker-controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations. The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations. The issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack. This issue has been patched in version 2.2.1 and users are advised to upgrade.2023-11-075.3CVE-2023-46737
 
softing — smartlink_sw-htCross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.2023-11-066.1CVE-2022-48192
MISC
MISC
squid-cache — squidSQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.2023-11-035.3CVE-2023-46846
MISC
MISC
MISC
MISC
MISC
MISC

 

squidex.io — squidexSquidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global message event listener: SquidexSidebar, SquidexWidget, and SquidexFormField. The registered event listener takes some action based on the type of the received message. For example, when the SquidexFormField receives a message with the type valueChanged, the value property is updated. The SquidexFormField class is for example used in the editor-editorjs.html file, which can be accessed via the public wwwroot folder. It uses the onValueChanged method to register a callback function, which passes the value provided from the message event to the editor.render. Passing an attacker-controlled value to this function introduces a Cross-Site Scripting (XSS) vulnerability.2023-11-076.1CVE-2023-46252
squidex.io — squidexSquidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficient resulting to stored XSS attacks. Squidex allows the CMS contributors to be granted the permission of uploading an SVG asset. When the asset is uploaded, a filtering mechanism is performed to validate that the SVG does not contain malicious code. The validation logic consists of traversing the HTML nodes in the DOM. In order for the validation to succeed, 2 conditions must be met: 1. No HTML tags included in a “blacklist” called “InvalidSvgElements” are present. This list only contains the element “script”. and 2. No attributes of HTML tags begin with “on” (i.e. onerror, onclick) (line 65). If either of the 2 conditions is not satisfied, validation fails and the file/asset is not uploaded. However it is possible to bypass the above filtering mechanism and execute arbitrary JavaScript code by introducing other HTML elements such as an <iframe> element with a “src” attribute containing a “javascript:” value. Authenticated adversaries with the “assets.create” permission, can leverage this vulnerability to upload a malicious SVG as an asset, targeting any registered user that will attempt to open/view the asset through the Squidex CMS.2023-11-075.4CVE-2023-46744
synology — ssl_vpn_clientBuffer copy without checking size of input (‘Classic Buffer Overflow’) vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service attacks via unspecified vectors.2023-11-075.5CVE-2023-5748
teamamaze — amaze_file_utilitiesImproper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.2023-11-035.5CVE-2023-5948
MISC
MISC
timeteccloud — auto_web-based_database_management_systemCross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function.2023-11-085.4CVE-2023-46483
urbackup — urbackup_serverUrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.2023-11-075.3CVE-2023-47102
veeam — oneA vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Note: The criticality of this vulnerability is reduced as it requires interaction by a user with the Veeam ONE Administrator role.2023-11-075.4CVE-2023-38549
veeam — oneA vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service.2023-11-074.3CVE-2023-38548
veeam — oneA vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Note: The criticality of this vulnerability is reduced because the user with the Read-Only role is only able to view the schedule and cannot make changes.2023-11-074.3CVE-2023-41723
visser — store_exporter_for_woocommerceUnauth. Reflected Cross-Site Scripting’) vulnerability in Visser Labs Store Exporter for WooCommerce – Export Products, Export Orders, Export Subscriptions, and More plugin <= 2.7.2 versions.2023-11-066.1CVE-2023-46822
MISC
wisdomgarden — tronclass_ilearnNCSIST ManageEngine Mobile Device Manager(MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.2023-11-036.5CVE-2023-41356
MISC
wondercms — wondercmsCross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.2023-11-076.1CVE-2023-41425
 
wordpress — wordpressThe Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.2023-11-066.5CVE-2023-4930
MISC
wordpress — wordpressThe WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-11-076.5CVE-2023-5709
 
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kathy Darling Simple User Listing plugin <= 1.9.2 versions.2023-11-086.1CVE-2023-32298
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin <= 1.4.11 versions.2023-11-086.1CVE-2023-46621
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in FLOWFACT WP Connector plugin <= 2.1.7 versions.2023-11-086.1CVE-2023-46626
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin <= 2.1 versions.2023-11-086.1CVE-2023-46627
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPSolutions-HQ WPDBSpringClean plugin <= 1.6 versions.2023-11-076.1CVE-2023-47510
wordpress — wordpressThe Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2023-11-066.1CVE-2023-5354
MISC
wordpress — wordpressThe Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘current_group_id’ parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-11-036.1CVE-2023-5946
MISC
MISC
wordpress — wordpressAuth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin <= 2.4.9 versions.2023-11-075.4CVE-2023-28499
wordpress — wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jens Kuerschner Add to Calendar Button plugin <= 1.5.1 versions.2023-11-085.4CVE-2023-46613
wordpress — wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin <= 1.3.9 versions.2023-11-085.4CVE-2023-46640
wordpress — wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin <= 1.0.1 versions.2023-11-065.4CVE-2023-46782
MISC
wordpress — wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin <= 1.2.13 versions.2023-11-065.4CVE-2023-46783
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin <= 1.2.1 versions.2023-11-065.4CVE-2023-47177
MISC
wordpress — wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Apollo13Themes Apollo13 Framework Extensions plugin <= 1.9.0 versions.2023-11-085.4CVE-2023-47190
wordpress — wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vyas Dipen Top 25 Social Icons plugin <= 3.1 versions.2023-11-085.4CVE-2023-47229
wordpress — wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.2023-11-085.4CVE-2023-47231
wordpress — wordpressThe Social Sharing Plugin – Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘social_warfare’ shortcode in versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-4842

 

wordpress — wordpressThe Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘sfp-page-plugin’ shortcode in versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-4888

 

wordpress — wordpressThe Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ziteboard’ shortcode in versions up to, and including, 2.9.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5076
 
wordpress — wordpressThe ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘imagemap’ shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5507
 
wordpress — wordpressThe QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘qrcodetag’ shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5567
 
wordpress — wordpressThe Bitly’s plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wpbitly’ shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5577
 
wordpress — wordpressThe WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wp_mapit’ shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5658
 
wordpress — wordpressThe Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘interact-quiz’ shortcode in all versions up to, and including, 3.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5659
 
wordpress — wordpressThe SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5660
 
wordpress — wordpressThe Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘socialfeed’ shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with author-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5661
 
wordpress — wordpressThe Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5669

 

wordpress — wordpressThe Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘giftup’ shortcode in all versions up to, and including, 2.20.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5703

 

wordpress — wordpressThe SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘slider’ shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-035.4CVE-2023-5707
MISC
MISC
MISC
MISC
wordpress — wordpressThe Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘telnumlink’ shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-075.4CVE-2023-5743

 

wordpress — wordpressThe video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-035.4CVE-2023-5945
MISC
MISC
MISC
wordpress — wordpressThe UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. This is due to a lack of nonce validation and insufficient validation of the instance_id on the ‘updraftmethod-googledrive-auth’ action used to update Google Drive remote storage location. This makes it possible for unauthenticated attackers to modify the Google Drive location that backups are sent to via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can make it possible for attackers to receive backups for a site which may contain sensitive information.2023-11-075.4CVE-2023-5982
 
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.2023-11-064.8CVE-2023-23702
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <= 1.0.7 versions.2023-11-094.8CVE-2023-36688
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce plugin <= 1.2.2 versions.2023-11-084.8CVE-2023-46642
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin <= 1.7.14 versions.2023-11-064.8CVE-2023-46824
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Gibson IdeaPush plugin <= 8.52 versions.2023-11-084.8CVE-2023-47181
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar & Dashboard Access Control plugin <= 1.2.8 versions.2023-11-064.8CVE-2023-47184
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Map Plugins Basic Interactive World Map plugin <= 2.0 versions.2023-11-084.8CVE-2023-47223
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Post Sliders & Post Grids plugin <= 1.0.20 versions.2023-11-084.8CVE-2023-47226
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Social Feed | All social media in one place plugin <= 1.5.4.6 versions.2023-11-084.8CVE-2023-47227
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.2023-11-084.8CVE-2023-47228
wordpress — wordpressThe Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-11-064.8CVE-2023-4810
MISC
MISC
wordpress — wordpressThe Simple Table Manager WordPress plugin through 1.5.6 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-11-064.8CVE-2023-4858
MISC
MISC
wordpress — wordpressThe WP Discord Invite WordPress plugin before 2.5.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-11-064.8CVE-2023-5181
MISC
wordpress — wordpressThe User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-11-064.8CVE-2023-5228
MISC
wordpress — wordpressThe Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc. however the vendor acknowledged and fixed the issue2023-11-064.8CVE-2023-5530
MISC
MISC
wordpress — wordpressThe URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-11-064.8CVE-2023-5605
MISC
wordpress — wordpressThe Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. However, please note that this can also be combined with CVE-2023-5818 for CSRF to XSS.2023-11-074.8CVE-2023-5819

 

wordpress — wordpressThe Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.2023-11-064.3CVE-2023-5352
MISC
wordpress — wordpressThe ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘imgmap_delete_area_ajax’ function in versions up to, and including, 1.2.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete arbitrary posts and pages.2023-11-074.3CVE-2023-5506
 
wordpress — wordpressThe ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the ‘imgmap_save_area_title’ function. This makes it possible for unauthenticated attackers to update the post title and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-074.3CVE-2023-5532
 
wordpress — wordpressThe Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. This is due to missing or incorrect nonce validation on the amazonifyOptionsPage() function. This makes it possible for unauthenticated attackers to update the plugins settings, including the Amazon Tracking ID, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-074.3CVE-2023-5818
 
wordpress — wordpressCross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-074.3CVE-2023-5902
 
wordpress — wordpressThe ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to update the plugin settings via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-074.3CVE-2023-5975

 

wpn-xm — wpn-xmA Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking.2023-11-036.1CVE-2023-4592
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability.2023-11-066.1CVE-2023-46732
MISC
MISC
MISC
xwiki — xwikiXWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch.2023-11-074.3CVE-2023-38509

 

yugabyte — yugabytedbYugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Writing invalidated user input to log files can allow an unprivileged attacker to forge log entries or inject malicious content into the logs.2023-11-086.1CVE-2023-6002
zohocorp — manageengine_desktop_centralA CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.2023-11-036.1CVE-2023-4767
MISC
zohocorp — manageengine_desktop_centralA CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.2023-11-036.1CVE-2023-4768
MISC
zscaler — client_connectorOrigin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.2023-11-066.5CVE-2023-28794
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
nokia — g-040w-q_firmwareChunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor.2023-11-033.3CVE-2023-41354
MISC
opensc — openscAn out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system’s security.2023-11-063.8CVE-2023-4535
MISC
MISC
MISC
MISC
MISC
MISC
samsung — firewallImplicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall.2023-11-073.3CVE-2023-42552
samsung — push_serviceImproper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.2023-11-073.3CVE-2023-42542

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apache — pyarrowDeserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example user-supplied input files). This vulnerability only affects PyArrow, no other Apache Arrow implementations or bindings. It is recommended that users of PyArrow upgrade to 14.0.1. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to PyArrow 14.0.1 or later. PyPI packages are already available, and we hope that conda-forge packages will be available soon. If it is not possible to upgrade, we provide a separate package `pyarrow-hotfix` that disables the vulnerability on older PyArrow versions. See https://pypi.org/project/pyarrow-hotfix/ for instructions.2023-11-09not yet calculatedCVE-2023-47248

 

apache — uima_java_sdk_core
 
Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0. Users are recommended to upgrade to version 3.5.0, which fixes the issue. There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular: * the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class; * the CAS Editor Eclipse plugin which uses the the CasIOUtils class to load data; * the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections; * the CasAnnotationViewerApplet and the CasTreeViewerApplet; * the checkpointing feature of the CPE module. Note that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is not a serialized Java object. When using Vinci or using CasIOUtils in own services/applications, the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution. As a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. https://openjdk.org/jeps/290  and  https://openjdk.org/jeps/415 ) if running UIMA on a Java version that supports it. Note that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue. To mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the “jdk.serialFilter” system property using a semicolon as a separator: To allow deserializing Java-serialized binary CASes, add the classes: * org.apache.uima.cas.impl.CASCompleteSerializer * org.apache.uima.cas.impl.CASMgrSerializer * org.apache.uima.cas.impl.CASSerializer * java.lang.String To allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints): * org.apache.uima.collection.impl.cpm.CheckpointData * org.apache.uima.util.ProcessTrace * org.apache.uima.util.impl.ProcessTrace_impl * org.apache.uima.collection.base_cpm.SynchPoint Make sure to use “!*” as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern. Apache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version.2023-11-08not yet calculatedCVE-2023-39913
 
apereo_foundation — apereo_cas
 
Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass. This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there is no patch, and the vendor does not treat it as a vulnerability.2023-11-09not yet calculatedCVE-2023-4612
 
appsanywhere — appsanywhereThe AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process.2023-11-09not yet calculatedCVE-2023-41138
appsanywhere — appsanywhere
 
Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server.2023-11-09not yet calculatedCVE-2023-41137
avast/avg — avast/avg_antivirusA time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system. This issue affects Avast/Avg Antivirus: 23.8.2023-11-08not yet calculatedCVE-2023-5760
axios — axios
 
An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.2023-11-08not yet calculatedCVE-2023-45857
bigbluebutton — bigbluebuttonWhen duplicating a BigBlueButton activity, the original meeting ID was also duplicated instead of using a new ID for the new activity. This could provide unintended access to the original meeting.2023-11-09not yet calculatedCVE-2023-5543

 

bigbluebutton — bigbluebutton
 
PILOS is an open source front-end for BigBlueButton servers with a built-in load balancer. The password reset component deployed within PILOS uses the hostname supplied within the request host header when building a password reset URL. It may be possible to manipulate the URL sent to PILOS users so that it points to the attacker’s server, thereby disclosing the password reset token if/when the link is followed. This only affects local user accounts and requires the password reset option to be enabled. This issue has been patched in version 2.3.0.2023-11-08not yet calculatedCVE-2023-47107
beijing_baichuo — smart_s85f_firmwareA vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-11not yet calculatedCVE-2023-5959

 

chromedriver — chromedriver
 
Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. This could lead to unauthorized access and potentially malicious actions on the host system. Note: An attacker must have access to the system running the vulnerable chromedriver library to exploit it. The success of exploitation also depends on the permissions and privileges of the process running chromedriver.2023-11-09not yet calculatedCVE-2023-26156

 

combodo — itopCross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.2023-11-09not yet calculatedCVE-2023-47488
combodo — itopAn issue in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components.2023-11-09not yet calculatedCVE-2023-47489
couchbase_inc. — couchbase_server
 
An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.log while adding a pre-7.0 node to a 7.2 cluster.2023-11-08not yet calculatedCVE-2023-45875

 

discourse — discourseDiscourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.2023-11-10not yet calculatedCVE-2023-47120

 

discourse — discourseDiscourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server-side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature.2023-11-10not yet calculatedCVE-2023-47121

 

discourse — discourse
 
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they’ve been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the “bleeding” by ensuring users only use alphanumeric characters in their full name field.2023-11-10not yet calculatedCVE-2023-45806

 

discourse — discourse
 
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds.2023-11-10not yet calculatedCVE-2023-45816

 

discourse — discourse
 
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components.2023-11-10not yet calculatedCVE-2023-46130

 

discourse — discourse
 
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds.2023-11-10not yet calculatedCVE-2023-47119

 

eclipse_foundation — eclipse_ide
 
In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).2023-11-09not yet calculatedCVE-2023-4218

 

ethyca — fidesFides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject’s personal data can then be retrieved from connected systems and data stores before being bundled together as a data subject access request package for the data subject to download. Supported data formats for the package include json and csv, but the most commonly used format is a series of HTML files compressed in a ZIP file. Once downloaded and unzipped, the data subject user can browse the HTML files on their local machine. It was identified that there was no validation of input coming from e.g. the connected systems and data stores which is later reflected in the downloaded data. This can result in an HTML injection that can be abused e.g. for phishing attacks or malicious JavaScript code execution, but only in the context of the data subject’s browser accessing a HTML page using the `file://` protocol. Exploitation is limited to rogue Admin UI users, malicious connected system / data store users, and the data subject user if tricked via social engineering into submitting malicious data themselves. This vulnerability has been patched in version 2.23.3.2023-11-08not yet calculatedCVE-2023-47114

 

free_software_foundation — grub-legacyAn attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation.2023-11-10not yet calculatedCVE-2023-4949
freebsd — freebsdIn versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects’ write space members for write-buffered streams when the write(2) system call returns an error.  Depending on the nature of an application that calls libc’s stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.2023-11-08not yet calculatedCVE-2023-5941
freebsd — freebsdIn versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted.2023-11-08not yet calculatedCVE-2023-5978
gitlab — gitlab
 
An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Code owner approval was not removed from merge requests when the target branch was updated.2023-11-09not yet calculatedCVE-2023-4379
gitsign — gitsignGitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures. There is no known compromise the default public good instance (`rekor.sigstore.dev`) – anyone using this instance is unaffected. This issue was fixed in v0.8.0. No known workarounds are available.2023-11-10not yet calculatedCVE-2023-47122

 

go_standard_library — path/filepath
 
The filepath package does not recognize paths with a \??\ prefix as special. On Windows, a path beginning with \??\ is a Root Local Device path equivalent to a path beginning with \\?\. Paths with a \??\ prefix may be used to access arbitrary locations on the system. For example, the path \??\c:\x is equivalent to the more common path c:\x. Before fix, Clean could convert a rooted path such as \a\..\??\b into the root local device path \??\b. Clean will now convert this to .\??\b. Similarly, Join(\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \??\b. Join will now convert this to \.\??\b. In addition, with fix, IsAbs now correctly reports paths beginning with \??\ as absolute, and VolumeName correctly reports the \??\ prefix as a volume name.2023-11-09not yet calculatedCVE-2023-45283

 

go_standard_library — path/filepath
 
On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as “COM1 “, and reserved names “COM” and “LPT” followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.2023-11-09not yet calculatedCVE-2023-45284

 

gpac — mp4box
 
Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in gf_isom_get_user_data.2023-11-07not yet calculatedCVE-2023-46001
 
harbor — harbor
 
A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information.2023-11-09not yet calculatedCVE-2023-20902
hashicorp — vaultHashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. A large number of these requests may lead to denial-of-service. Fixed in Vault 1.15.2, 1.14.6, and 1.13.10.2023-11-09not yet calculatedCVE-2023-5954
hcl_software — hcl_connections
 
HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after visiting the vulnerable URL which contains the malicious script code. This may allow the attacker to steal cookie-based authentication credentials and comprise a user’s account then launch other attacks.2023-11-09not yet calculatedCVE-2023-37533
headscale — headscaleHeadscale through 0.22.3 writes bearer tokens to info-level logs.2023-11-11not yet calculatedCVE-2023-47390
hoteldruid — hoteldruidCross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product.2023-11-10not yet calculatedCVE-2023-47164

 

huawei — emui
 
Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data.2023-11-08not yet calculatedCVE-2023-46772
 
humansignal — label_studio
 
Label Studio is a multi-type data labeling and annotation tool with standardized output format. There is a vulnerability that can be chained within the ORM Leak vulnerability to impersonate any account on Label Studio. An attacker could exploit these vulnerabilities to escalate their privileges from a low privilege user to a Django Super Administrator user. The vulnerability was found to affect versions before `1.8.2`, where a patch was introduced.2023-11-09not yet calculatedCVE-2023-43791

 

ibm — aix
 
IBM AIX’s 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.2023-11-10not yet calculatedCVE-2023-45167

 

ibm — qradar_siem
 
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.2023-11-11not yet calculatedCVE-2023-43057
 
jaspersoft — clarity_ppm
 
Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.2023-11-09not yet calculatedCVE-2023-37790
johnson_controls — quantum_hd_unityAn unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.2023-11-10not yet calculatedCVE-2023-4804
 
lanaccess — onsafe_monitorhmAn improper input validation vulnerability has been found in Lanaccess ONSAFE MonitorHM affecting version 3.7.0. This vulnerability could lead a remote attacker to exploit the checkbox element and perform remote code execution, compromising the entire infrastructure.2023-11-08not yet calculatedCVE-2023-6012
lenovo — 1_preload_directory
 
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges.2023-11-08not yet calculatedCVE-2023-4706
lenovo — bios
 
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.2023-11-08not yet calculatedCVE-2023-45075
lenovo — bios
 
A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.2023-11-08not yet calculatedCVE-2023-45076
lenovo — bios
 
A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.2023-11-08not yet calculatedCVE-2023-45077
lenovo — bios
 
A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.2023-11-08not yet calculatedCVE-2023-45078
lenovo — bios
 
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.2023-11-08not yet calculatedCVE-2023-45079
lenovo — desktop_bios
 
A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-08not yet calculatedCVE-2023-43567
lenovo — desktop_bios
 
A buffer over-read was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information.2023-11-08not yet calculatedCVE-2023-43568
lenovo — desktop_bios
 
A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. 2023-11-08not yet calculatedCVE-2023-43569
lenovo — desktop_bios
 
A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code.2023-11-08not yet calculatedCVE-2023-43570
lenovo — ideapadA buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code.2023-11-08not yet calculatedCVE-2023-5075
lenovo — lecloud_appLenovo LeCloud App improper input validation allows attackers to access arbitrary components and arbitrary file downloads, which could result in information disclosure.2023-11-08not yet calculatedCVE-2023-5079
lenovo — system_update
 
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.2023-11-08not yet calculatedCVE-2023-4632
lenovo — thinkpadA vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware.2023-11-08not yet calculatedCVE-2023-5078
lenovo — view_driverA potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service.2023-11-08not yet calculatedCVE-2023-4891
f.b.p — members_lineThe leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims.2023-11-09not yet calculatedCVE-2023-47363
f.b.p — members_lineThe leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims2023-11-09not yet calculatedCVE-2023-47364
f.b.p — members_lineThe leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims.2023-11-09not yet calculatedCVE-2023-47365
f.b.p — members_lineThe leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims.2023-11-09not yet calculatedCVE-2023-47366
f.b.p — members_lineThe leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims.2023-11-09not yet calculatedCVE-2023-47367
f.b.p — members_lineThe leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims.2023-11-09not yet calculatedCVE-2023-47368
f.b.p — members_lineThe leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications.2023-11-09not yet calculatedCVE-2023-47369
f.b.p — members_lineThe leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims.2023-11-09not yet calculatedCVE-2023-47370
f.b.p — members_lineThe leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims.2023-11-09not yet calculatedCVE-2023-47372
f.b.p — members_lineThe leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims.2023-11-09not yet calculatedCVE-2023-47373
linux — kernelA use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches.2023-11-09not yet calculatedCVE-2023-6039

 

linux — kernel
 
A race condition was found in the QXL driver in the Linux kernel. The qxl_mode_dumb_create() function dereferences the qobj returned by the qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigger a use-after-free issue, potentially leading to a denial of service or privilege escalation.2023-11-09not yet calculatedCVE-2023-39198
 
loytec_electronics — multiple_products
 
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP.2023-11-04not yet calculatedCVE-2023-46380
MISC
loytec_electronics — multiple_products
 
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.2023-11-04not yet calculatedCVE-2023-46381
MISC
loytec_electronics — multiple_products
 
LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.2023-11-04not yet calculatedCVE-2023-46382
MISC
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-11-10not yet calculatedCVE-2023-36027
mldb.ai — mldb.ai
 
Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html.2023-11-09not yet calculatedCVE-2023-46492
moodle — moodleA remote code execution risk was identified in the Lesson activity. By default, this was only available to teachers and managers.2023-11-09not yet calculatedCVE-2023-5539

 

moodle — moodleA remote code execution risk was identified in the IMSCP activity. By default, this was only available to teachers and managers.2023-11-09not yet calculatedCVE-2023-5540

 

moodle — moodleStudents in “Only see own membership” groups could see other students in the group, which should be hidden.2023-11-09not yet calculatedCVE-2023-5542

 

moodle — moodleH5P metadata automatically populated the author with the user’s username, which could be sensitive information.2023-11-09not yet calculatedCVE-2023-5545

 

moodle — moodleStronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.2023-11-09not yet calculatedCVE-2023-5548

 

moodle — moodleInsufficient web service capability checks made it possible to move categories a user had permission to manage, to a parent category they did not have the capability to manage.2023-11-09not yet calculatedCVE-2023-5549

 

moodle — moodleIn a shared hosting environment that has been misconfigured to allow access to other users’ content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilize a local file include to achieve remote code execution.2023-11-09not yet calculatedCVE-2023-5550

 

moodle — moodleSeparate Groups mode restrictions were not honored in the forum summary report, which would display users from other groups.2023-11-09not yet calculatedCVE-2023-5551

 

natus — multiple_productsNatus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services.2023-11-10not yet calculatedCVE-2023-47800
 
okta — ldap_agent
 
The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution.2023-11-08not yet calculatedCVE-2023-0392
opentelemetry — opentelemetryOpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server’s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`.2023-11-10not yet calculatedCVE-2023-47108

 

opentext — fortify_scancentral_dastIncorrect Privilege Assignment vulnerability in opentext Fortify ScanCentral DAST. The vulnerability could be exploited to gain elevated privileges. This issue affects Fortify ScanCentral DAST versions 21.1, 21.2, 21.2.1, 22.1, 22.1.1, 22.2, 23.1.2023-11-08not yet calculatedCVE-2023-5913
openvpn — openvpn
 
Using the –fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.2023-11-11not yet calculatedCVE-2023-46849

 

openvpn — openvpn
 
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.2023-11-11not yet calculatedCVE-2023-46850

 

ovh — the_bastion
 
The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. SCP and SFTP plugins don’t honor group-based JIT MFA. Establishing a SCP/SFTP connection through The Bastion via a group access where MFA is enforced does not ask for additional factor. This abnormal behavior only applies to per-group-based JIT MFA. Other MFA setup types, such as Immediate MFA, JIT MFA on a per-plugin basis and JIT MFA on a per-account basis are not affected. This issue has been patched in version 3.14.15.2023-11-08not yet calculatedCVE-2023-45140
 
palo_alto_networks — cortex_xsoar
 
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated privileges if the attacker has shell access to the engine.2023-11-08not yet calculatedCVE-2023-3282
pfsense_ce — pfsense_ce
 
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via weak password requirements.2023-11-08not yet calculatedCVE-2023-29974
pfsense_ce — pfsense_ce
 
An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification.2023-11-09not yet calculatedCVE-2023-29975
philips — encoreanywhere
 
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.2023-11-09not yet calculatedCVE-2018-8863
phpgurukul — restaurant_table_booking_systemA vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943.2023-11-10not yet calculatedCVE-2023-6074
 
phpgurukul — restaurant_table_booking_systemA vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944.2023-11-10not yet calculatedCVE-2023-6075
 
phpgurukul — restaurant_table_booking_systemA vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability.2023-11-10not yet calculatedCVE-2023-6076
 
piccolo — piccoloPiccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality, they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non-exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue.2023-11-10not yet calculatedCVE-2023-47128
 
prestashop — blockreassurancePrestaShop blockreassurance adds an information block aimed at offering helpful information to reassure customers that the store is trustworthy. When adding a block in blockreassurance module, a BO user can modify the http request and give the path of any file in the project instead of an image. When deleting the block from the BO, the file will be deleted. It is possible to make the website completely unavailable by removing index.php for example. This issue has been patched in version 5.1.4.2023-11-08not yet calculatedCVE-2023-47109

 

projectworlds — online_job_portalOnline Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46676
 
projectworlds — online_job_portalOnline Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_uname’ parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46677
 
projectworlds — online_job_portalOnline Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_upass’ parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46678
 
projectworlds — online_job_portalOnline Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘txt_uname_email’ parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46679
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘password’ parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46786
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46787
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter in the ‘uploadphoto()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46788
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic1’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46789
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic2’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46790
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘filename’ attribute of the ‘pic4’ multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46792
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘day’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46793
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ’email’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46794
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘gender’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46795
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘month’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46796
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘name’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46797
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘year’ parameter in the ‘register()’ function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46799
 
projectworlds — online_matrimonial_projectOnline Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-07not yet calculatedCVE-2023-46800
 
qnap_systems_inc. — multiple_products
 
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later.2023-11-10not yet calculatedCVE-2023-23367
qnap_systems_inc. — qumagieA SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later2023-11-10not yet calculatedCVE-2023-41284
qnap_systems_inc. — qumagie
 
An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later2023-11-10not yet calculatedCVE-2023-39295
qnap_systems_inc. — qumagie
 
A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later2023-11-10not yet calculatedCVE-2023-41285
sentry — sentry-javascript
 
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.2023-11-10not yet calculatedCVE-2023-46729

 

solarwinds_ — network_configuration_manager
 
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-332262023-11-09not yet calculatedCVE-2023-40054
 
solarwinds_ — network_configuration_manager
 
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges. We found this issue was not resolved in CVE-2023-332272023-11-09not yet calculatedCVE-2023-40055
spiceworks — help_desk_server
 
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the order_by_for_ticket function in app/models/reporting/database_query.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be leveraged to leak local files from the host system, leading to remote code execution (RCE) through deserialization of malicious data.2023-11-09not yet calculatedCVE-2021-43609

 

statmic — statmicStatmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the “Forms” feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0.2023-11-10not yet calculatedCVE-2023-47129

 

symfony — symfony
 
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier doesn’t change between the verification phase and the successful login, while the token itself changes from one type (partially-authenticated) to another (fully-authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated.2023-11-10not yet calculatedCVE-2023-46733

 

symfony — symfony
 
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don’t actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters.2023-11-10not yet calculatedCVE-2023-46734

 

symfony — symfony
 
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn’t return any user-submitted input in its response.2023-11-10not yet calculatedCVE-2023-46735
 
telit_cinterion — multiple_productsA CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted system by sending a specially crafted SMS message.2023-11-09not yet calculatedCVE-2023-47610
telit_cinterion — multiple_productsA CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to “manufacturer” level on the targeted system.2023-11-10not yet calculatedCVE-2023-47611
telit_cinterion — multiple_productsA CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to obtain a read/write access to any files and directories on the targeted system, including hidden files and directories.2023-11-09not yet calculatedCVE-2023-47612
telit_cinterion — multiple_productsA CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to escape from virtual directories and get read/write access to protected files on the targeted system.2023-11-09not yet calculatedCVE-2023-47613
telit_cinterion — multiple_productsA CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system.2023-11-10not yet calculatedCVE-2023-47614
telit_cinterion — multiple_productsA CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to get access to a sensitive data on the targeted system.2023-11-09not yet calculatedCVE-2023-47615
telit_cinterion — multiple_productsA CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow an attacker with physical access to the target system to get access to a sensitive data on the targeted system.2023-11-09not yet calculatedCVE-2023-47616
tibco_software_inc. — spotfire
 
The Spotfire Connectors component of TIBCO Software Inc.’s Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with read/write access to craft malicious Analyst files. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s Spotfire Analyst: versions 12.3.0, 12.4.0, and 12.5.0, Spotfire Server: versions 12.3.0, 12.4.0, and 12.5.0, and Spotfire for AWS Marketplace: version 12.5.0.2023-11-08not yet calculatedCVE-2023-26221
tongda — oaA vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Affected is an unknown function of the file general/system/censor_words/module/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244872. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-09not yet calculatedCVE-2023-6052

 

tongda — oaA vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Affected by this issue is some unknown functionality of the file general/system/censor_words/manage/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244874 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-09not yet calculatedCVE-2023-6053

 

tongda — oaA vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file general/wiki/cp/manage/lock.php. The manipulation of the argument TERM_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244875. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-09not yet calculatedCVE-2023-6054

 

volkswagen — id.3Attacker can perform a Denial-of-Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls.2023-11-10not yet calculatedCVE-2023-6073
wbce_cms — wbce_cms
 
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.2023-11-10not yet calculatedCVE-2023-39796

 

wildfly-core — wildfly-core
 
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system.2023-11-08not yet calculatedCVE-2023-4061

 

wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions.2023-11-10not yet calculatedCVE-2023-31077
xwiki — xwiki
 
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3.2023-11-09not yet calculatedCVE-2023-46743
yugabytedb — yugabytedb_anywherePrometheus metrics are available without authentication. These metrics expose detailed and sensitive information about the YugabyteDB Anywhere environment.2023-11-08not yet calculatedCVE-2023-6001
zitadel — zitadelZITADEL provides identity infrastructure. ZITADEL provides administrators the possibility to define a `Lockout Policy` with a maximum amount of failed password check attempts. On every failed password check, the number of failed checks is compared against the configured maximum. Exceeding the limit, will lock the user and prevent further authentication. In the affected implementation it was possible for an attacker to start multiple parallel password checks, giving him the possibility to try out more combinations than configured in the `Lockout Policy`. This vulnerability has been patched in versions 2.40.5 and 2.38.3.2023-11-08not yet calculatedCVE-2023-47111

 

zyxel — gs1900-24epThe improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.2023-11-07not yet calculatedCVE-2023-35140

Back to top


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.