US-CERT Vulnerability Summary for the Week of November 13, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
checkpoint — endpoint_security | Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2023-11-12 | 7.8 | CVE-2023-28134 |
discourse — discourse | Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server-side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature. | 2023-11-10 | 9.8 | CVE-2023-47121
|
discourse — discourse | Discourse is an open source platform for community discussion. In versions 3.1.0 through 3.1.2 of the `stable` branch and versions 3.1.0,beta6 through 3.2.0.beta2 of the `beta` and `tests-passed` branches, Redis memory can be depleted by crafting a site with an abnormally long favicon URL and drafting multiple posts which Onebox it. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-11-10 | 7.5 | CVE-2023-47120
|
dreamer_cms — dreamer_cms | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. | 2023-11-14 | 8.8 | CVE-2023-48020 |
dreamer_cms — dreamer_cms | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. | 2023-11-14 | 8.8 | CVE-2023-48021 |
dreamer_cms — dreamer_cms | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run | 2023-11-13 | 8.8 | CVE-2023-48058 |
dreamer_cms — dreamer_cms | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add | 2023-11-13 | 8.8 | CVE-2023-48060 |
emsigner — emsigner | Incorrect access control in the Forgot Your Password function of EMSigner v2.8.7 allows unauthenticated attackers to access accounts of all registered users, including those with administrator privileges via a crafted password reset token. | 2023-11-14 | 9.8 | CVE-2023-43902 |
fortinet — fortimail | An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiMail webmail version 7.2.0 through 7.2.4, 7.0.0 through 7.0.6 and before 6.4.8 may allow an unauthenticated attacker to perform a brute force attack on the affected endpoints via repeated login attempts. | 2023-11-14 | 7.3 | CVE-2023-45582 |
fortinet — fortiwlm | A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.2 through 8.4.0 and 8.3.2 through 8.3.0 and 8.2.2 allows attacker to read arbitrary files via crafted http requests. | 2023-11-14 | 7.5 | CVE-2023-42783 |
froxlor — froxlor | Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. | 2023-11-10 | 8.8 | CVE-2023-6069 |
gibbonedu — gibbon | GibbonEdu Gibbon version 25.0.1 and before allows Arbitrary File Write because rubrics_visualise_saveAjax.phps does not require authentication. The endpoint accepts the img, path, and gibbonPersonID parameters. The img parameter is expected to be a base64 encoded image. If the path parameter is set, the defined path is used as the destination folder, concatenated with the absolute path of the installation directory. The content of the img parameter is base64 decoded and written to the defined file path. This allows creation of PHP files that permit Remote Code Execution (unauthenticated). | 2023-11-14 | 9.8 | CVE-2023-45878 |
gibbonedu — gibbon | GibbonEdu Gibbon through version 25.0.0 allows Directory Traversal via the report template builder. An attacker can create a new Asset Component. The templateFileDestination parameter can be set to an arbitrary pathname (and extension). This allows creation of PHP files outside of the uploads directory, directly in the webroot. | 2023-11-14 | 7.2 | CVE-2023-45880 |
golden — golden | An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | 2023-11-14 | 7.5 | CVE-2023-45558 |
hanwhavision — wave_server_software | Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has released patched firmware for the highlighted flaw. Please refer to the hanwhavision security report for more information and solution.” | 2023-11-13 | 8.8 | CVE-2023-5747 |
headscale — headscale | Headscale through 0.22.3 writes bearer tokens to info-level logs. | 2023-11-11 | 7.5 | CVE-2023-47390 |
icssolution — ics_business_manager | A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. This vulnerability could allow a remote user to send a specially crafted SQL query and retrieve all the information stored in the database. The data could also be modified or deleted, causing the application to malfunction. | 2023-11-13 | 8.8 | CVE-2023-6097 |
intel(r) — unison_software | Improper authentication for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | 2023-11-14 | 8.8 | CVE-2023-22663 |
intel(r) — unison_software | Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | 2023-11-14 | 8.8 | CVE-2023-36860 |
intel(r) — unison_software | Improper access control for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | 2023-11-14 | 8.8 | CVE-2023-39221 |
intel(r) — unison_software | Cross-site request forgery in some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access. | 2023-11-14 | 8.8 | CVE-2023-39412 |
intel(r) — unison_software | Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | 7.8 | CVE-2022-45469 |
intel(r) — unison_software | Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | 7.8 | CVE-2023-22292 |
intel(r) — unison_software | Access of memory location after end of buffer for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | 7.8 | CVE-2023-38570 |
intel(r) — unison_software | Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | 2023-11-14 | 7.5 | CVE-2023-22285 |
intel(r) — unison_software | Improper input validation for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | 2023-11-14 | 7.5 | CVE-2023-22337 |
intel(r) — unison_software | Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access. | 2023-11-14 | 7.5 | CVE-2023-39228 |
intel(r) — unison_software | Improper access control for some Intel Unison software may allow a privileged user to potentially enable escalation of privilege via network access. | 2023-11-14 | 7.2 | CVE-2023-22448 |
johnson_controls — quantum_hd_unity_compressor_firmware | An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. | 2023-11-10 | 9.8 | CVE-2023-4804 |
linux — kernel | A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. The function nft_trans_gc_catchall did not remove the catchall set element from the catchall_list when the argument sync is true, making it possible to free a catchall set element many times. We recommend upgrading past commit 93995bf4af2c5a99e2a87f0cd5ce547d31eb7630. | 2023-11-14 | 7.8 | CVE-2023-6111 |
memberscard — memberscard | An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | 2023-11-14 | 7.5 | CVE-2023-45560 |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-10 | 7.3 | CVE-2023-36014 |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-11-10 | 7.1 | CVE-2023-36024 |
netgate — pfsense | An issue in Netgate pfSense v.2.7.0 allows a remote attacker to execute arbitrary code via a crafted request to the interfaces_gif_edit.php and interfaces_gre_edit.php components. | 2023-11-14 | 8.8 | CVE-2023-42326 |
phonepe — phonepe | Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions. This issue affects PhonePe Payment Solutions: from n/a through 1.0.15. | 2023-11-13 | 7.5 | CVE-2022-45835 |
phpgurukul — restaurant_table_booking_system | A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file check-status.php of the component Booking Reservation Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-244943. | 2023-11-10 | 9.8 | CVE-2023-6074 |
phpgurukul — restaurant_table_booking_system | A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. | 2023-11-10 | 7.5 | CVE-2023-6076 |
phpgurukul — teacher_subject_allocation_management_system | SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the ‘searchdata’ parameter. | 2023-11-14 | 7.5 | CVE-2023-46024 |
qnap — qumagie | An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later | 2023-11-10 | 8.8 | CVE-2023-39295 |
qnap — qumagie | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | 2023-11-10 | 8.8 | CVE-2023-41284 |
qnap — qumagie | A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later | 2023-11-10 | 8.8 | CVE-2023-41285 |
remarshal — remarshal | Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition. | 2023-11-13 | 7.5 | CVE-2023-47163
|
salesagility — suitecrm | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 2023-11-14 | 9.8 | CVE-2023-6126 |
salesagility — suitecrm | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 2023-11-14 | 8.8 | CVE-2023-6125 |
salesagility — suitecrm | Path Traversal: ‘\..\filename’ in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 2023-11-14 | 8.8 | CVE-2023-6130 |
salesagility — suitecrm | Code Injection in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 2023-11-14 | 8.8 | CVE-2023-6131 |
shenzhen_youkate_industrial — facial_love_cloud_platform | A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-13 | 9.8 | CVE-2023-6099
|
siemens — comos | A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition. | 2023-11-14 | 9.8 | CVE-2023-43504 |
siemens — comos | A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive information such as user and project information in cleartext via UDP. | 2023-11-14 | 7.5 | CVE-2023-43503 |
statamic_cms — statamic_cms | Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the “Forms” feature and not just _any_ arbitrary form. This does not affect the control panel. This issue has been patched in 3.4.13 and 4.33.0. | 2023-11-10 | 9.8 | CVE-2023-47129
|
sysaid — sysaid_on-premises | In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | 2023-11-10 | 9.8 | CVE-2023-47246
|
telit — bgs5_firmware | A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to “manufacturer” level on the targeted system. | 2023-11-10 | 7.8 | CVE-2023-47611 |
thinkingreed_inc. — oss_calendar | SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request. | 2023-11-14 | 8.8 | CVE-2023-47609 |
tongda — tongda_oa | A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file general/vehicle/checkup/delete.php. The manipulation of the argument VU_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-244994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-12 | 9.8 | CVE-2023-6084
|
wbce — wbce_cms | SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter. | 2023-11-10 | 9.8 | CVE-2023-39796
|
weston-embedded — cesium_net | An out-of-bounds write vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | 2023-11-14 | 9.8 | CVE-2023-24585 |
weston-embedded — cesium_net | A heap-based buffer overflow vulnerability exists in the HTTP Server functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted set of network packets can lead to arbitrary code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2023-11-14 | 9.8 | CVE-2023-25181 |
weston-embedded — cesium_net | A heap-based buffer overflow vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2023-11-14 | 9.8 | CVE-2023-27882 |
weston-embedded — cesium_net | A memory corruption vulnerability exists in the HTTP Server form boundary functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2023-11-14 | 9.8 | CVE-2023-28379 |
weston-embedded — cesium_net | A memory corruption vulnerability exists in the HTTP Server header parsing functionality of Weston Embedded uC-HTTP v3.01.01. Specially crafted network packets can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2023-11-14 | 9.8 | CVE-2023-28391 |
weston-embedded — cesium_net | A memory corruption vulnerability exists in the HTTP Server Host header parsing functionality of Weston Embedded uC-HTTP v3.01.01. A specially crafted network packet can lead to code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2023-11-14 | 9.8 | CVE-2023-31247 |
wordpress — wordpress | Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing. This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6. | 2023-11-13 | 7.5 | CVE-2023-46207 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications – Webpushr plugin <= 4.34.0 versions. | 2023-11-13 | 8.8 | CVE-2023-35041 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google plugin <= 1.3.3 versions. | 2023-11-13 | 8.8 | CVE-2023-26514 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions. | 2023-11-13 | 8.8 | CVE-2023-26516 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions. | 2023-11-13 | 8.8 | CVE-2023-26518 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions. | 2023-11-13 | 8.8 | CVE-2023-26524 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ??? ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? plugin <= 4.2.7 versions. | 2023-11-13 | 8.8 | CVE-2023-26531 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions. | 2023-11-13 | 8.8 | CVE-2023-26543 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Timo Reith Affiliate Super Assistent [sic] plugin <= 1.5.1 versions. | 2023-11-12 | 8.8 | CVE-2023-27417 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Side Menu Lite – add sticky fixed buttons plugin <= 4.0 versions. | 2023-11-12 | 8.8 | CVE-2023-27418 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk Big Store theme <= 1.9.3 versions. | 2023-11-12 | 8.8 | CVE-2023-27431 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions. | 2023-11-13 | 8.8 | CVE-2023-27434 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions. | 2023-11-13 | 8.8 | CVE-2023-27436 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions. | 2023-11-13 | 8.8 | CVE-2023-27438 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. | 2023-11-13 | 8.8 | CVE-2023-27441 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Blog Floating Button plugin <= 1.4.12 versions. | 2023-11-13 | 8.8 | CVE-2023-27445 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in audrasjb Reusable Blocks Extended plugin <= 0.9 versions. | 2023-11-12 | 8.8 | CVE-2023-27611 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Page Numbers plugin <= 0.5 versions. | 2023-11-12 | 8.8 | CVE-2023-27623 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.03.08 versions. | 2023-11-12 | 8.8 | CVE-2023-27632 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Vsourz Digital CF7 Invisible reCAPTCHA plugin <= 1.3.3 versions. | 2023-11-12 | 8.8 | CVE-2023-28167 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions. | 2023-11-12 | 8.8 | CVE-2023-28172 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions. | 2023-11-12 | 8.8 | CVE-2023-28173 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Stranger Studios Force First and Last Name as Display Name plugin <= 1.2 versions. | 2023-11-12 | 8.8 | CVE-2023-28419 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Leo Caseiro Custom Options Plus plugin <= 1.8.1 versions. | 2023-11-12 | 8.8 | CVE-2023-28420 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop WP Shortcode by MyThemeShop plugin <= 1.4.16 versions. | 2023-11-12 | 8.8 | CVE-2023-28495 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. | 2023-11-12 | 8.8 | CVE-2023-28497 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in MotoPress Hotel Booking Lite plugin <= 4.6.0 versions. | 2023-11-12 | 8.8 | CVE-2023-28498 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions. | 2023-11-12 | 8.8 | CVE-2023-28618 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wbcom Designs Wbcom Designs – BuddyPress Activity Social Share plugin <= 3.5.0 versions. | 2023-11-12 | 8.8 | CVE-2023-28694 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend Tplugin <= 3.9.0 versions. | 2023-11-12 | 8.8 | CVE-2023-28696 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Robin Phillips Mobile Banner plugin <= 1.5 versions. | 2023-11-12 | 8.8 | CVE-2023-28930 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. | 2023-11-12 | 8.8 | CVE-2023-28987 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Whydonate Whydonate – FREE Donate button – Crowdfunding – Fundraising plugin <= 3.12.15 versions. | 2023-11-12 | 8.8 | CVE-2023-29238 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in plainware.Com ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions. | 2023-11-12 | 8.8 | CVE-2023-29425 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions. | 2023-11-10 | 8.8 | CVE-2023-29426 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions. | 2023-11-10 | 8.8 | CVE-2023-29428 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions. | 2023-11-10 | 8.8 | CVE-2023-29440 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions. | 2023-11-10 | 8.8 | CVE-2023-30478 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions. | 2023-11-10 | 8.8 | CVE-2023-31077 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions. | 2023-11-10 | 8.8 | CVE-2023-31078 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3 versions. | 2023-11-13 | 8.8 | CVE-2023-32583 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <= 2.0.6 versions. | 2023-11-13 | 8.8 | CVE-2023-32588 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielogórski Stop Referrer Spam plugin <= 1.3.0 versions. | 2023-11-13 | 8.8 | CVE-2023-33207 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions. | 2023-11-13 | 8.8 | CVE-2023-34378 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions. | 2023-11-13 | 8.8 | CVE-2023-34384 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions. | 2023-11-13 | 8.8 | CVE-2023-46618 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. | 2023-11-13 | 8.8 | CVE-2023-46619 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.3.9.1 versions. | 2023-11-13 | 8.8 | CVE-2023-46620 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions. | 2023-11-13 | 8.8 | CVE-2023-46625 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <= 1.4.4. | 2023-11-13 | 8.8 | CVE-2023-46629 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in David Stöckl Custom Header Images plugin <= 1.2.1 versions. | 2023-11-13 | 8.8 | CVE-2023-46636 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions. | 2023-11-13 | 8.8 | CVE-2023-46638 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. | 2023-11-13 | 8.8 | CVE-2023-47230 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions. | 2023-11-13 | 8.8 | CVE-2023-47669 |
wordpress — wordpress | Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin. This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2. | 2023-11-13 | 7.5 | CVE-2023-34013 |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
amd — epyc_7h12_firmware | Failure to validate the value in APCB may allow a privileged attacker to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service. | 2023-11-14 | 4.9 | CVE-2021-26345 |
asyncssh — asyncssh | An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. | 2023-11-14 | 6.8 | CVE-2023-46446 |
asyncssh — asyncssh | An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack. | 2023-11-14 | 5.9 | CVE-2023-46445 |
auto_login_new_user_after_registration — auto_login_new_user_after_registration | Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.This issue affects Auto Login New User After Registration: from n/a through 1.9.6. | 2023-11-13 | 6.1 | CVE-2023-46201 |
byzoro — smart_s85f_firmware | A vulnerability, which was classified as problematic, was found in Beijing Baichuo Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-11 | 4.3 | CVE-2023-5959
|
code-projects — blood_bank | Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via ‘msg’ parameter in application URL. | 2023-11-13 | 6.1 | CVE-2023-46015 |
code-projects — blood_bank | Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the ‘search’ parameter in the application URL. | 2023-11-13 | 6.1 | CVE-2023-46016 |
code-projects — blood_bank | Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the ‘error’ parameter. | 2023-11-13 | 6.1 | CVE-2023-46019 |
code-projects — blood_bank | Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the ‘rename’, ‘remail’, ‘rphone’ and ‘rcity’ parameters. | 2023-11-13 | 6.1 | CVE-2023-46020 |
code-projects — blood_bank | SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via ‘hemail’ and ‘hpassword’ parameters. | 2023-11-13 | 5.5 | CVE-2023-46014 |
code-projects — blood_bank | SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via ‘remail’ and ‘rpassword’ parameters. | 2023-11-13 | 5.5 | CVE-2023-46017 |
code-projects — blood_bank | SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via ‘remail’ parameter. | 2023-11-13 | 5.5 | CVE-2023-46018 |
code-projects — blood_bank | SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the ‘reqid’ parameter. | 2023-11-13 | 5.5 | CVE-2023-46021 |
code-projects — inventory_management | SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. | 2023-11-14 | 5.5 | CVE-2023-46581 |
code-projects — inventory_management | Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component. | 2023-11-14 | 5.4 | CVE-2023-46580 |
code-projects — simple_task_list | SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the ‘status’ parameter. | 2023-11-14 | 6.5 | CVE-2023-46023 |
dedecms — dedecms | DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | 2023-11-13 | 5.4 | CVE-2023-48068 |
digitaldruid — hoteldruid | Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. | 2023-11-10 | 6.1 | CVE-2023-47164
|
discourse — discourse | Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some links can inject arbitrary HTML tags when rendered through our Onebox engine. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-11-10 | 6.1 | CVE-2023-47119
|
discourse — discourse | Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, if a user has been quoted and uses a `|` in their full name, they might be able to trigger a bug that generates a lot of duplicate content in all the posts they’ve been quoted by updating their full name again. Version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches contain a patch for this issue. No known workaround exists, although one can stop the “bleeding” by ensuring users only use alphanumeric characters in their full name field. | 2023-11-10 | 5.4 | CVE-2023-45806
|
discourse — discourse | Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, some theme components allow users to add svgs with unlimited `height` attributes, and this can affect the availability of subsequent replies in a topic. Most Discourse instances are unaffected, only instances with the svgbob or the mermaid theme component are within scope. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable or remove the relevant theme components. | 2023-11-10 | 5.4 | CVE-2023-46130
|
dreamer_cms — dreamer_cms | An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. | 2023-11-13 | 4.3 | CVE-2023-48063 |
emsigner — emsigner | Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the documentID and EncryptedDocumentId parameters. | 2023-11-14 | 6.5 | CVE-2023-43900 |
emsigner — emsigner | Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered user. | 2023-11-14 | 5.9 | CVE-2023-43901 |
getshortcodes — shortcodes_ultimate | Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin – Shortcodes Ultimate.This issue affects WP Shortcodes Plugin – Shortcodes Ultimate: from n/a through 5.12.6. | 2023-11-13 | 6.5 | CVE-2023-23800 |
gibbonedu — gibbon | GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. The imageAsLinks parameter must be set to Y to return HTML code. The filename attribute of the bodyfile1 parameter is reflected in the response. | 2023-11-14 | 6.1 | CVE-2023-45881 |
gibbonedu — gibbon | GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. | 2023-11-14 | 5.4 | CVE-2023-45879 |
ibm — aix | IBM AIX’s 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965. | 2023-11-10 | 5.5 | CVE-2023-45167
|
ibm — cics_tx | IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 260821. | 2023-11-13 | 6.1 | CVE-2023-38364 |
ibm — cics_tx | IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 260818. | 2023-11-13 | 4.3 | CVE-2023-38363 |
ibm — qradar_security_information_and_event_manager | IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484. | 2023-11-11 | 5.4 | CVE-2023-43057 |
icssolution — ics_business_manager | An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. A remote attacker could send a specially crafted string exploiting the obdd_act parameter, allowing the attacker to steal an authenticated user’s session, and perform actions within the application. | 2023-11-13 | 6.1 | CVE-2023-6098 |
intel(r) — unison_software | Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. | 2023-11-14 | 6.5 | CVE-2023-22290 |
intel(r) — unison_software | Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. | 2023-11-14 | 6.5 | CVE-2023-38131 |
intel(r) — unison_software | Incomplete cleanup for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | 5.5 | CVE-2022-43477 |
intel(r) — unison_software | Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | 5.5 | CVE-2022-43666 |
intel(r) — unison_software | Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | 5.5 | CVE-2022-45109 |
intel(r) — unison_software | Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | 5.5 | CVE-2022-46299 |
intel(r) — unison_software | Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | 5.5 | CVE-2022-46646 |
intel(r) — unison_software | Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | 5.5 | CVE-2022-46647 |
intel(r) — unison_software | Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | 2023-11-14 | 4.4 | CVE-2022-46298 |
intel(r) — unison_software | Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | 2023-11-14 | 4.4 | CVE-2022-46301 |
intel(r) — unison_software | Improper input validation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | 2023-11-14 | 4.4 | CVE-2023-39411 |
lionscripts — webmaster_tools | Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.This issue affects Webmaster Tools: from n/a through 2.0. | 2023-11-13 | 6.1 | CVE-2023-46092 |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-11-10 | 6.3 | CVE-2023-36027 |
netgate — pfsense | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. | 2023-11-14 | 5.4 | CVE-2023-42325 |
netgate — pfsense | Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. | 2023-11-14 | 5.4 | CVE-2023-42327 |
optimizely_cms — optimizely_cms | Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel. | 2023-11-14 | 4.8 | CVE-2023-31754 |
phpgurukul — restaurant_table_booking_system | A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file index.php of the component Reservation Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244944. | 2023-11-10 | 6.1 | CVE-2023-6075 |
phpgurukul — teacher_subject_allocation_management_system | SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the ‘editid’ parameter. | 2023-11-14 | 4.9 | CVE-2023-46025 |
phpgurukul — teacher_subject_allocation_management_system | Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the ‘adminname’ and ’email’ parameters. | 2023-11-14 | 4.8 | CVE-2023-46026 |
powr — powr | The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘powr-powr-pack’ shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-13 | 5.4 | CVE-2023-5741
|
salesagility — suitecrm | Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 2023-11-14 | 5.4 | CVE-2023-6127 |
salesagility — suitecrm | Cross-site Scripting (XSS) – Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | 2023-11-14 | 5.4 | CVE-2023-6128 |
salesagility — suitecrm | Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. | 2023-11-14 | 4.3 | CVE-2023-6124 |
sensiolabs — symfony | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 5.4.21 and 6.2.7 and prior to versions 5.4.31 and 6.3.8, `SessionStrategyListener` does not migrate the session after every successful login. It does so only in case the logged in user changes by means of checking the user identifier. In some use cases, the user identifier doesn’t change between the verification phase and the successful login, while the token itself changes from one type (partially authenticated) to another (fully authenticated). When this happens, the session id should be regenerated to prevent possible session fixations, which is not the case at the moment. As of versions 5.4.31 and 6.3.8, Symfony now checks the type of the token in addition to the user identifier before deciding whether the session id should be regenerated. | 2023-11-10 | 6.5 | CVE-2023-46733
|
sensiolabs — symfony | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig filters in CodeExtension use `is_safe=html` but don’t actually ensure their input is safe. As of versions 4.4.51, 5.4.31, and 6.3.8, Symfony now escapes the output of the affected filters. | 2023-11-10 | 6.1 | CVE-2023-46734
|
sensiolabs — symfony | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Starting in version 6.0.0 and prior to version 6.3.8, the error message in `WebhookController` returns unescaped user-submitted input. As of version 6.3.8, `WebhookController` now doesn’t return any user-submitted input in its response. | 2023-11-10 | 6.1 | CVE-2023-46735 |
sentry — sentry_software_development_kit | sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0. | 2023-11-10 | 6.1 | CVE-2023-46729
|
siemens — comos | A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user should not have access to. | 2023-11-14 | 6.5 | CVE-2023-43505 |
sigstore — gitsign | Gitsign is software for keyless Git signing using Sigstore. In versions of gitsign starting with 0.6.0 and prior to 0.8.0, Rekor public keys were fetched via the Rekor API, instead of through the local TUF client. If the upstream Rekor server happened to be compromised, gitsign clients could potentially be tricked into trusting incorrect signatures. There is no known compromise the default public good instance (`rekor.sigstore.dev`) – anyone using this instance is unaffected. This issue was fixed in v0.8.0. No known workarounds are available. | 2023-11-10 | 5.3 | CVE-2023-47122
|
volkswagen — id.3_firmware | Attacker can perform a Denial-of-Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. | 2023-11-10 | 6.3 | CVE-2023-6073 |
wordpress — wordpress | Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6. | 2023-11-13 | 6.5 | CVE-2023-41239 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Haoqisir Baidu Tongji generator allows Stored XSS. This issue affects Baidu Tongji generator: from n/a through 1.0.2. | 2023-11-13 | 6.1 | CVE-2023-31230 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS. This issue affects The7: from n/a through 11.7.3. | 2023-11-13 | 6.1 | CVE-2023-32123 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Extra User Details allows Stored XSS. This issue affects Extra User Details: from n/a through 0.5. | 2023-11-13 | 6.1 | CVE-2023-35877 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in tagDiv tagDiv Composer allows Cross-Site Scripting (XSS). This issue affects tagDiv Composer: from n/a before 4.4. | 2023-11-13 | 6.1 | CVE-2023-39166 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Jeremy O’Connell Cleverwise Daily Quotes allows Stored XSS. This issue affects Cleverwise Daily Quotes: from n/a through 3.2. | 2023-11-13 | 6.1 | CVE-2023-40335 |
wordpress — wordpress | The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘printersettings’ parameter in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-11-13 | 6.1 | CVE-2023-4603
|
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in phoeniixx Custom My Account for Woocommerce allows Cross-Site Scripting (XSS). This issue affects Custom My Account for Woocommerce: from n/a through 2.1. | 2023-11-13 | 6.1 | CVE-2023-46634 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Stark Digital Category Post List Widget allows Stored XSS. This issue affects Category Post List Widget: from n/a through 2.0. | 2023-11-13 | 6.1 | CVE-2023-47516 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations allows Stored XSS. This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | 2023-11-14 | 6.1 | CVE-2023-47550 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links allows Stored XSS.This issue affects Auto Affiliate Links: from n/a through 6.4.2.4. | 2023-11-13 | 6.1 | CVE-2023-47652 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in edward_plainview Plainview Protect Passwords plugin <= 1.4 versions. | 2023-11-14 | 6.1 | CVE-2023-47665 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThemePunch OHG Essential Grid plugin <= 3.1.0 versions. | 2023-11-14 | 6.1 | CVE-2023-47684 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Anton Bond Additional Order Filters for WooCommerce plugin <= 1.10 versions. | 2023-11-13 | 6.1 | CVE-2023-47690 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Scribit Shortcodes Finder plugin <= 1.5.3 versions. | 2023-11-13 | 6.1 | CVE-2023-47695 |
wordpress — wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions. | 2023-11-13 | 6.1 | CVE-2023-47696 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin <= 3.1.39 versions. | 2023-11-13 | 6.1 | CVE-2023-47697 |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in livescore.Bz BZScore – Live Score plugin <= 1.03 versions. | 2023-11-14 | 5.4 | CVE-2023-47654 |
wordpress — wordpress | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions. | 2023-11-14 | 5.4 | CVE-2023-47656 |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <= 1.6.3 versions. | 2023-11-14 | 5.4 | CVE-2023-47680 |
wordpress — wordpress | The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘advanced_iframe’ shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-13 | 5.4 | CVE-2023-4775
|
wordpress — wordpress | Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor. This issue affects Download Monitor: from n/a through 4.8.1. | 2023-11-13 | 4.9 | CVE-2023-31219 |
wordpress — wordpress | Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers. This issue affects HTTP Headers: from n/a through 1.18.11. | 2023-11-13 | 4.9 | CVE-2023-37978 |
wordpress — wordpress | Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin. This issue affects Church Admin: from n/a through 3.7.56. | 2023-11-13 | 4.9 | CVE-2023-38515 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions. | 2023-11-14 | 4.8 | CVE-2023-47533 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DenK BV Actueel Financieel Nieuws – Denk Internet Solutions plugin <= 5.1.0 versions. | 2023-11-14 | 4.8 | CVE-2023-47554 |
wordpress — wordpress | Auth. (Shop Manager+) Stored Cross-Site Scripting (XSS) vulnerability in CedCommerce Recently viewed and most viewed products plugin <= 1.1.1 versions. | 2023-11-14 | 4.8 | CVE-2023-47646 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abu Bakar TWB Woocommerce Reviews plugin <= 1.7.5 versions. | 2023-11-14 | 4.8 | CVE-2023-47653 |
wordpress — wordpress | Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in actpro Extra Product Options for WooCommerce plugin <= 3.0.3 versions. | 2023-11-14 | 4.8 | CVE-2023-47658 |
wpgraphql — wpgraphql | Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL. This issue affects WPGraphQL: from n/a through 1.14.5. | 2023-11-13 | 6.5 | CVE-2023-23684 |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
discourse — discourse | Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, there is an edge case where a bookmark reminder is sent and an unread notification is generated, but the underlying bookmarkable (e.g. post, topic, chat message) security has changed, making it so the user can no longer access the underlying resource. As of version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, bookmark reminders are now no longer sent if the user does not have access to the underlying bookmarkable, and also the unread bookmark notifications are always filtered by access. There are no known workarounds. | 2023-11-10 | 3.3 | CVE-2023-45816
|
fortinet — fortisiem | An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and below, version 6.3.3 and below, version 6.2.1 and below, version 6.1.2 and below, version 5.4.0, version 5.3.3 and below may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage. | 2023-11-14 | 3.3 | CVE-2023-45585 |
telit — bgs5_firmware | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to disclose hidden virtual paths and file names on the targeted system. | 2023-11-10 | 3.3 | CVE-2023-47614 |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
adobe — robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead to information disclosure by a low-privileged authenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22268 |
adobe — robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22272 |
adobe — robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22273 |
adobe — robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference (‘XXE’) vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22274 |
adobe — robohelp_server | Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-22275 |
abbott — id_now | In Abbott ID NOW before 7.1, settings can be modified via physical access to an internal serial port. | 2023-11-14 | not yet calculated | CVE-2023-47262 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44336 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44337 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44338 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44339 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44340 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44348 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44356 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44357 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44358 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44359 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44360 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44365 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44366 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44367 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44371 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44372 |
adobe — after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-47066 |
adobe — after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-47067 |
adobe — after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-47068 |
adobe — after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-47069 |
adobe — after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-47070 |
adobe — after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-47071 |
adobe — after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-47072 |
adobe — after_effects | Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-47073 |
adobe — animate | Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-44325 |
adobe — audition | Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47046 |
adobe — audition | Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47047 |
adobe — audition | Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47048 |
adobe — audition | Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47049 |
adobe — audition | Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47050 |
adobe — audition | Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47051 |
adobe — audition | Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47052 |
adobe — audition | Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47053 |
adobe — audition | Adobe Audition version 24.0 (and earlier) and 23.6.1 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47054 |
adobe — bridge | Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44327 |
adobe — bridge | Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44328 |
adobe — bridge | Adobe Bridge versions 13.0.4 (and earlier) and 14.0.0 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44329 |
adobe — coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-26347 |
adobe — coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44350 |
adobe — coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44351 |
adobe — coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim’s browser. | 2023-11-17 | not yet calculated | CVE-2023-44352 |
adobe — coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44353 |
adobe — coldfusion | Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An unauthenticated attacker could leverage this vulnerability to impact a minor integrity feature. Exploitation of this issue does require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44355 |
adobe — css-tools | @adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Exploitation of this issue does not require user interaction or privileges. | 2023-11-17 | not yet calculated | CVE-2023-26364 |
adobe — dimension | Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-17 | not yet calculated | CVE-2023-44326 |
adobe — framemaker | Adobe FrameMaker versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak default admin’s password. Exploitation of this issue does not require user interaction. | 2023-11-17 | not yet calculated | CVE-2023-44324 |
adobe — incopy | Adobe InCopy versions 18.5 (and earlier) and 17.4.2 (and earlier) are affected by are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-26368 |
adobe — media_encoder | Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47040 |
adobe — media_encoder | Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47041 |
adobe — media_encoder | Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47042 |
adobe — media_encoder | Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47043 |
adobe — media_encoder | Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47044 |
adobe — photoshop | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44330 |
adobe — photoshop | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44331 |
adobe — photoshop | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44332 |
adobe — photoshop | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44333 |
adobe — photoshop | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44334 |
adobe — photoshop | Adobe Photoshop versions 24.7.1 (and earlier) and 25.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44335 |
adobe — premiere_pro | Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47056 |
adobe — premiere_pro | Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47055 |
adobe — premiere_pro | Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47057 |
adobe — premiere_pro | Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47058 |
adobe — premiere_pro | Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47059 |
adobe — premiere_pro | Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-47060 |
aio-libs — aiohttp | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues. | 2023-11-14 | not yet calculated | CVE-2023-47627 |
aio-libs — aiohttp | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47641 |
amd — asp | Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity. | 2023-11-14 | not yet calculated | CVE-2023-20566 |
amd — asp_bootloader | TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service. | 2023-11-14 | not yet calculated | CVE-2023-20521 |
amd — asp_bootloader | Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. | 2023-11-14 | not yet calculated | CVE-2023-20526 |
amd — cpu | Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. | 2023-11-14 | not yet calculated | CVE-2023-20592 |
amd — epyc(tm)_processors | A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest’s migration agent resulting in a potential loss of guest integrity. | 2023-11-14 | not yet calculated | CVE-2023-20519 |
amd — multiple_products | Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality. | 2023-11-14 | not yet calculated | CVE-2021-46766 |
amd — multiple_products | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | 2023-11-14 | not yet calculated | CVE-2021-46774 |
amd — multiple_products | Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution. | 2023-11-14 | not yet calculated | CVE-2022-23820 |
amd — multiple_products | Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution. | 2023-11-14 | not yet calculated | CVE-2022-23821 |
amd — multiple_products | SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. | 2023-11-14 | not yet calculated | CVE-2022-23830 |
amd — radeon(tm) | Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. | 2023-11-14 | not yet calculated | CVE-2021-46748 |
amd — radeon(tm) | Improper input validation in the AMD RadeonTM Graphics display driver may allow an attacker to corrupt the display potentially resulting in denial of service. | 2023-11-14 | not yet calculated | CVE-2023-31320 |
amd — raedomtm_rx_vega_m_graphics_driver | Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | 2023-11-14 | not yet calculated | CVE-2023-20567 |
amd — raedomtm_rx_vega_m_graphics_driver | Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature potentially leading to arbitrary code execution. | 2023-11-14 | not yet calculated | CVE-2023-20568 |
amd — ryzen(tm) | Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. | 2023-11-14 | not yet calculated | CVE-2021-46758 |
amd — system_management_mode | Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-20563 |
amd — system_management_mode | Insufficient protections in System Management Mode (SMM) code may allow an attacker to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-20565 |
amd — system_management_mode | A race condition in System Management Mode (SMM) code may allow an attacker using a compromised user space to leverage CVE-2018-8897 potentially resulting in privilege escalation. | 2023-11-14 | not yet calculated | CVE-2023-20571 |
amd — system_management_mode | Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution. | 2023-11-14 | not yet calculated | CVE-2023-20596 |
amd — system_management_unit | Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service. | 2023-11-14 | not yet calculated | CVE-2023-20533 |
ami — aptiov | AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | 2023-11-14 | not yet calculated | CVE-2023-39535 |
ami — aptiov | AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | 2023-11-14 | not yet calculated | CVE-2023-39536 |
ami — aptiov | AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability. | 2023-11-14 | not yet calculated | CVE-2023-39537 |
apache — airflow | Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome. Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability. | 2023-11-12 | not yet calculated | CVE-2023-42781
|
apache — airflow | We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. Users should upgrade to version 2.7.3 or later which has removed the vulnerability. | 2023-11-12 | not yet calculated | CVE-2023-47037
|
apache — hadoop | Relative library resolution in Linux container-executor binary in Apache Hadoop 3.3.1-3.3.4 on Linux allows local user to gain root privileges. If the YARN cluster is accepting work from remote (authenticated) users, this MAY permit remote users to gain root privileges. Hadoop 3.3.0 updated the ” YARN Secure Containers https://hadoop.apache.org/docs/stable/hadoop-yarn/hadoop-yarn-site/SecureContainer.html ” to add a feature for executing user-submitted applications in isolated Linux containers. The native binary HADOOP_HOME/bin/container-executor is used to launch these containers; it must be owned by root and have the suid bit set in order for the YARN processes to run the containers as the specific users submitting the jobs. The patch ” YARN-10495 https://issues.apache.org/jira/browse/YARN-10495 . make the rpath of container-executor configurable” modified the library loading path for loading .so files from “$ORIGIN/” to “”$ORIGIN/:../lib/native/”. This is the path through which libcrypto.so is located. Thus, it is is possible for a user with reduced privileges to install a malicious libcrypto library into a path to which they have write access, invoke the container-executor command, and have their modified library executed as root. If the YARN cluster is accepting work from remote (authenticated) users, and these users’ submitted job are executed in the physical host, rather than a container, then the CVE permits remote users to gain root privileges. The fix for the vulnerability is to revert the change, which is done in YARN-11441 https://issues.apache.org/jira/browse/YARN-11441 , “Revert YARN-10495”. This patch is in hadoop-3.3.5. To determine whether a version of container-executor is vulnerable, use the readelf command. If the RUNPATH or RPATH value contains the relative path “./lib/native/” then it is at risk $ readelf -d container-executor|grep ‘RUNPATH\|RPATH’ 0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/:../lib/native/] If it does not, then it is safe: $ readelf -d container-executor|grep ‘RUNPATH\|RPATH’ 0x000000000000001d (RUNPATH) Library runpath: [$ORIGIN/] For an at-risk version of container-executor to enable privilege escalation, the owner must be root and the suid bit must be set $ ls -laF /opt/hadoop/bin/container-executor —Sr-s—. 1 root hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor A safe installation lacks the suid bit; ideally is also not owned by root. $ ls -laF /opt/hadoop/bin/container-executor -rwxr-xr-x. 1 yarn hadoop 802968 May 9 20:21 /opt/hadoop/bin/container-executor This configuration does not support Yarn Secure Containers, but all other hadoop services, including YARN job execution outside secure containers continue to work. | 2023-11-16 | not yet calculated | CVE-2023-26031
|
archery — archery | Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | 2023-11-16 | not yet calculated | CVE-2023-48053 |
aruba — airwave_client_service | There is a buffer overflow vulnerability in the underlying AirWave client service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-11-14 | not yet calculated | CVE-2023-45616 |
aruba — airwave_client_service | There are arbitrary file deletion vulnerabilities in the AirWave client service accessed by PAPI (Aruba’s access point management protocol). Successful exploitation of these vulnerabilities results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point. | 2023-11-14 | not yet calculated | CVE-2023-45618 |
aruba — ble_daemon_service | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the BLE daemon service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected access point. | 2023-11-14 | not yet calculated | CVE-2023-45622 |
aruba — cli_service | There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-11-14 | not yet calculated | CVE-2023-45614 |
aruba — cli_service | There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-11-14 | not yet calculated | CVE-2023-45615 |
aruba — cli_service | There are arbitrary file deletion vulnerabilities in the CLI service accessed by PAPI (Aruba’s access point management protocol). Successful exploitation of these vulnerabilities results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point. | 2023-11-14 | not yet calculated | CVE-2023-45617 |
aruba — cli_service | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected access point. | 2023-11-14 | not yet calculated | CVE-2023-45620 |
aruba — cli_service | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the CLI service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected access point. | 2023-11-14 | not yet calculated | CVE-2023-45621 |
aruba — cli_service | Multiple authenticated command injection vulnerabilities exist in the command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | 2023-11-14 | not yet calculated | CVE-2023-45625 |
aruba — cli_service | An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. | 2023-11-14 | not yet calculated | CVE-2023-45627 |
aruba — rssi_service | There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI (Aruba’s access point management protocol). Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to interrupt normal operation and impact the integrity of the access point. | 2023-11-14 | not yet calculated | CVE-2023-45619 |
aruba — soft_ap_daemon | An unauthenticated Denial-of-Service (DoS) vulnerability exists in the soft ap daemon accessed via the PAPI protocol. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. | 2023-11-14 | not yet calculated | CVE-2023-45624 |
aruba — wi-fi_uplink_service | Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Wi-Fi Uplink service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected access point. | 2023-11-14 | not yet calculated | CVE-2023-45623 |
asp.net — core | ASP.NET Core Denial of Service Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36038 |
asustek_computer_inc. — rt-ac87u | An improper access control vulnerability exists in RT-AC87U all versions. An attacker may read or write files that are not intended to be accessed by connecting to a target device via tftp. | 2023-11-15 | not yet calculated | CVE-2023-47678
|
autel_robotics — evo_nano_drone | Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. | 2023-11-16 | not yet calculated | CVE-2023-47335 |
automation_hub — automation_hub | A path traversal vulnerability exists in Ansible when extracting tarballs. An attacker could craft a malicious tarball so that when using the galaxy importer of Ansible Automation Hub, a symlink could be dropped on the disk, resulting in files being overwritten. | 2023-11-14 | not yet calculated | CVE-2023-5189 |
aveva — operations_control_logger | This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are installed, resulting in denial of service. | 2023-11-15 | not yet calculated | CVE-2023-34982 |
aveva — operations_control_logger | This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are installed, resulting in complete compromise of the target machine. | 2023-11-15 | not yet calculated | CVE-2023-33873 |
aweber — aweber | Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9. | 2023-11-17 | not yet calculated | CVE-2023-47757 |
azure — cli_rest | Azure CLI REST Command Information Disclosure Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36052 |
azure — devops_server | Azure DevOps Server Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36437 |
bell — homehub_3000 | An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req – this is an information leak because the serial number is intended to prove an actor’s physical access to the device. | 2023-11-17 | not yet calculated | CVE-2020-11447 |
bell — homehub_3000 | An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page. | 2023-11-17 | not yet calculated | CVE-2020-11448 |
blackberry — qnx_software_development_platform | Improper Input Validation in the Networking Stack of QNX SDP version(s) 6.6, 7.0, and 7.1 could allow an attacker to potentially cause Information Disclosure or a Denial-of-Service condition. | 2023-11-14 | not yet calculated | CVE-2023-32701 |
cesiumjs — cesiumjs | A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim’s browser via sending a crafted payload to /container_files/public_html/doc/index.html. | 2023-11-14 | not yet calculated | CVE-2023-48094 |
checkmk_gmbh — checkmk | Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows privileged attackers to cause partial denial of service of the UI via too long hostnames. | 2023-11-15 | not yet calculated | CVE-2023-23549 |
cksource — ckeditor | A Cross-Site scripting vulnerability has been found in CKSource CKEditor affecting versions 4.15.1 and earlier. An attacker could send malicious javascript code through the /ckeditor/samples/old/ajax.html file and retrieve an authorized user’s information. | 2023-11-16 | not yet calculated | CVE-2023-4771 |
click_studios — passwordstate | An issue was discovered in Click Studios Passwordstate before 9811. Existing users (Security Administrators) could use the System Wide API Key to read or delete private password records when specifically used with the PasswordHistory API endpoint. It is also possible to use the Copy/Move Password Record API Key to Copy/Move private password records. | 2023-11-13 | not yet calculated | CVE-2023-47801 |
code-projects — blood_bank | SQL Injection vulnerability in delete.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via the ‘bid’ parameter. | 2023-11-14 | not yet calculated | CVE-2023-46022 |
color — demoiccmax | In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read. | 2023-11-18 | not yet calculated | CVE-2023-48736 |
concrete_cms — concrete_cms | Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified. | 2023-11-17 | not yet calculated | CVE-2023-48648
|
concrete_cms — concrete_cms | Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name. | 2023-11-17 | not yet calculated | CVE-2023-48649
|
corebos — corebos | Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator’s computer. | 2023-11-17 | not yet calculated | CVE-2023-48029 |
crushftp — crushftp | CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. | 2023-11-18 | not yet calculated | CVE-2023-43177 |
cubecart — cubecart | Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. | 2023-11-17 | not yet calculated | CVE-2023-38130 |
cubecart_limited — cubecart | Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. | 2023-11-17 | not yet calculated | CVE-2023-47283 |
cubecart_limited — cubecart | CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. | 2023-11-17 | not yet calculated | CVE-2023-47675 |
cubecart — cubecart | Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. | 2023-11-17 | not yet calculated | CVE-2023-42428 |
datahub — datahub | DataHub is an open-source metadata platform. DataHub Frontend’s sessions are configured using Play Framework’s default settings for stateless session which do not set an expiration time for a cookie. Due to this, if a session cookie were ever leaked, it would be valid forever. DataHub uses a stateless session cookie that is not invalidated on logout, it is just removed from the browser forcing the user to login again. However, if an attacker extracted a cookie from an authenticated user it would continue to be valid as there is no validation on a time window the session token is valid for due to a combination of the usage of LegacyCookiesModule from Play Framework and using default settings which do not set an expiration time. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47628 |
datahub — datahub | DataHub is an open-source metadata platform. In affected versions sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-up link they can potentially create an admin account given certain preconditions. If the default datahub user has been removed, then the user can sign up for an account that leverages the default policies giving admin privileges to the datahub user. All DataHub instances prior to the patch that have removed the datahub user, but not the default policies applying to that user are affected. Users are advised to update to version 0.12.1 which addresses the issue. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47629 |
datahub — datahub | DataHub is an open-source metadata platform. The HMAC signature for DataHub Frontend sessions was being signed using a SHA-1 HMAC with the frontend secret key. SHA1 with a 10-byte key can be brute forced using sufficient resources (i.e. state level actors with large computational capabilities). DataHub Frontend was utilizing the Play LegacyCookiesModule with default settings which utilizes a SHA1 HMAC for signing. This is compounded by using a shorter key length than recommended by default for the signing key for the randomized secret value. An authenticated attacker (or attacker who has otherwise obtained a session token) could crack the signing key for DataHub and obtain escalated privileges by generating a privileged session cookie. Due to key length being a part of the risk, deployments should update to the latest helm chart and rotate their session signing secret. All deployments using the default helm chart configurations for generating the Play secret key used for signing are affected by this vulnerability. Version 0.11.1 resolves this vulnerability. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47640 |
dedecms — dedecms | Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS v5.7 in 110 backend management interface via /catalog_add.php, allows attackers to create crafted web pages due to a lack of verification of the token value of the submitted form. | 2023-11-16 | not yet calculated | CVE-2023-43275 |
dell — elab-navigator | Dell ELab-Navigator, version 3.1.9 contains a hard-coded credential vulnerability. A local attacker could potentially exploit this vulnerability, leading to unauthorized access to sensitive data. Successful exploitation may result in the compromise of confidential user information. | 2023-11-16 | not yet calculated | CVE-2023-44296 |
dell — multiple_products | Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server version prior to 11.8.1 contain an Insecure Operation on Windows Junction Vulnerability during installation. A local malicious user could potentially exploit this vulnerability to create an arbitrary folder inside a restricted directory, leading to Privilege Escalation | 2023-11-16 | not yet calculated | CVE-2023-39246 |
dell — os_recovery_tool | Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability, leading to the elevation of privilege on the system. | 2023-11-16 | not yet calculated | CVE-2023-39259 |
dell — precision_tower_bios | Dell Precision Tower BIOS contains an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution. | 2023-11-16 | not yet calculated | CVE-2023-32469 |
dell — repository_manager | Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | 2023-11-16 | not yet calculated | CVE-2023-44282 |
dell — repository_manager | Dell Repository Manager, 3.4.3 and prior, contains an Improper Access Control vulnerability in its installation module. A local low-privileged attacker could potentially exploit this vulnerability, leading to gaining escalated privileges. | 2023-11-16 | not yet calculated | CVE-2023-44292 |
dreamer_cms — dreamer_cms | Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. | 2023-11-18 | not yet calculated | CVE-2023-48017 |
eclipse_foundation — openj9 | In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the JVM has finished initializing. | 2023-11-15 | not yet calculated | CVE-2023-5676 |
elastic — logstash | An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/current/running-logstash-command-line.html , which is not the default logging format. * Sensitive data is stored in the Logstash keystore and referenced as a variable in Logstash configuration. | 2023-11-15 | not yet calculated | CVE-2023-46672 |
elecom — multiple_products | OS command injection vulnerability in WRC-X3000GS2-W v1.05 and earlier, WRC-X3000GS2-B v1.05 and earlier, and WRC-X3000GS2A-B v1.05 and earlier allows a network-adjacent authenticated user to execute an arbitrary OS command by sending a specially crafted request. | 2023-11-16 | not yet calculated | CVE-2023-43752 |
ethyca — fides | Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides Privacy Center allows data subject users to submit privacy and consent requests to data controller users of the Fides web application. Privacy requests allow data subjects to submit a request to access all person data held by the data controller or delete/erase it. Consent request allows data subject users to modify their privacy preferences for how the data controller uses their personal data e.g. data sales and sharing consent opt-in/opt-out. If `subject_identity_verification_required` in the `[execution]` section of `fides.toml` or the env var `FIDES__EXECUTION__SUBJECT_IDENTITY_VERIFICATION_REQUIRED` is set to `True` on the fides webserver backend, data subjects are sent a one-time code to their email address or phone number, depending on messaging configuration, and the one-time code must be entered in the Privacy Center UI by the data subject before the privacy or consent request is submitted. It was identified that the one-time code values for these requests were generated by the python `random` module, a cryptographically weak pseduo-random number generator (PNRG). If an attacker generates several hundred consecutive one-time codes, this vulnerability allows the attacker to predict all future one-time code values during the lifetime of the backend python process. There is no security impact on data access requests as the personal data download package is not shared in the Privacy Center itself. However, this vulnerability allows an attacker to (i) submit a verified data erasure request, resulting in deletion of data for the targeted user and (ii) submit a verified consent request, modifying a user’s privacy preferences. The vulnerability has been patched in Fides version `2.24.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability. | 2023-11-15 | not yet calculated | CVE-2023-48224
|
ets_soft — ybc_blog | ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts(). | 2023-11-15 | not yet calculated | CVE-2023-43979 |
eyoucms — eyoucms | EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. | 2023-11-15 | not yet calculated | CVE-2023-41597 |
ffmpeg — ffmpeg | Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c | 2023-11-16 | not yet calculated | CVE-2023-47470
|
fileutil.extract() — fileutil.extract | FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. When creating an instance of TensorflowModel using the saved_model format and an exported tensorflow model, the apply() function invokes the vulnerable implementation of FileUtil.extract(). Arbitrary file creation can directly lead to code execution | 2023-11-15 | not yet calculated | CVE-2023-5245 |
first_co.,_ltd. — multiple_products | Missing authentication for critical function vulnerability in First Corporation’s DVRs allows a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround. | 2023-11-16 | not yet calculated | CVE-2023-47674
|
first_corporation — dvr | First Corporation’s DVRs use a hard-coded password, which may allow a remote unauthenticated attacker to rewrite or obtain the configuration information of the affected device. Note that updates are provided only for Late model of CFR-4EABC, CFR-4EAB, CFR-8EAB, CFR-16EAB, MD-404AB, and MD-808AB. As for the other products, apply the workaround. | 2023-11-16 | not yet calculated | CVE-2023-47213
|
fortinet — fortiadc/fortiddos-f | A permissive cross-domain policy with untrusted domains vulnerability in Fortinet FortiADC 7.1.0 – 7.1.1, FortiDDoS-F 6.3.0 – 6.3.4 and 6.4.0 – 6.4.1 allow an unauthorized attacker to carry out privileged actions and retrieve sensitive information via crafted web requests. | 2023-11-14 | not yet calculated | CVE-2023-25603 |
fortinet — fortiadc/fortiddos-f | Multiple buffer copy without checking size of input (‘classic buffer overflow’) vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1 allows a privileged attacker to execute arbitrary code or commands via specifically crafted CLI requests. | 2023-11-14 | not yet calculated | CVE-2023-29177 |
fortinet — forticlient | A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 – 7.0.9 and 7.2.0 – 7.2.1 allows an attacker to bypass system protections via the use of static credentials. | 2023-11-14 | not yet calculated | CVE-2023-33304 |
fortinet — forticlient_for_windows | A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 – 7.0.7, 6.4.0 – 6.4.9, 6.2.0 – 6.2.9 and 6.0.0 – 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. | 2023-11-14 | not yet calculated | CVE-2022-40681 |
fortinet — forticlientwindows | A untrusted search path vulnerability in Fortinet FortiClientWindows 7.0.9 allows an attacker to perform a DLL Hijack attack via a malicious OpenSSL engine library in the search path. | 2023-11-14 | not yet calculated | CVE-2023-41840 |
fortinet — fortiedrcollectorwindows | An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service to start in the next system reboot by tampering with some registry keys of the service. | 2023-11-14 | not yet calculated | CVE-2023-44248 |
fortinet — fortimail | An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book folders of other users via crafted HTTP or HTTPs requests. | 2023-11-14 | not yet calculated | CVE-2023-36633 |
fortinet — fortios/fortiproxy | An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and FortiProxy 7.2 all versions, 7.0 all versions, 2.0 all versions VMs may allow a local attacker with admin privileges to boot a malicious image on the device and bypass the filesystem integrity check in place. | 2023-11-14 | not yet calculated | CVE-2023-28002 |
fortinet — fortisiem | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 5.4.0 and 5.3.0 through 5.3.3 and 5.2.5 through 5.2.8 and 5.2.1 through 5.2.2 and 5.1.0 through 5.1.3 and 5.0.0 through 5.0.1 and 4.10.0 and 4.9.0 and 4.7.2 allows attacker to execute unauthorized code or commands via crafted API requests. | 2023-11-14 | not yet calculated | CVE-2023-36553 |
fortinet — fortisiem | An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. | 2023-11-14 | not yet calculated | CVE-2023-41676 |
fortinet — fortiwlm | A improper neutralization of special elements used in an sql command (‘sql injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 and 8.4.0 through 8.4.2 and 8.3.0 through 8.3.2 and 8.2.2 allows attacker to execute unauthorized code or commands via a crafted http request. | 2023-11-14 | not yet calculated | CVE-2023-34991 |
fortinet — multiple_products | A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all versions, FortiProxy 1.0 all versions, FortiOS version 7.4.0, FortiOS version 7.2.0 through 7.2.5, FortiOS version 7.0.0 through 7.0.12, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions allow attacker to denial of service via specifically crafted HTTP requests. | 2023-11-14 | not yet calculated | CVE-2023-36641 |
fortinet — multiple_products | A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 – 7.0.8, 7.2.0 – 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use of static credentials. | 2023-11-14 | not yet calculated | CVE-2023-40719 |
fortinet — fortiadc | An improper access control vulnerability [CWE-284] in FortiADC automation feature 7.1.0 through 7.1.2, 7.0 all versions, 6.2 all versions, 6.1 all versions may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script. | 2023-11-14 | not yet calculated | CVE-2023-26205 |
free5gc — free5gc | An issue in Free5gc v.3.3.0 allows a local attacker to cause a denial of service via the free5gc-compose component. | 2023-11-16 | not yet calculated | CVE-2023-47025 |
free5gc — free5gc | Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is mutated to zero. | 2023-11-15 | not yet calculated | CVE-2023-47345 |
free5gc — free5gc | Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages. | 2023-11-13 | not yet calculated | CVE-2023-47346 |
free5gc — free5gc | Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes. | 2023-11-15 | not yet calculated | CVE-2023-47347 |
free_software_foundation — grub-legacy | An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file system implementation. | 2023-11-10 | not yet calculated | CVE-2023-4949 |
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — tellus/tellus_lite | Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed. | 2023-11-15 | not yet calculated | CVE-2023-47580
|
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — tellus/tellus_lite | Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed. | 2023-11-15 | not yet calculated | CVE-2023-47581
|
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — tellus/tellus_lite | Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. If a user opens a specially crafted file (X1, V8, or V9 file), information may be disclosed and/or arbitrary code may be executed. | 2023-11-15 | not yet calculated | CVE-2023-47582
|
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — tellus_simulator | Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. If a user opens a specially crafted file (X1 or V9 file), information may be disclosed and/or arbitrary code may be executed. | 2023-11-15 | not yet calculated | CVE-2023-47583
|
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — v-server | Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed. | 2023-11-15 | not yet calculated | CVE-2023-47584
|
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — v-server | Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed. | 2023-11-15 | not yet calculated | CVE-2023-47585
|
fuji_electric_co.,_ltd._and_hakko_electronics_co.,_ltd. — v-server | Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. If a user opens a specially crafted VPR file, information may be disclosed and/or arbitrary code may be executed. | 2023-11-15 | not yet calculated | CVE-2023-47586
|
getsimplecms — getsimplecms | A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edit.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245735. | 2023-11-17 | not yet calculated | CVE-2023-6188
|
git-urls — git-urls | git-urls version 1.0.1 is vulnerable to ReDOS (Regular Expression Denial of Service) in Go package. | 2023-11-18 | not yet calculated | CVE-2023-46402 |
google — chrome | Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-11-15 | not yet calculated | CVE-2023-5997
|
google — chrome | Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-11-15 | not yet calculated | CVE-2023-6112
|
gpac — gpac | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. | 2023-11-15 | not yet calculated | CVE-2023-48011 |
gpac — gpac | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. | 2023-11-15 | not yet calculated | CVE-2023-48013 |
gpac — gpac | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. | 2023-11-15 | not yet calculated | CVE-2023-48014 |
grocy — grocy | Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the QR code function in the manageapikeys component. | 2023-11-15 | not yet calculated | CVE-2023-48197 |
grocy — grocy | Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the product description component in the api/stock/products endpoint. | 2023-11-15 | not yet calculated | CVE-2023-48198 |
grocy — grocy | An issue in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the QR code funciton in the manageapikeys component. | 2023-11-15 | not yet calculated | CVE-2023-48199
|
grocy — grocy | Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/ component. | 2023-11-15 | not yet calculated | CVE-2023-48200 |
h2oai — h2oai/h2o-3 | H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. | 2023-11-16 | not yet calculated | CVE-2023-6013 |
h2oai — h2oai/h2o-3 | An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it’s POJO model import feature. | 2023-11-16 | not yet calculated | CVE-2023-6016 |
h2oai — h2oai/h2o-3 | H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. | 2023-11-16 | not yet calculated | CVE-2023-6017 |
h2oai — h2oai/h2o-3 | An attacker is able to read any file on the server hosting the H2O dashboard without any authentication. | 2023-11-16 | not yet calculated | CVE-2023-6038 |
honeywell — prowatch | Honeywell ProWatch, 4.5, including all Service Pack versions, contain a Vulnerability in Application Server’s executable folder(s). A(n) attacker could potentially exploit this vulnerability, leading to a standard user to have arbitrary system code execution. Honeywell recommends updating to the most recent version of this product, service or offering (Pro-watch 6.0.2, 6.0, 5.5.2,5.0.5). | 2023-11-17 | not yet calculated | CVE-2023-6179 |
hpe — arubaos | An authenticated vulnerability has been identified allowing an attacker to effectively establish highly privileged persistent arbitrary code execution across boot cycles. | 2023-11-14 | not yet calculated | CVE-2023-45626 |
httpie — httpie | Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | 2023-11-16 | not yet calculated | CVE-2023-48052 |
hyperledger_fabric — hyperledger_fabric | Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called “cross-linking” results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block B and a second peer receives a block identical to B but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer. Orderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a “cross-linked block” (block with cross-linked transactions) which alters the way peers process transactions. For example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block. Additional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-46132 |
ibm — cics_tx | IBM CICS TX Advanced 10.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 260770. | 2023-11-18 | not yet calculated | CVE-2023-38361 |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 could allow an authenticated user to change installation files due to incorrect file permission settings. IBM X-Force ID: 263332. | 2023-11-18 | not yet calculated | CVE-2023-40363 |
intel — arc_rgb_controller | Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-32638 |
intel — battery_life_diagnostic_tool | Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-32662 |
intel — battery_life_diagnostic_tool | Uncontrolled search path in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-34430 |
intel — dcm | Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 2023-11-14 | not yet calculated | CVE-2023-31273 |
intel — rapid_storage_technology | Insecure inherited permissions in some Intel Rapid Storage Technology software before version 16.8.5.1014.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-39230 |
intel — server_configuration_utility | Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-34997 |
intel — smart_campus | Improper access control in the Intel Smart Campus android application before version 9.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-38411 |
intel(r) — aptio*_v_uefi_firmware_integrator_tools | Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-36374 |
intel(r) — aptio*_v_uefi_firmware_integrator_tools | Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-36396 |
intel(r) — aptio*_v_uefi_firmware_integrator_tools | Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-25949 |
intel(r) — aptio*_v_uefi_firmware_integrator_tools | Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-26589 |
intel(r) — aptio*_v_uefi_firmware_integrator_tools | Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated to potentially enable escalation of privileges via local access. | 2023-11-14 | not yet calculated | CVE-2023-28397 |
intel(r) — aptio*_v_uefi_firmware_integrator_tools | Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | not yet calculated | CVE-2023-28723 |
intel(r) — aptio*_v_uefi_firmware_integrator_tools | Improper initialization in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-28737 |
intel(r) — arc(tm)/iris(r) | NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics – WHQL – Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2022-42879 |
intel(r) — arc(tm)/iris(r) | NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics – WHQL – Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-25071 |
intel(r) — arc(tm)/iris(r) | Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics – WHQL – Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-25952 |
intel(r) — arc(tm)/iris(r) | Incorrect default permissions in some Intel(R) Arc(TM) & Iris(R) Xe Graphics – WHQL – Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-27305 |
intel(r) — arc(tm)/iris(r) | Out-of-bounds write in some Intel(R) Arc(TM) & Iris(R) Xe Graphics – WHQL – Windows drivers before version 31.0.101.4255 may allow authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-28401 |
intel(r) — arc(tm)/iris(r) | Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics – WHQL – Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | not yet calculated | CVE-2023-28404 |
intel(r) — arc(tm)/iris(r) | Unquoted search path or element in some Intel(R) Arc(TM) & Iris(R) Xe Graphics – WHQL – Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-29165 |
intel(r) — battery_life_diagnostic_tool_software | Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-38786 |
intel(r) — connectivity_performance_suite | Improper access control in user mode driver for some Intel(R) Connectivity Performance Suite before version 2.1123.214.2 may allow unauthenticated user to potentially enable information disclosure via network access. | 2023-11-14 | not yet calculated | CVE-2023-32279 |
intel(r) — e810 | Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2023-11-14 | not yet calculated | CVE-2023-28376 |
intel(r) — fpga | Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access. | 2023-11-14 | not yet calculated | CVE-2023-22327 |
intel(r) — in-band_manageability_software | Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-41689 |
intel(r) — multiple_products | Path transversal in some Intel(R) NUC Kits & Mini PCs – NUC8i7HVK & NUC8HNK USB Type C power delivery controller installation software before version 1.0.10.3 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-32655 |
intel(r) — multiple_products | Unquoted search path in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-32658 |
intel(r) — nuc_bios | Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 2023-11-14 | not yet calculated | CVE-2023-40220 |
intel(r) — nuc_bios | Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. | 2023-11-14 | not yet calculated | CVE-2023-40540 |
intel(r) — nuc_kit | Improper authentication in some Intel(R) NUC Kit NUC11PH USB firmware installation software before version 1.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-28377 |
intel(r) — nuc_kit_nuc617kyk_thunderbolt(tm)_3 | Uncontrolled search path in some Intel(R) NUC Kit NUC6i7KYK Thunderbolt(TM) 3 Firmware Update Tool installation software before version 46 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-32660 |
intel(r) — nuc_kits | Path transversal in some Intel(R) NUC Kits NUC7i3DN, NUC7i5DN, NUC7i7DN HDMI firmware update tool software before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-27229 |
intel(r) — nuc_p14e_laptop_element_audio_install_package | Path transversal in some Intel(R) NUC P14E Laptop Element Audio Install Package software before version 156 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-33878 |
intel(r) — nuc_pro_software_suite_installation_software | Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-41700 |
intel(r) — nuc_uniwill_service_driver | Path transversal in some Intel(R) NUC Uniwill Service Driver for Intel(R) NUC M15 Laptop Kits – LAPRC510 & LAPRC710 Uniwill Service Driver installation software before version 1.0.1.7 for Intel(R) NUC Software Studio may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-32278 |
intel(r) — nuc_watchdog_timer | Insecure inherited permissions in some Intel(R) NUC Watchdog Timer installation software before version 2.0.21.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-33898 |
intel(r) — ofu | Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-32204 |
intel(r) — on_demand | Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | not yet calculated | CVE-2023-32283 |
intel(r) — oneapi_hpc_toolkit/mpi_library_software | Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of privilege via adjacent access. | 2023-11-14 | not yet calculated | CVE-2023-27383 |
intel(r) — oneapi_toolkits | Path traversal in some Intel(R) oneAPI Toolkits and Component software before version 2023.1 may allow authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-24592 |
intel(r) — optane(tm) | Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-24587 |
intel(r) — optane(tm) | Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access. | 2023-11-14 | not yet calculated | CVE-2023-24588 |
intel(r) — optane(tm) | Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-27306 |
intel(r) — optane(tm) | Improper input validation in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-27519 |
intel(r) — optane(tm) | Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access. | 2023-11-14 | not yet calculated | CVE-2023-27879 |
intel(r) — processors | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access. | 2023-11-14 | not yet calculated | CVE-2023-22329 |
intel(r) — processors | Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-23583
|
intel(r) — processors | Out-of-bounds read in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 2023-11-14 | not yet calculated | CVE-2023-25756 |
intel(r) — qat | Improper input validation in firmware for Intel(R) QAT before version QAT20.L.1.0.40-00004 may allow escalation of privilege and denial of service via adjacent access. | 2023-11-14 | not yet calculated | CVE-2023-32641 |
intel(r) — qat | Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. | 2023-11-14 | not yet calculated | CVE-2023-22313 |
intel(r) — qat | Improper authorization in some Intel(R) QAT drivers for Windows – HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-28378 |
intel(r) — qat | Uncontrolled search path element in some Intel(R) QAT drivers for Windows – HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-28740 |
intel(r) — qat | Buffer overflow in some Intel(R) QAT drivers for Windows – HW Version 1.0 before version 1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-28741 |
intel(r) — realsense(tm)_dynamic_calibration_software | Uncontrolled search path element in some Intel(R) RealSense(TM) Dynamic Calibration software before version 2.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-29504 |
intel(r) — server_board/server_system_bios_firmware | Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-33945 |
intel(r) — server_board_bios | Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access | 2023-11-14 | not yet calculated | CVE-2023-34431 |
intel(r) — server_board_bios_firmware | Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-29262 |
intel(r) — server_configuration_utility_software | Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-25075 |
intel(r) — server_information_retrieval_utility_software | Uncontrolled search path element in some Intel(R) Server Information Retrieval Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-27513 |
intel(r) — server_system_m70klp_family_bios_firmware | Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-24379 |
intel(r) — simics_simulator | Insecure inherited permissions in some Intel(R) Simics Simulator software before version 1.7.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-34314 |
intel(r) — unison_software | Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2022-41659 |
intel(r) — xtu | Uncontrolled search path element in some Intel(R) XTU software before version 7.12.0.15 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-34350 |
intel(r) — server_board | Improper buffer restrictions in some Intel(R) Server Board M10JNP2SB BIOS firmware before version 7.219 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2022-29510 |
intel(r) — aptio*_v_uefi_firmware_integrator_tools | Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-22305 |
intel(r) — aptio*_v_uefi_firmware_integrator_tools | Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-22310 |
intel(r) — chipset_device_software | Uncontrolled search path element in some Intel(R) Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-28388 |
intel(r) — multiple_products | Improper authentication in some Intel(R) NUC Kits NUC7PJYH and NUC7CJYH Realtek* SD Card Reader Driver installation software before version 10.0.19041.29098 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-32661 |
intel(r) — multiple_products | Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs – NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-33874 |
intel(r) — ofu_software | Improper access control in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-29157 |
intel(r) — ofu_software | Uncontrolled search path in some Intel(R) OFU software before version 14.1.31 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-11-14 | not yet calculated | CVE-2023-29161 |
intel(r) — openvino_toolkit_software | Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | not yet calculated | CVE-2023-25080 |
intel(r) — openvino_toolkit_software | Improper input validation in some OpenVINO Model Server software before version 2022.3 for Intel Distribution of OpenVINO toolkit may allow an unauthenticated user to potentially enable denial of service via network access. | 2023-11-14 | not yet calculated | CVE-2023-31203 |
intel_support — android_application | Improper access control in the Intel Support android application all versions may allow an authenticated user to potentially enable information disclosure via local access. | 2023-11-14 | not yet calculated | CVE-2023-33872 |
intelbras — rx_1500 | A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-13 | not yet calculated | CVE-2023-6103
|
inventory_management — inventory_management | SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary SQL commands via the id parameter in the deleteProduct.php component. | 2023-11-14 | not yet calculated | CVE-2023-46582 |
ivanti — epmm | A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including device and environment configuration details, as well as secrets. This vulnerability poses a serious security risk, potentially exposing confidential data and system integrity. | 2023-11-15 | not yet calculated | CVE-2023-39337 |
ivanti — secure_access_client | When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system. | 2023-11-15 | not yet calculated | CVE-2023-38043 |
ivanti — secure_access_client | When a specific component is loaded a local attacker and is able to send a specially crafted request to this component, the attacker could gain elevated privileges on the affected system. | 2023-11-15 | not yet calculated | CVE-2023-38543 |
ivanti — secure_access_file | When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. | 2023-11-15 | not yet calculated | CVE-2023-41718 |
ivanti — secure_access_setting | A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. This vulnerability could be exploited to compromise the integrity and security of the network on the affected system. | 2023-11-15 | not yet calculated | CVE-2023-38544 |
ivanti — secure_access_windows | A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure. | 2023-11-15 | not yet calculated | CVE-2023-35080 |
ivanti — epmm | A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources. | 2023-11-15 | not yet calculated | CVE-2023-39335 |
json-web-token — json-web-token | joaquimserafim/json-web-token is a javascript library use to interact with JSON Web Tokens (JWT) which are a compact URL-safe means of representing claims to be transferred between two parties. Affected versions of the json-web-token library are vulnerable to a JWT algorithm confusion attack. On line 86 of the ‘index.js’ file, the algorithm to use for verifying the signature of the JWT token is taken from the JWT token, which at that point is still unverified and thus shouldn’t be trusted. To exploit this vulnerability, an attacker needs to craft a malicious JWT token containing the HS256 algorithm, signed with the public RSA key of the victim application. This attack will only work against this library is the RS256 algorithm is in use, however it is a best practice to use that algorithm. | 2023-11-17 | not yet calculated | CVE-2023-48238 |
kainex — wise_chat | Cross-Site Request Forgery (CSRF) vulnerability in Kainex Wise Chat. This issue affects Wise Chat: from n/a through 3.1.3. | 2023-11-18 | not yet calculated | CVE-2023-32504 |
kloudq_technologies — multiple_products | An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component. | 2023-11-15 | not yet calculated | CVE-2023-41442 |
kodbox — kodbox | kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. | 2023-11-18 | not yet calculated | CVE-2023-48028 |
kubernetes — kubelet | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | 2023-11-14 | not yet calculated | CVE-2023-5528 |
kubernetes — kyverno | Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users’ admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild. | 2023-11-13 | not yet calculated | CVE-2023-42813
|
kubernetes — kyverno | Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerable component in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch attestations. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users’ admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild. | 2023-11-13 | not yet calculated | CVE-2023-42814
|
kubernetes — kyverno | Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users’ admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild. | 2023-11-13 | not yet calculated | CVE-2023-42815
|
kubernetes — kyverno | Kyverno is a policy engine designed for Kubernetes. A security vulnerability was found in Kyverno where an attacker could cause denial of service of Kyverno. The vulnerability was in Kyvernos Notary verifier. An attacker would need control over the registry from which Kyverno would fetch signatures. With such a position, the attacker could return a malicious response to Kyverno, when Kyverno would send a request to the registry. The malicious response would cause denial of service of Kyverno, such that other users’ admission requests would be blocked from being processed. This is a vulnerability in a new component released in v1.11.0. The only users affected by this are those that have been building Kyverno from source at the main branch which is not encouraged. Users consuming official Kyverno releases are not affected. There are no known cases of this vulnerability being exploited in the wild. | 2023-11-13 | not yet calculated | CVE-2023-42816
|
kyverno — kyverno | Kyverno is a policy engine designed for Kubernetes. An issue was found in Kyverno that allowed an attacker to control the digest of images used by Kyverno users. The issue would require the attacker to compromise the registry that the Kyverno users fetch their images from. The attacker could then return a vulnerable image to the user and leverage that to further escalate their position. As such, the attacker would need to know which images the Kyverno user consumes and know of one of multiple exploitable vulnerabilities in previous digests of the images. Alternatively, if the attacker has compromised the registry, they could craft a malicious image with a different digest with intentionally placed vulnerabilities and deliver the image to the user. Users pulling their images by digests and from trusted registries are not impacted by this vulnerability. There is no evidence of this being exploited in the wild. The issue has been patched in 1.10.5. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47630 |
label_studio — label_studio | Label Studio is an open source data labeling tool. In all current versions of Label Studio prior to 1.9.2post0, the application allows users to insecurely set filters for filtering tasks. An attacker can construct a filter chain to filter tasks based on sensitive fields for all user accounts on the platform by exploiting Django’s Object Relational Mapper (ORM). Since the results of query can be manipulated by the ORM filter, an attacker can leak these sensitive fields character by character. In addition, Label Studio had a hard coded secret key that an attacker can use to forge a session token of any user by exploiting this ORM Leak vulnerability to leak account password hashes. This vulnerability has been addressed in commit `f931d9d129` which is included in the 1.9.2post0 release. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-13 | not yet calculated | CVE-2023-47117 |
libde265 — libde265 | Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component. | 2023-11-16 | not yet calculated | CVE-2023-47471 |
liblisp — liblisp | Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c | 2023-11-17 | not yet calculated | CVE-2023-48024 |
liblisp — liblisp | Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c | 2023-11-17 | not yet calculated | CVE-2023-48025 |
librenms — librenms | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-17 | not yet calculated | CVE-2023-46745 |
librenms — librenms | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user, and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability, a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-17 | not yet calculated | CVE-2023-48294
|
librenms — librenms | LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-17 | not yet calculated | CVE-2023-48295
|
limesurvey — limesurvey | Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. | 2023-11-18 | not yet calculated | CVE-2023-44796
|
linux — kernel | An out-of-bounds read vulnerability was found in the NVMe-oF/TCP subsystem in the Linux kernel. This flaw allows a remote attacker to send a crafted TCP packet, triggering a heap-based buffer overflow that results in kmalloc data to be printed (and potentially leaked) to the kernel ring buffer (dmesg). | 2023-11-16 | not yet calculated | CVE-2023-6121 |
linux — kernel | A null pointer dereference flaw was found in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configuration, which could allow a local user to crash the system or escalate their privileges on the system. | 2023-11-16 | not yet calculated | CVE-2023-6176
|
lmxcms — lmxcms | SQL injection vulnerability in LMXCMS v.1.4 allows attacker to execute arbitrary code via the TagsAction.class. | 2023-11-16 | not yet calculated | CVE-2021-35437 |
localstack — localstack | Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | 2023-11-16 | not yet calculated | CVE-2023-48054 |
ly_corporation — line | nagayama_copabowl Line 13.6.1 is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. | 2023-11-16 | not yet calculated | CVE-2023-48134 |
maiwei — safety_production_control_platform | A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Affected is an unknown function of the file /Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-245064. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-13 | not yet calculated | CVE-2023-6102 |
maiwei — safety_production_control_platform | A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-245062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-13 | not yet calculated | CVE-2023-6100 |
maiwei — safety_production_control_platform | A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. This issue affects some unknown processing of the file /TC/V2.7/ha.html of the component Intelligent Monitoring. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245063. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-11-13 | not yet calculated | CVE-2023-6101 |
manageengine — service_desk_plus | An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. A low-privileged OS user with access to the host where an affected ManageEngine product is installed can view and use the exposed key to decrypt product database passwords. This allows the user to access the ManageEngine product database. | 2023-11-15 | not yet calculated | CVE-2023-6105 |
microsoft — dhcp_server | DHCP Server Service Denial of Service Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36392 |
microsoft — dynamics | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36016 |
microsoft — dynamics | Microsoft Dynamics 365 Sales Spoofing Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36030 |
microsoft — dynamics | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36031 |
microsoft — dynamics | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36410 |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-16 | not yet calculated | CVE-2023-36008 |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2023-11-16 | not yet calculated | CVE-2023-36026 |
microsoft — excel | Microsoft Excel Security Feature Bypass Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36037 |
microsoft — excel | Microsoft Excel Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36041 |
microsoft — exchange_server | Microsoft Exchange Server Spoofing Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36035 |
microsoft — exchange_server | Microsoft Exchange Server Spoofing Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36039 |
microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36439 |
microsoft — host_integration_server | Microsoft Host Integration Server 2020 Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-38151 |
microsoft — local_security_authority_subsystem_service | Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36428 |
microsoft — multiple_products | .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36049 |
microsoft — office | Microsoft Office Graphics Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36045 |
microsoft — on-prem_data_gateway | Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36021 |
microsoft — remote_registry_service | Microsoft Remote Registry Service Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36401 |
microsoft — remote_registry_service | Microsoft Remote Registry Service Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36423 |
microsoft — send_customer_voice | Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36007 |
microsoft — sharepoint_server | Microsoft SharePoint Server Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-38177 |
microsoft — speech_application_programming_interface | Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36719 |
microsoft — visual_studio | Visual Studio Denial of Service Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36042 |
microsoft — wdac_ole_db | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36402 |
microsoft — windows | ASP.NET Core – Security Feature Bypass Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36558 |
microsoft — windows | ASP.NET Security Feature Bypass Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36560 |
microsoft — windows_defender | Microsoft Windows Defender Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36422 |
microsoft — exchange | Microsoft Exchange Server Spoofing Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36050 |
microsoft — office | Microsoft Office Security Feature Bypass Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36413 |
microsoft — protected_extensible_authentication_protocol | Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36028 |
mikrotik — routeros | MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. | 2023-11-14 | not yet calculated | CVE-2023-41570 |
misp — misp | An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. | 2023-11-17 | not yet calculated | CVE-2023-48655 |
misp — misp | An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. | 2023-11-17 | not yet calculated | CVE-2023-48656 |
misp — misp | An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. | 2023-11-17 | not yet calculated | CVE-2023-48657 |
misp — misp | An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. | 2023-11-17 | not yet calculated | CVE-2023-48658 |
misp — misp | An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. | 2023-11-17 | not yet calculated | CVE-2023-48659 |
mlflow — mlflow | An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment. | 2023-11-16 | not yet calculated | CVE-2023-6014 |
mlflow — mlflow | MLflow allowed arbitrary files to be PUT onto the server. | 2023-11-16 | not yet calculated | CVE-2023-6015 |
mlflow — mlflow | An attacker can overwrite any file on the server hosting MLflow without any authentication. | 2023-11-16 | not yet calculated | CVE-2023-6018 |
mp4box_gpac — mp4box_gpac | MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | 2023-11-14 | not yet calculated | CVE-2023-47384 |
multiple_vendors — multiple_products | Inadequate encryption strength vulnerability in multiple routers provided by ELECOM CO., LTD. and LOGITEC CORPORATION allows a network-adjacent unauthenticated attacker to guess the encryption key used for wireless LAN communication and intercept the communication. As for the affected products/versions, see the information provided by the vendor under [References] section. | 2023-11-16 | not yet calculated | CVE-2023-43757
|
natus — multiple_products | Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter. | 2023-11-17 | not yet calculated | CVE-2023-47797 |
natus — multiple_products | Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exfiltration, or other nefarious actions such as tampering with data or destroying/disrupting MSSQL services. | 2023-11-10 | not yet calculated | CVE-2023-47800 |
nec — multiple_products | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | not yet calculated | CVE-2023-39544 |
nec — multiple_products | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | not yet calculated | CVE-2023-39545 |
nec — multiple_products | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | not yet calculated | CVE-2023-39546 |
nec — multiple_products | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | not yet calculated | CVE-2023-39547 |
nec — multiple_products | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.0 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.0 and earlier allows an attacker to log in to the product may execute an arbitrary command. | 2023-11-17 | not yet calculated | CVE-2023-39548 |
northern.tech — cfeengine_enterprise | Northern.tech CFEngine Enterprise before 3.21.3 allows SQL Injection. The fixed versions are 3.18.6 and 3.21.3. The earliest affected version is 3.6.0. The issue is in the Mission Portal login page in the CFEngine hub. | 2023-11-14 | not yet calculated | CVE-2023-45684 |
open_management_infrastructure — open_management_infrastructure | Open Management Infrastructure Information Disclosure Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36043 |
opencart — opencart | An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php, resulting in remote code execution on the underlying server. | 2023-11-15 | not yet calculated | CVE-2023-47444 |
opencrx — opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. | 2023-11-18 | not yet calculated | CVE-2023-40809 |
opencrx — opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. | 2023-11-18 | not yet calculated | CVE-2023-40810 |
opencrx — opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. | 2023-11-18 | not yet calculated | CVE-2023-40812 |
opencrx — opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. | 2023-11-18 | not yet calculated | CVE-2023-40813 |
opencrx — opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. | 2023-11-18 | not yet calculated | CVE-2023-40814 |
opencrx — opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. | 2023-11-18 | not yet calculated | CVE-2023-40815 |
opencrx — opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. | 2023-11-18 | not yet calculated | CVE-2023-40816 |
opencrx — opencrx | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. | 2023-11-18 | not yet calculated | CVE-2023-40817 |
opennds — opennds | An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing client redirect query string parameter. Triggering this issue results in crashing openNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated and can be triggered only when the BinAuth option is set. | 2023-11-17 | not yet calculated | CVE-2023-38313 |
opennds — opennds | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with a missing redirect query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). | 2023-11-17 | not yet calculated | CVE-2023-38314 |
opennds — opennds | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing client token query string parameter. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). | 2023-11-17 | not yet calculated | CVE-2023-38315 |
opennds — opennds | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL portion of HTTP GET requests. | 2023-11-17 | not yet calculated | CVE-2023-38316 |
opennds — opennds | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing User-Agent header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). | 2023-11-17 | not yet calculated | CVE-2023-38320 |
opennds — opennds | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing User-Agent HTTP header. Triggering this issue results in crashing OpenNDS (a Denial-of-Service condition). The issue occurs when the client is about to be authenticated and can be triggered only when the BinAuth option is set. | 2023-11-17 | not yet calculated | CVE-2023-38322 |
opennds — opennds | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It allows users to skip the splash page sequence when it is using the default FAS key and when OpenNDS is configured as FAS (default). | 2023-11-17 | not yet calculated | CVE-2023-38324 |
opennds — opennds | An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads to a stack-based buffer overflow in versions 9.x and earlier, and to a heap-based buffer overflow in versions 10.x and later. Attackers may exploit the issue to crash OpenNDS (Denial-of-Service condition) or to inject and execute arbitrary bytecode (Remote Code Execution). | 2023-11-17 | not yet calculated | CVE-2023-41101 |
opennds — opennds | An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a Denial-of-Service condition due to the consumption of all available memory. | 2023-11-17 | not yet calculated | CVE-2023-41102 |
opennms — multiple_products | Cross-site scripting in bootstrap.jsp in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. The solution is to upgrade to Horizon 32.0.5 or newer and Meridian 2023.1.9 or newer Meridian and Horizon installation instructions state that they are intended for installation within an organization’s private networks and should not be directly accessible from the Internet. OpenNMS thanks Moshe Apelbaum for reporting this issue. | 2023-11-16 | not yet calculated | CVE-2023-40314 |
opensupports — opensupports | OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file’s magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim’s station via a crafted file upload operation. | 2023-11-17 | not yet calculated | CVE-2023-48031 |
opentelemetry-go — opentelemetry-go | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server’s potential memory exhaustion when many malicious requests are sent. An attacker can easily flood the peer address and port for requests. Version 0.46.0 contains a fix for this issue. As a workaround to stop being affected, a view removing the attributes can be used. The other possibility is to disable grpc metrics instrumentation by passing `otelgrpc.WithMeterProvider` option with `noop.NewMeterProvider`. | 2023-11-10 | not yet calculated | CVE-2023-47108
|
openvpn — openvpn | Using the –fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behavior which could cause an application crash, leading to a denial of service. | 2023-11-11 | not yet calculated | CVE-2023-46849
|
openvpn — openvpn | Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavior, leaking memory buffers or remote execution when sending network buffers to a remote peer. | 2023-11-11 | not yet calculated | CVE-2023-46850
|
palantir — palantir | The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized. | 2023-11-15 | not yet calculated | CVE-2023-30954 |
papercut — papercut_mf/ng | This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the pc-pdl-to-image process. The process loads an executable from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. | 2023-11-14 | not yet calculated | CVE-2023-6006 |
payara_platform — multiple_products | URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries. This issue affects Payara Server, Micro and Embedded: from 5.0.0 before 5.57.0, from 4.1.2.191 before 4.1.2.191.46, from 6.0.0 before 6.8.0, from 6.2023.1 before 6.2023.11. | 2023-11-15 | not yet calculated | CVE-2023-41699 |
phoenix — securecore(tm)_technology(tm) | Improper Access Control in SMI handler vulnerability in Phoenix SecureCoreâ„¢ Technologyâ„¢ 4 allows SPI flash modification. This issue affects SecureCoreâ„¢ Technologyâ„¢ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before 4.5.0.138 | 2023-11-15 | not yet calculated | CVE-2023-31100 |
piccolo — piccolo | Piccolo is an object-relational mapping and query builder which supports asyncio. Prior to version 1.1.1, the handling of named transaction `savepoints` in all database implementations is vulnerable to SQL Injection via f-strings. While the likelihood of an end developer exposing a `savepoints` `name` parameter to a user is highly unlikely, it would not be unheard of. If a malicious user was able to abuse this functionality they would have essentially direct access to the database and the ability to modify data to the level of permissions associated with the database user. A non exhaustive list of actions possible based on database permissions is: Read all data stored in the database, including usernames and password hashes; insert arbitrary data into the database, including modifying existing records; and gain a shell on the underlying server. Version 1.1.1 fixes this issue. | 2023-11-10 | not yet calculated | CVE-2023-47128 |
pimcore — pimcore | The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain vulnerabilities, such as using the load_file() (within a SQL Injection) query to view the page source, require the attacker to have the full path to the file they wish to view. In the case of pimcore, the fopen() function here doesn’t have an error handle when the file doesn’t exist on the server, so the server response raises the full path “fopen(/var/www/html/var/tmp/export-{ uniqe id}.csv)”. This issue has been patched in commit `10d178ef771` which has been included in release version 1.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-15 | not yet calculated | CVE-2023-47636
|
pimcore — pimcore | Pimcore is an Open Source Data & Experience Management Platform. In affected versions the `/admin/object/grid-proxy` endpoint calls `getFilterCondition()` on fields of classes to be filtered for, passing input from the request, and later executes the returned SQL. One implementation of `getFilterCondition()` is in `Multiselect`, which does not normalize/escape/validate the passed value. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. This vulnerability has been addressed in version 11.1.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-15 | not yet calculated | CVE-2023-47637
|
pre-school_enrollment — pre-school_enrollment | Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter. | 2023-11-15 | not yet calculated | CVE-2023-47446 |
pre-school_enrollment — pre-school_enrollment | Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page. | 2023-11-15 | not yet calculated | CVE-2023-47445 |
prefecthq — prefecthq/prefect | An attacker is able to steal secrets and potentially gain remote code execution via CSRF using the Prefect API. | 2023-11-16 | not yet calculated | CVE-2023-6022 |
prestashop — prestashop | MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. | 2023-11-15 | not yet calculated | CVE-2023-40923 |
prestashop — prestashop | In the module “SoNice Retour” (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to a lack of permissions control and a lack of control in the path name construction, a guest can perform a path traversal to view all files on the information system. | 2023-11-17 | not yet calculated | CVE-2023-45382 |
prestashop — prestashop | In the module “Product Catalog (CSV, Excel, XML) Export PRO” (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` | 2023-11-17 | not yet calculated | CVE-2023-45387 |
prestashop — prestashop | In the module “Newsletter Popup PRO with Voucher/Coupon code” (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. The method `NewsletterpopsendVerificationModuleFrontController::checkEmailSubscription()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection. | 2023-11-15 | not yet calculated | CVE-2023-47308 |
prestashop — prestashop | Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile. | 2023-11-15 | not yet calculated | CVE-2023-47309 |
publiccms — publiccms | An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component. | 2023-11-16 | not yet calculated | CVE-2023-48204 |
px4 — px4-autopilot | PX4 autopilot is a flight control solution for drones. In affected versions a global buffer overflow vulnerability exists in the CrsfParser_TryParseCrsfPacket function in /src/drivers/rc/crsf_rc/CrsfParser.cpp:298 due to the invalid size check. A malicious user may create an RC packet remotely and that packet goes into the device where the _rcs_buf reads. The global buffer overflow vulnerability will be triggered and the drone can behave unexpectedly. This issue has been addressed in version 1.14.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-13 | not yet calculated | CVE-2023-47625 |
pypinksign — pypinksign | PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | 2023-11-16 | not yet calculated | CVE-2023-48056
|
qlikteck_international_ab — qlik_sense_enterprise_for_windows | Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265. | 2023-11-15 | not yet calculated | CVE-2023-48365 |
qnap — multiple_products | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later | 2023-11-10 | not yet calculated | CVE-2023-23367 |
quarkus — quarkus | A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application. | 2023-11-15 | not yet calculated | CVE-2023-5720 |
ray — ray | A command injection exists in Ray’s cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. | 2023-11-16 | not yet calculated | CVE-2023-6019 |
ray — ray | LFI in Ray’s /static/ directory allows attackers to read any file on the server without authentication. | 2023-11-16 | not yet calculated | CVE-2023-6020 |
ray — ray | LFI in Ray’s log API endpoint allows attackers to read any file on the server without authentication. | 2023-11-16 | not yet calculated | CVE-2023-6021 |
reactor_netty — http_server | In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is configured to serve static resources. | 2023-11-15 | not yet calculated | CVE-2023-34062 |
redis– redisgraph | An issue in RedisGraph v.2.12.10 allows an attacker to execute arbitrary code and cause a denial of service via a crafted string in DataBlock_ItemIsDeleted. | 2023-11-16 | not yet calculated | CVE-2023-47003 |
rundeck — rundeck | Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which would allow access to view or delete jobs, without the necessary authorization checks. This issue has been addressed in version 4.17.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-16 | not yet calculated | CVE-2023-48222 |
rundeck — rundeck | Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In affected versions access to two URLs used in both Rundeck Open Source and Process Automation products could allow authenticated users to access the URL path, which provides a list of job names and groups for any project, without the necessary authorization checks. The output of these endpoints only exposes the name of job groups and the jobs contained within the specified project. The output is read-only and the access does not allow changes to the information. This vulnerability has been patched in version 4.17.3. Users are advised to upgrade. Users unable to upgrade may block access to the two URLs used in either Rundeck Open Source or Process Automation products at a load balancer level. | 2023-11-16 | not yet calculated | CVE-2023-47112 |
sandisk — sandisk_security_installer_for_windows | Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the installer in the same folder as the malicious DLL. This can lead to the execution of arbitrary code with the privileges of the vulnerable application or obtain a certain level of persistence on the compromised host. | 2023-11-15 | not yet calculated | CVE-2023-22818 |
sap — business_one_installation | SAP Business One installation – version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. As a result, any malicious user can read and write to the SMB shared folder. Additionally, the files in the folder can be executed or be used by the installation process leading to considerable impact on confidentiality, integrity and availability. | 2023-11-14 | not yet calculated | CVE-2023-31403 |
sap — netweaver_application_server | Under certain condition SAP NetWeaver Application Server ABAP – versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application. | 2023-11-14 | not yet calculated | CVE-2023-41366 |
sap — netweaver_as_java_logon_application | The unauthenticated attacker in NetWeaver AS Java Logon application – version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability. | 2023-11-14 | not yet calculated | CVE-2023-42480 |
schneider_electric — ecostruxure_power_monitoring_expert | A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an open redirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. | 2023-11-15 | not yet calculated | CVE-2023-5986 |
schneider_electric — ecostruxure_power_monitoring_expert | A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers can have a victim’s browser run arbitrary JavaScript when they visit a page containing the injected payload. | 2023-11-15 | not yet calculated | CVE-2023-5987 |
schneider_electric — galaxy_vs | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could cause a file system enumeration and file download when an attacker navigates to the Network Management Card via HTTPS. | 2023-11-15 | not yet calculated | CVE-2023-6032 |
schneider_electric — ion8650 | A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure. | 2023-11-15 | not yet calculated | CVE-2023-5984 |
schneider_electric — ion8650 | A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system values. | 2023-11-15 | not yet calculated | CVE-2023-5985 |
siemens — comos | A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to. | 2023-11-14 | not yet calculated | CVE-2023-46601 |
siemens — multiple_products | A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected products do not properly validate the content of uploaded X509 certificates which could allow an attacker with administrative privileges to execute arbitrary code on the device. | 2023-11-14 | not yet calculated | CVE-2023-44317 |
siemens — multiple_products | A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices use a weak checksum algorithm to protect the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that tricks a legitimate administrator to upload a modified configuration file to change the configuration of an affected device. | 2023-11-14 | not yet calculated | CVE-2023-44319 |
siemens — multiple_products | A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the authentication when performing certain modifications in the web interface allowing an authenticated attacker to influence the user interface configured by an administrator. | 2023-11-14 | not yet calculated | CVE-2023-44320 |
siemens — multiple_products | A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial-of-service condition. The device needs to be restarted for the web interface to become available again. | 2023-11-14 | not yet calculated | CVE-2023-44321 |
siemens — multiple_products | A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices can be configured to send emails when certain events occur on the device. When presented with an invalid response from the SMTP server, the device triggers an error that disrupts email sending. An attacker with access to the network can use this to do disable notification of users when certain events occur. | 2023-11-14 | not yet calculated | CVE-2023-44322 |
siemens — multiple_products | A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. Follow-up of CVE-2022-36323. | 2023-11-14 | not yet calculated | CVE-2023-44373 |
siemens — multiple_products | A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices allow to change the password, but insufficiently check which password is to be changed. With this an authenticated attacker could, under certain conditions, be able to change the password of another, potential admin user allowing her to escalate her privileges. | 2023-11-14 | not yet calculated | CVE-2023-44374 |
siemens — multiple_products | A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4.0), Mendix Applications using Mendix 7 (All versions < V7.23.37), Mendix Applications using Mendix 8 (All versions < V8.18.27), Mendix Applications using Mendix 9 (All versions < V9.24.10). A capture-replay flaw in the platform could have an impact to apps built with the platform, if certain preconditions are met that depend on the app’s model and access control design. This could allow authenticated attackers to access or modify objects without proper authorization, or escalate privileges in the context of the vulnerable app. | 2023-11-14 | not yet calculated | CVE-2023-45794 |
siemens — multiple_products | A vulnerability has been identified in SCALANCE XB205-3 (SC, PN) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB205-3 (ST, PN) (All versions < V4.5), SCALANCE XB205-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB205-3LD (SC, PN) (All versions < V4.5), SCALANCE XB208 (E/IP) (All versions < V4.5), SCALANCE XB208 (PN) (All versions < V4.5), SCALANCE XB213-3 (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3 (SC, PN) (All versions < V4.5), SCALANCE XB213-3 (ST, E/IP) (All versions < V4.5), SCALANCE XB213-3 (ST, PN) (All versions < V4.5), SCALANCE XB213-3LD (SC, E/IP) (All versions < V4.5), SCALANCE XB213-3LD (SC, PN) (All versions < V4.5), SCALANCE XB216 (E/IP) (All versions < V4.5), SCALANCE XB216 (PN) (All versions < V4.5), SCALANCE XC206-2 (SC) (All versions < V4.5), SCALANCE XC206-2 (ST/BFOC) (All versions < V4.5), SCALANCE XC206-2G PoE (All versions < V4.5), SCALANCE XC206-2G PoE (54 V DC) (All versions < V4.5), SCALANCE XC206-2G PoE EEC (54 V DC) (All versions < V4.5), SCALANCE XC206-2SFP (All versions < V4.5), SCALANCE XC206-2SFP EEC (All versions < V4.5), SCALANCE XC206-2SFP G (All versions < V4.5), SCALANCE XC206-2SFP G (EIP DEF.) (All versions < V4.5), SCALANCE XC206-2SFP G EEC (All versions < V4.5), SCALANCE XC208 (All versions < V4.5), SCALANCE XC208EEC (All versions < V4.5), SCALANCE XC208G (All versions < V4.5), SCALANCE XC208G (EIP def.) (All versions < V4.5), SCALANCE XC208G EEC (All versions < V4.5), SCALANCE XC208G PoE (All versions < V4.5), SCALANCE XC208G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216 (All versions < V4.5), SCALANCE XC216-3G PoE (All versions < V4.5), SCALANCE XC216-3G PoE (54 V DC) (All versions < V4.5), SCALANCE XC216-4C (All versions < V4.5), SCALANCE XC216-4C G (All versions < V4.5), SCALANCE XC216-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC216-4C G EEC (All versions < V4.5), SCALANCE XC216EEC (All versions < V4.5), SCALANCE XC224 (All versions < V4.5), SCALANCE XC224-4C G (All versions < V4.5), SCALANCE XC224-4C G (EIP Def.) (All versions < V4.5), SCALANCE XC224-4C G EEC (All versions < V4.5), SCALANCE XF204 (All versions < V4.5), SCALANCE XF204 DNA (All versions < V4.5), SCALANCE XF204-2BA (All versions < V4.5), SCALANCE XF204-2BA DNA (All versions < V4.5), SCALANCE XP208 (All versions < V4.5), SCALANCE XP208 (Ethernet/IP) (All versions < V4.5), SCALANCE XP208EEC (All versions < V4.5), SCALANCE XP208PoE EEC (All versions < V4.5), SCALANCE XP216 (All versions < V4.5), SCALANCE XP216 (Ethernet/IP) (All versions < V4.5), SCALANCE XP216EEC (All versions < V4.5), SCALANCE XP216POE EEC (All versions < V4.5), SCALANCE XR324WG (24 x FE, AC 230V) (All versions < V4.5), SCALANCE XR324WG (24 X FE, DC 24V) (All versions < V4.5), SCALANCE XR326-2C PoE WG (All versions < V4.5), SCALANCE XR326-2C PoE WG (without UL) (All versions < V4.5), SCALANCE XR328-4C WG (24XFE, 4XGE, 24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE, 4xGE,DC24V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (24xFE,4xGE,AC230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, AC 230V) (All versions < V4.5), SCALANCE XR328-4C WG (28xGE, DC 24V) (All versions < V4.5), SIPLUS NET SCALANCE XC206-2 (All versions < V4.5), SIPLUS NET SCALANCE XC206-2SFP (All versions < V4.5), SIPLUS NET SCALANCE XC208 (All versions < V4.5), SIPLUS NET SCALANCE XC216-4C (All versions < V4.5). Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. This could allow an authenticated attacker with administrative privileges or an attacker that obtains a configuration backup to extract configuration information from the exported file. | 2023-11-14 | not yet calculated | CVE-2023-44318 |
siemens — opc_ua_modelling_editor | A vulnerability has been identified in Siemens OPC UA Modelling Editor (SiOME) (All versions < V2.8). Affected products suffer from a XML external entity (XXE) injection vulnerability. This vulnerability could allow an attacker to interfere with an application’s processing of XML data and read arbitrary files in the system. | 2023-11-14 | not yet calculated | CVE-2023-46590 |
siemens — simatic_pcs_neo | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly authenticate users in the PUD Manager web service. This could allow an unauthenticated adjacent attacker to generate a privileged token and upload additional documents. | 2023-11-14 | not yet calculated | CVE-2023-46096 |
siemens — simatic_pcs_neo | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). The PUD Manager of affected products does not properly neutralize user provided inputs. This could allow an authenticated adjacent attacker to execute SQL statements in the underlying database. | 2023-11-14 | not yet calculated | CVE-2023-46097 |
siemens — simatic_pcs_neo | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior. | 2023-11-14 | not yet calculated | CVE-2023-46098 |
siemens — simatic_pcs_neo | A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). There is a stored cross-site scripting vulnerability in the Administration Console of the affected product, that could allow an attacker with high privileges to inject Javascript code into the application that is later executed by another legitimate user. | 2023-11-14 | not yet calculated | CVE-2023-46099 |
simple_crud_functionality — simple_crud_functionality | SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the ‘title’ parameter. | 2023-11-17 | not yet calculated | CVE-2023-48078 |
splunk_enterprise — splunk_enterprise | In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser. | 2023-11-16 | not yet calculated | CVE-2023-46213 |
splunk_enterprise — splunk_enterprise | In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance. | 2023-11-16 | not yet calculated | CVE-2023-46214 |
statamic_cms — statamic_cms | Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. In affected versions the file uploads feature did not prevent the upload of PHP files. This may lead to code execution on the server by authenticated users. This vulnerability is fixed in v3.1.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-13 | not yet calculated | CVE-2023-47621 |
statamic_cms — statamic_cms | Statamic is a flat-first, Laravel + Git powered CMS designed for building websites. In affected versions certain additional PHP files crafted to look like images may be uploaded regardless of mime type validation rules. This affects front-end forms using the “Forms” feature, and asset upload fields in the control panel. Malicious users could leverage this vulnerability to upload and execute code. This issue has been patched in versions 3.4.14 and 4.34.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-48217 |
superagi — superagi | SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | 2023-11-16 | not yet calculated | CVE-2023-48055 |
tenda — ax1803 | Buffer Overflow vulnerability in Tenda AX1803 v1.0.0.1_2994 and earlier allows attackers to run arbitrary code via /goform/SetOnlineDevName. | 2023-11-14 | not yet calculated | CVE-2022-45781 |
terramaster_technocology_co.,_ltd. — terramaster | Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request. | 2023-11-17 | not yet calculated | CVE-2023-48185 |
tibco_software_inc. — tibco_ebx | The Web Application component of TIBCO Software Inc.’s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a stored XSS on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO EBX: versions 5.9.22 and below, versions 6.0.13 and below and TIBCO Product and Service Catalog powered by TIBCO EBX: versions 5.0.0 and below. | 2023-11-14 | not yet calculated | CVE-2023-26222 |
tinymce — tinymce | TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text nodes contain a special character reserved as an internal marker, they can be combined with other HTML patterns to form malicious snippets. These snippets pass the initial sanitization layer when the content is parsed into the editor body but can trigger XSS when the special internal marker is removed from the content and re-parsed. his vulnerability has been patched in TinyMCE versions 6.7.3 and 5.10.9. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-15 | not yet calculated | CVE-2023-48219
|
trellix — epolicy_orchestrator | A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server. | 2023-11-17 | not yet calculated | CVE-2023-5444 |
trellix — epolicy_orchestrator | An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a malicious site. This impacts the dashboard area of the user interface. A user would need to be logged into ePO to trigger this vulnerability. To exploit this the attacker must change the HTTP payload post submission, prior to it reaching the ePO server. | 2023-11-17 | not yet calculated | CVE-2023-5445 |
trellix — getsusp | An Improper Privilege Management vulnerability in Trellix GetSusp prior to version 5.0.0.27 allows a local, low privilege attacker to gain access to files that usually require a higher privilege level. This is caused by GetSusp not correctly protecting a directory that it creates during execution, allowing an attacker to take over file handles used by GetSusp. As this requires high privileges, the attacker gains elevated permissions. The file handles are opened as read-only. | 2023-11-16 | not yet calculated | CVE-2023-6119 |
typo3 — typo3 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions DOM processing instructions are not handled correctly. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. This vulnerability has been addressed in versions 1.5.3 and 2.1.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47125
|
typo3 — typo3 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions the login screen of the standalone install tool discloses the full path of the transient data directory (e.g. /var/www/html/var/transient/). This applies to composer-based scenarios only – “classic” non-composer installations are not affected. This issue has been addressed in version 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47126
|
typo3 — typo3 | TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. E.g., first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47127
|
vantage6 — vantage6 | vantage6 is a framework to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). In affected versions a node does not check if an image is allowed to run if a `parent_id` is set. A malicious party that breaches the server may modify it to set a fake `parent_id` and send a task of a non-whitelisted algorithm. The node will then execute it because the `parent_id` that is set prevents checks from being run. This impacts all servers that are breached by an expert user. This vulnerability has been patched in version 4.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47631
|
vertaai — vertaai/modeldb | An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter. | 2023-11-16 | not yet calculated | CVE-2023-6023 |
vim — vim | Vim is an open source command line text editor. When closing a window, vim may try to access already freed window structure. Exploitation beyond crashing the application has not been shown to be viable. This issue has been addressed in commit `25aabc2b` which has been included in release version 9.0.2106. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-16 | not yet calculated | CVE-2023-48231
|
vim — vim | Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is enabled and the cpo-settings include the ‘n’ flag. This may happen when a window border is present and when the wrapped line continues on the next physical line directly in the window border because the ‘cpo’ setting includes the ‘n’ flag. Only users with non-default settings are affected and the exception should only result in a crash. This issue has been addressed in commit `cb0b99f0` which has been included in release version 9.0.2107. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-16 | not yet calculated | CVE-2023-48232
|
vim — vim | Vim is an open source command line text editor. If the count after the :s command is larger than what fits into a (signed) long variable, abort with e_value_too_large. Impact is low, user interaction is required and a crash may not even happen in all situations. This issue has been addressed in commit `ac6378773` which has been included in release version 9.0.2108. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-16 | not yet calculated | CVE-2023-48233
|
vim — vim | Vim is an open source command line text editor. When getting the count for a normal mode z command, it may overflow for large counts given. Impact is low, user interaction is required, and a crash may not even happen in all situations. This issue has been addressed in commit `58f9befca1` which has been included in release version 9.0.2109. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-16 | not yet calculated | CVE-2023-48234
|
vim — vim | Vim is an open source command line text editor. When parsing relative ex addresses one may unintentionally cause an overflow. Ironically this happens in the existing overflow check, because the line number becomes negative and LONG_MAX – lnum will cause the overflow. Impact is low, user interaction is required, and a crash may not even happen in all situations. This issue has been addressed in commit `060623e` which has been included in release version 9.0.2110. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-16 | not yet calculated | CVE-2023-48235
|
vim — vim | Vim is an open source command line text editor. When using the z= command, the user may overflow the count with values larger than MAX_INT. Impact is low, user interaction is required, and a crash may not even happen in all situations. This vulnerability has been addressed in commit `73b2d379` which has been included in release version 9.0.2111. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-16 | not yet calculated | CVE-2023-48236
|
vim — vim | Vim is an open source command line text editor. In affected versions when shifting lines in operator pending mode and using a very large value, it may be possible to overflow the size of integer. Impact is low, user interaction is required, and a crash may not even happen in all situations. This issue has been addressed in commit `6bf131888` which has been included in version 9.0.2112. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-16 | not yet calculated | CVE-2023-48237
|
visual_studio_code — jupyter_extension | Visual Studio Code Jupyter Extension Spoofing Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36018 |
vmware — cloud_director_appliance | VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with network access to the appliance can bypass login restrictions when authenticating on port 22 (ssh) or port 5480 (appliance management console) . This bypass is not present on port 443 (VCD provider and tenant login). On a new installation of VMware Cloud Director Appliance 10.5, the bypass is not present. VMware Cloud Director Appliance is impacted since it uses an affected version of sssd from the underlying Photon OS. The sssd issue is no longer present in versions of Photon OS that ship with sssd-2.8.1-11 or higher (Photon OS 3) or sssd-2.8.2-9 or higher (Photon OS 4 and 5). | 2023-11-14 | not yet calculated | CVE-2023-34060
|
windows — authentication | Windows Authentication Denial of Service Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36046 |
windows — authentication | Windows Authentication Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36047 |
windows — cloud_files_mini_filter_driver | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36036 |
windows — compressed_folder | Windows Compressed Folder Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36396 |
windows — deployment | Windows Deployment Services Denial of Service Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36395 |
windows — distributed_file_system | Windows Distributed File System (DFS) Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36425 |
windows — dwm_core_library | Windows DWM Core Library Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36033 |
windows — hmac | Windows HMAC Key Derivation Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36400 |
windows — hyper-v | Windows Hyper-V Information Disclosure Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36406 |
windows — hyper-v | Windows Hyper-V Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36407 |
windows — hyper-v | Windows Hyper-V Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36408 |
windows — kernel | Windows Kernel Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36403 |
windows — kernel | Windows Kernel Information Disclosure Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36404 |
windows — kernel | Windows Kernel Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36405 |
windows — ntfs | Windows NTFS Information Disclosure Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36398 |
windows — pragmatic_general_multicast | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36397 |
windows — scripting_engine_memory | Windows Scripting Engine Memory Corruption Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36017 |
windows — search_service | Windows Search Service Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36394 |
windows — smartscreen_security_feature | Windows SmartScreen Security Feature Bypass Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36025 |
windows — user_interface_application | Windows User Interface Application Core Remote Code Execution Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36393 |
windows — common_log_file_system_driver | Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36424 |
windows — hyper-v | Windows Hyper-V Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36427 |
windows — installer | Windows Installer Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36705 |
windows — storage | Windows Storage Elevation of Privilege Vulnerability | 2023-11-14 | not yet calculated | CVE-2023-36399 |
wireshark — wireshark | SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file | 2023-11-16 | not yet calculated | CVE-2023-6174
|
withsecure — multiple_products | Certain WithSecure products allow a Denial of Service (DoS) in the antivirus engine when scanning a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later. | 2023-11-16 | not yet calculated | CVE-2023-47263 |
withsecure — multiple_products | Certain WithSecure products have a buffer over-read whereby processing certain fuzz file types may cause a denial of service (DoS). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 15 and later. | 2023-11-16 | not yet calculated | CVE-2023-47264 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Himanshu Parashar Google Site Verification plugin using Meta Tag. This issue affects Google Site Verification plugin using Meta Tag: from n/a through 1.2. | 2023-11-18 | not yet calculated | CVE-2023-32514 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in 10Web SEO by 10Web plugin <= 1.2.9 versions. | 2023-11-16 | not yet calculated | CVE-2023-34375 |
wordpress — wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Under Construction / Maintenance Mode from Acurax plugin <= 2.6 versions. | 2023-11-16 | not yet calculated | CVE-2023-39926 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips. This issue affects WordPress Tooltips: from n/a through 8.2.5. | 2023-11-18 | not yet calculated | CVE-2023-25985 |
wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1. | 2023-11-16 | not yet calculated | CVE-2023-28621 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Yoast Yoast Local Premium.This issue affects Yoast Local Premium: from n/a through 14.8. | 2023-11-18 | not yet calculated | CVE-2023-28780 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Arshid Easy Hide Login. This issue affects Easy Hide Login: from n/a through 1.0.8. | 2023-11-18 | not yet calculated | CVE-2023-31075 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tradebooster Video XML Sitemap Generator. This issue affects Video XML Sitemap Generator: from n/a through 1.0.0. | 2023-11-18 | not yet calculated | CVE-2023-31089 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPDeveloper Essential Addons for Elementor Pro.This issue affects Essential Addons for Elementor Pro: from n/a through 5.4.8. | 2023-11-18 | not yet calculated | CVE-2023-32245 |
wordpress — wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions. | 2023-11-16 | not yet calculated | CVE-2023-32796 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions. | 2023-11-16 | not yet calculated | CVE-2023-32957 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress. This issue affects Patreon WordPress: from n/a through 1.8.6. | 2023-11-18 | not yet calculated | CVE-2023-41129 |
wordpress — wordpress | The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit. | 2023-11-18 | not yet calculated | CVE-2023-4214
|
wordpress — wordpress | The Namaste! LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘course_id’ parameter in versions up to, and including, 2.6.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-11-15 | not yet calculated | CVE-2023-4602
|
wordpress — wordpress | The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_elements function. This makes it possible for unauthenticated attackers to enable/disable elementor addon elements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-15 | not yet calculated | CVE-2023-4689
|
wordpress — wordpress | The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eae_save_config function. This makes it possible for unauthenticated attackers to change configuration settings for the plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-11-15 | not yet calculated | CVE-2023-4690
|
wordpress — wordpress | The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. This can allow unauthenticated attackers to extract sensitive data including post/page ids and titles including those of with pending/draft/future/private status. | 2023-11-15 | not yet calculated | CVE-2023-4723
|
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Scott Paterson Easy PayPal Shopping Cart plugin <= 1.1.10 versions. | 2023-11-16 | not yet calculated | CVE-2023-47239 |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap plugin <= 1.1.11 versions. | 2023-11-16 | not yet calculated | CVE-2023-47240 |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions. | 2023-11-16 | not yet calculated | CVE-2023-47242 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? – MSHOP MY SITE. This issue affects ???? ????? – MSHOP MY SITE: from n/a through 1.1.6. | 2023-11-18 | not yet calculated | CVE-2023-47243 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Viewer plugin <= 1.7 versions. | 2023-11-16 | not yet calculated | CVE-2023-47245 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions. | 2023-11-16 | not yet calculated | CVE-2023-47508 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ioannup Edit WooCommerce Templates plugin <= 1.1.1 versions. | 2023-11-16 | not yet calculated | CVE-2023-47509 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SO WP Pinyin Slugs plugin <= 2.3.0 versions. | 2023-11-16 | not yet calculated | CVE-2023-47511 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Gravity Master Product Enquiry for WooCommerce plugin <= 3.0 versions. | 2023-11-16 | not yet calculated | CVE-2023-47512 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in lawrenceowen, gcubero, acunnningham, fmahmood Star CloudPRNT for WooCommerce plugin <= 2.0.3 versions. | 2023-11-16 | not yet calculated | CVE-2023-47514 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.23.11.6 versions. | 2023-11-14 | not yet calculated | CVE-2023-47517 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Matthew Muro Restrict Categories plugin <= 2.6.4 versions. | 2023-11-14 | not yet calculated | CVE-2023-47518 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WC Product Table WooCommerce Product Table Lite. This issue affects WooCommerce Product Table Lite: from n/a through 2.6.2. | 2023-11-18 | not yet calculated | CVE-2023-47519 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Uno (miunosoft) Responsive Column Widgets plugin <= 1.2.7 versions. | 2023-11-14 | not yet calculated | CVE-2023-47520 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Feed plugin <= 2.2.1 versions. | 2023-11-14 | not yet calculated | CVE-2023-47522 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability (requires PHP 8.x) in CodeBard CodeBard’s Patron Button and Widgets for Patreon plugin <= 2.1.9 versions. | 2023-11-14 | not yet calculated | CVE-2023-47524 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sajjad Hossain Sagor WP Edit Username plugin <= 1.0.5 versions. | 2023-11-14 | not yet calculated | CVE-2023-47528 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Dark Mode. This issue affects Droit Dark Mode: from n/a through 1.1.2. | 2023-11-18 | not yet calculated | CVE-2023-47531 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions. | 2023-11-14 | not yet calculated | CVE-2023-47532 |
wordpress — wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Atarim Visual Website Collaboration, Feedback & Project Management – Atarim plugin <= 3.12 versions. | 2023-11-14 | not yet calculated | CVE-2023-47544 |
wordpress — wordpress | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Forms for Mailchimp by Optin Cat – Grow Your MailChimp List plugin <= 2.5.4 versions. | 2023-11-14 | not yet calculated | CVE-2023-47545 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Walter Pinem OneClick Chat to Order plugin <= 1.0.4.2 versions. | 2023-11-14 | not yet calculated | CVE-2023-47546 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory Products, Order & Customers Export for WooCommerce plugin <= 2.0.7 versions. | 2023-11-14 | not yet calculated | CVE-2023-47547 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability on 302 response page in spider-themes EazyDocs plugin <= 2.3.3 versions. | 2023-11-14 | not yet calculated | CVE-2023-47549 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations. This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12. | 2023-11-18 | not yet calculated | CVE-2023-47551 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Image Hover Effects – WordPress Plugin. This issue affects Image Hover Effects – WordPress Plugin: from n/a through 5.5. | 2023-11-18 | not yet calculated | CVE-2023-47552 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin. This issue affects UserHeat Plugin: from n/a through 1.1.6. | 2023-11-18 | not yet calculated | CVE-2023-47553 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in James Mehorter Device Theme Switcher. This issue affects Device Theme Switcher: from n/a through 3.0.2. | 2023-11-18 | not yet calculated | CVE-2023-47556 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in profilegrid ProfileGrid – User Profiles, Memberships, Groups and Communities. This issue affects ProfileGrid – User Profiles, Memberships, Groups and Communities: from n/a through 5.6.6. | 2023-11-18 | not yet calculated | CVE-2023-47644 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PriceListo Best Restaurant Menu by PriceListo. This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.3.1. | 2023-11-18 | not yet calculated | CVE-2023-47649 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar. This issue affects Add Local Avatar: from n/a through 12.1. | 2023-11-18 | not yet calculated | CVE-2023-47650 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Robert Macchi WP Links Page. This issue affects WP Links Page: from n/a through 4.9.4. | 2023-11-18 | not yet calculated | CVE-2023-47651 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi ANAC XML Bandi di Gara. This issue affects ANAC XML Bandi di Gara: from n/a through 7.5. | 2023-11-18 | not yet calculated | CVE-2023-47655 |
wordpress — wordpress | Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in GrandPlugins Direct Checkout – Quick View – Buy Now For WooCommerce plugin <= 1.5.8 versions. | 2023-11-14 | not yet calculated | CVE-2023-47657 |
wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Lavacode Lava Directory Manager plugin <= 1.1.34 versions. | 2023-11-14 | not yet calculated | CVE-2023-47659 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Wham Product Visibility by Country for WooCommerce plugin <= 1.4.9 versions. | 2023-11-14 | not yet calculated | CVE-2023-47660 |
wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GoldBroker.Com Live Gold Price & Silver Price Charts Widgets plugin <= 2.4 versions. | 2023-11-14 | not yet calculated | CVE-2023-47662 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords. This issue affects Plainview Protect Passwords: from n/a through 1.4. | 2023-11-18 | not yet calculated | CVE-2023-47664 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets. This issue affects Code Snippets: from n/a through 3.5.0. | 2023-11-18 | not yet calculated | CVE-2023-47666 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free. This issue affects WP Full Stripe Free: from n/a through 1.6.1. | 2023-11-18 | not yet calculated | CVE-2023-47667 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS. This issue affects Korea SNS: from n/a through 1.6.3. | 2023-11-18 | not yet calculated | CVE-2023-47670 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent. This issue affects Vertical scroll recent post: from n/a through 14.0. | 2023-11-18 | not yet calculated | CVE-2023-47671 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget. This issue affects WP Category Post List Widget: from n/a through 2.0.3. | 2023-11-18 | not yet calculated | CVE-2023-47672 |
wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Stefano Ottolenghi Post Pay Counter plugin <= 2.789 versions. | 2023-11-14 | not yet calculated | CVE-2023-47673 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix. This issue affects Preloader Matrix: from n/a through 2.0.1. | 2023-11-18 | not yet calculated | CVE-2023-47685 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.2.2 versions. | 2023-11-16 | not yet calculated | CVE-2023-47686 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in VJInfotech Woo Custom and Sequential Order Number plugin <= 2.6.0 versions. | 2023-11-16 | not yet calculated | CVE-2023-47687 |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Alexufo Youtube SpeedLoad plugin <= 0.6.3 versions. | 2023-11-16 | not yet calculated | CVE-2023-47688 |
wordpress — wordpress | The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘shareaholic’ shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-11-15 | not yet calculated | CVE-2023-4889 |
wordpress — wordpress | The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-11-15 | not yet calculated | CVE-2023-5381
|
wordpress — wordpress | The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. This is due to improper restrictions on the add() function. This makes it possible for unauthenticated attackers to place multiple votes on a single poll even when the poll is set to one vote per person. | 2023-11-14 | not yet calculated | CVE-2023-6109 |
wordpress — wordpress | The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the ‘forminator_allowed_mime_types’ function in versions up to, and including, 1.27.0. This makes it possible for authenticated attackers with administrator-level capabilities or above to upload arbitrary files on the affected site’s server, but due to the htaccess configuration, remote code cannot be executed. | 2023-11-15 | not yet calculated | CVE-2023-6133
|
wordpress — wordpress | The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the ‘pmpro_paypalexpress_session_vars_for_user_fields’ function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings. | 2023-11-18 | not yet calculated | CVE-2023-6187
|
xxl-job-admin — xxl-job-admin | xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. | 2023-11-15 | not yet calculated | CVE-2023-48087 |
xxl-job-admin — xxl-job-admin | xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. | 2023-11-15 | not yet calculated | CVE-2023-48088 |
xxl-job-admin — xxl-job-admin | xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. | 2023-11-15 | not yet calculated | CVE-2023-48089 |
yii — yii | Yii is an open source PHP web framework. yiisoft/yii before version 1.1.29 are vulnerable to Remote Code Execution (RCE) if the application calls `unserialize()` on arbitrary user input. An attacker may leverage this vulnerability to compromise the host system. A fix has been developed for the 1.1.29 release. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-14 | not yet calculated | CVE-2023-47130
|
yt-dlp — yt-dlp | yt-dlp is a youtube-dl fork with additional features and fixes. The Generic Extractor in yt-dlp is vulnerable to an attacker setting an arbitrary proxy for a request to an arbitrary url, allowing the attacker to MITM the request made from yt-dlp’s HTTP session. This could lead to cookie exfiltration in some cases. Version 2023.11.14 removed the ability to smuggle `http_headers` to the Generic extractor, as well as other extractors that use the same pattern. Users are advised to upgrade. Users unable to upgrade should disable the Ggneric extractor (or only pass trusted sites with trusted content) and ake caution when using `–no-check-certificate`. | 2023-11-15 | not yet calculated | CVE-2023-46121
|
zoom — in-meeting_chat | Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. | 2023-11-14 | not yet calculated | CVE-2023-39199 |
zoom — multiple_products | Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access. | 2023-11-14 | not yet calculated | CVE-2023-39203 |
zoom — rooms | Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | 2023-11-15 | not yet calculated | CVE-2023-43590 |
zoom — rooms | Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | 2023-11-15 | not yet calculated | CVE-2023-43591 |
zoom — rooms_client | Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. | 2023-11-14 | not yet calculated | CVE-2023-39202 |
zoom — team_chat | Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. | 2023-11-14 | not yet calculated | CVE-2023-39205 |
zoom — zoom | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. | 2023-11-14 | not yet calculated | CVE-2023-39204 |
zoom — zoom | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. | 2023-11-14 | not yet calculated | CVE-2023-39206 |
zoom — zoom | Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. | 2023-11-15 | not yet calculated | CVE-2023-43582 |
zoom — zoom | Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | 2023-11-15 | not yet calculated | CVE-2023-43588 |
zulip — zulip | Zulip is an open-source team collaboration tool. It was discovered by the Zulip development team that active users who had previously been subscribed to a stream incorrectly continued being able to use the Zulip API to access metadata for that stream. As a result, users who had been removed from a stream, but still had an account in the organization, could still view metadata for that stream (including the stream name, description, settings, and an email address used to send emails into the stream via the incoming email integration). This potentially allowed users to see changes to a stream’s metadata after they had lost access to the stream. This vulnerability has been addressed in version 7.5 and all users are advised to upgrade. There are no known workarounds for this issue. | 2023-11-16 | not yet calculated | CVE-2023-47642 |
adobe — acrobat_reader | Adobe Acrobat Reader versions 23.006.20360 (and earlier) and 20.005.30524 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-11-16 | not yet calculated | CVE-2023-44361 |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.