US-CERT Vulnerability Summary for the Week of October 30, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
contec — solarview_compact_firmwareAn issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component.2023-10-279.8CVE-2023-46509
MISC
dreamsecurity — magicline_4.0A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code.2023-10-309.8CVE-2023-45797
MISC
google — androidIn Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-308.8CVE-2023-21356
MISC
google — androidIn Bluetooth, there is a possibility of code-execution due to a use after free. This could lead to paired device escalation of privilege in the privileged Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-308.8CVE-2023-21361
MISC
google — androidIn build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-278.8CVE-2023-40129
MISC
MISC
google — androidIn NFC, there is a possible way to setup a default contactless payment app without user consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2021-39810
MISC
google — androidIn Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2023-21351
MISC
google — androidIn libaudioclient, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2023-21355
MISC
google — androidIn UWB Google, there is a possible way for a malicious app to masquerade as system app com.android.uwb.resources due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2023-21358
MISC
google — androidIn libdexfile, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2023-21372
MISC
google — androidIn Telephony, there is a possible way for a guest user to change the preferred SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2023-21373
MISC
google — androidIn System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2023-21374
MISC
google — androidIn Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2023-21375
MISC
google — androidIn Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2023-21378
MISC
google — androidIn Media Resource Manager, there is a possible local arbitrary code execution due to use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.8CVE-2023-21381
MISC
google — androidIn onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-277.8CVE-2023-40116
MISC
MISC
google — androidIn resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-277.8CVE-2023-40117
MISC
MISC
MISC
google — androidIn multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-277.8CVE-2023-40120
MISC
MISC
google — androidIn onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-277.8CVE-2023-40125
MISC
MISC
google — androidIn several functions of xmlregexp.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-277.8CVE-2023-40128
MISC
MISC
google — androidIn onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-277.8CVE-2023-40130
MISC
MISC
google — androidIn Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.5CVE-2023-21347
MISC
google — androidIn NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-307.5CVE-2023-21353
MISC
google — androidIn GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-277CVE-2023-40131
MISC
MISC
juzaweb — cmsAn issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function.2023-10-287.8CVE-2023-46468
MISC
projectworlds — online_art_galleryOnline Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ’email’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-43738
MISC
MISC
projectworlds — online_art_galleryOnline Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘contact’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-44162
MISC
MISC
projectworlds — online_art_galleryOnline Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add1’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-44375
MISC
MISC
projectworlds — online_art_galleryOnline Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add2’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-44376
MISC
MISC
projectworlds — online_art_galleryOnline Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘add3’ parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.2023-10-279.8CVE-2023-44377
MISC
MISC
projectworlds — online_bus_booking_system
 
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘user_email’ parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45012
MISC
MISC
projectworlds — online_bus_booking_system
 
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘user_query’ parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45013
MISC
MISC
projectworlds — online_bus_booking_system
 
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘bus_id’ parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45014
MISC
MISC
projectworlds — online_bus_booking_system
 
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘date’ parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45015
MISC
MISC
projectworlds — online_bus_booking_system
 
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘source’ parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45016
MISC
MISC
projectworlds — online_bus_booking_system
 
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘destination’ parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45017
MISC
MISC
projectworlds — online_bus_booking_system
 
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45018
MISC
MISC
projectworlds — online_bus_booking_system
 
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘category’ parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45019
MISC
MISC
projectworlds — online_examination_system
 
Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ’email’ parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45111
MISC
MISC
projectworlds — online_examination_system
 
Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘feedback’ parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45112
MISC
MISC
projectworlds — online_examination_system
 
Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘name’ parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45113
MISC
MISC
projectworlds — online_examination_system
 
Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘subject’ parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45114
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘name’ parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45323
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘price’ parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45324
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘address’ parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45325
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ’email’ parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45326
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘name’ parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45327
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘password’ parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45328
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘role’ parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45329
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45330
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘contact’ parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45331
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘deleted’ parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45332
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘verified’ parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45333
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘status’ parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45334
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45335
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘password’ parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45336
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘username’ parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45337
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘id’ parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45338
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘type’ parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45339
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘phone’ parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45340
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘*_price’ parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45341
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘phone’ parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45342
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘ticket_id’ parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45343
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘*_balance’ parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45344
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘*_deleted’ parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45345
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘*_role’ parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45346
MISC
MISC
projectworlds — online_food_ordering_system
 
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘*_verified’ parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.2023-11-029.8CVE-2023-45347
MISC
MISC
radare — radare2An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h.2023-10-289.8CVE-2023-46569
MISC
MISC
radare — radare2An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h.2023-10-289.8CVE-2023-46570
MISC
MISC
solarwinds — network_configuration_manager
 
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.2023-11-018CVE-2023-33226
MISC
MISC
solarwinds — network_configuration_manager
 
The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.2023-11-018CVE-2023-33227
MISC
MISC
solarwinds — solarwinds_platform
 
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.2023-11-018CVE-2023-40062
MISC
MISC
solarwinds — solarwinds_platform
 
 Insecure job execution mechanism vulnerability. This vulnerability can lead to other attacks as a result.2023-11-017.1CVE-2023-40061
MISC
trteksolutions — education_portalImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in TRtek Software Education Portal allows SQL Injection.This issue affects Education Portal: before 3.2023.29.2023-10-279.8CVE-2023-5807
MISC
zentao — bizZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).2023-10-278.8CVE-2023-46375
MISC
zentao — bizZentao Biz version 8.7 and before is vulnerable to Information Disclosure.2023-10-277.5CVE-2023-46376
MISC
zpesystems — nodegrid_osZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection vulnerability via the endpoint /v1/system/toolkit/files/.2023-10-288.8CVE-2023-43322
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe — acrobat_for_edge
 
Adobe Acrobat for Edge version 118.0.2088.46 (and earlier) is affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-10-305.5CVE-2023-44323
MISC
color — demoiccmaxIn International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes.2023-10-306.5CVE-2023-46866
MISC
MISC
color — demoiccmaxIn International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference.2023-10-306.5CVE-2023-46867
MISC
MISC
flusity — flusityA vulnerability, which was classified as problematic, has been found in flusity CMS. This issue affects the function loadPostAddForm of the file core/tools/posts.php. The manipulation of the argument edit_post_id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 6943991c62ed87c7a57989a0cb7077316127def8. It is recommended to apply a patch to fix this issue. The identifier VDB-243641 was assigned to this vulnerability.2023-10-274.8CVE-2023-5810
MISC
MISC
MISC
MISC
google — androidIn Bluetooth, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2023-10-306.7CVE-2023-21360
MISC
google — androidIn the Security Element API, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2023-10-306.7CVE-2023-21370
MISC
google — androidIn Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2023-10-306.7CVE-2023-21371
MISC
google — androidIn Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2023-10-306.7CVE-2023-21380
MISC
google — androidIn Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-306.5CVE-2023-21395
MISC
google — androidIn Slice, there is a possible disclosure of installed packages due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21294
MISC
google — androidIn Media Projection, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21350
MISC
google — androidIn NFA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21352
MISC
google — androidIn Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21354
MISC
google — androidIn Usage, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21362
MISC
google — androidIn ContactsProvider, there is a possible crash loop due to resource exhaustion. This could lead to local persistent denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21364
MISC
google — androidIn Contacts, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service in the Phone app with User execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21365
MISC
google — androidIn Scudo, there is a possible way for an attacker to predict heap allocation patterns due to insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21366
MISC
google — androidIn Scudo, there is a possible way to exploit certain heap OOB read/write issues due to an insecure implementation/design. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21367
MISC
google — androidIn Audio, there is a possible out of bounds read due to missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21368
MISC
google — androidIn Usage Access, there is a possible way to display a Settings usage access restriction toggle screen due to a permissions bypass. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.2023-10-305.5CVE-2023-21369
MISC
google — androidIn Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21376
MISC
google — androidIn SELinux Policy, there is a possible restriction bypass due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21377
MISC
google — androidIn Content Resolver, there is a possible method to access metadata about existing content providers on the device due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21382
MISC
google — androidIn Settings, there is a possible way for the user to unintentionally send extra data due to an unclear prompt. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.2023-10-305.5CVE-2023-21383
MISC
google — androidIn Package Manager, there is a possible possible permissions bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21384
MISC
google — androidIn Whitechapel, there is a possible out of bounds read due to memory corruption. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21385
MISC
google — androidIn Telecomm, there is a possible bypass of a multiuser security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-305.5CVE-2023-21394
MISC
google — androidIn appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.2023-10-275.5CVE-2023-40121
MISC
MISC
google — androidIn updateActionViews of PipMenuView.java, there is a possible bypass of a multiuser security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-275.5CVE-2023-40123
MISC
MISC
google — androidIn multiple locations of DialogFillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-275.5CVE-2023-40133
MISC
MISC
google — androidIn NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2023-10-304.4CVE-2023-21357
MISC
google — androidIn Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.2023-10-304.4CVE-2023-21359
MISC
google — androidIn Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.2023-10-304.4CVE-2023-21379
MISC
gougucms — gougucmsA stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.2023-10-275.4CVE-2023-46394
MISC
lenovo — thinkpad_e14_firmwareAn SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.2023-10-306.7CVE-2022-48189
MISC
lenovo — thinkpad_x1_fold_gen_1_firmwareAn SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.2023-10-306.7CVE-2022-4573
MISC
macwk — icecmsIceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).2023-10-276.5CVE-2023-42188
MISC
MISC
projectworlds — online_blood_donation_management_system
 
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The ‘firstName’ parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.2023-10-316.1CVE-2023-44484
MISC
MISC
projectworlds — online_blood_donation_management_system
 
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The ‘lastName’ parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.2023-10-316.1CVE-2023-44485
MISC
MISC
projectworlds — online_blood_donation_management_system
 
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The ‘address’ parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.2023-10-316.1CVE-2023-44486
MISC
MISC
projectworlds — online_blood_donation_management_system
 
Online Blood Donation Management System v1.0 is vulnerable to multiple Store Cross-Site Scripting vulnerabilities. The ‘city’ parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.2023-10-316.1CVE-2023-5306
MISC
MISC
projectworlds — online_examination_system
 
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The ‘q’ parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.2023-11-016.1CVE-2023-45201
MISC
MISC
projectworlds — online_examination_system
 
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The ‘q’ parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.2023-11-016.1CVE-2023-45202
MISC
MISC
projectworlds — online_examination_system
 
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The ‘q’ parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.2023-11-016.1CVE-2023-45203
MISC
MISC
pwncyn — fancmsCross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file.2023-10-276.1CVE-2023-46505
MISC
pwncyn — yxbookcmsCross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules.2023-10-276.1CVE-2023-46503
MISC
pwncyn — yxbookcmsCross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component.2023-10-275.4CVE-2023-46504
MISC
solarwinds — network_configuration_manager
 
The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.2023-11-014.5CVE-2023-33228
MISC
MISC
wordpress — wordpressThe Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-276.5CVE-2023-5821
MISC
MISC
MISC
wordpress — wordpressUnauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.9 versions.2023-10-276.1CVE-2023-46153
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.5 versions.2023-10-276.1CVE-2023-46194
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.6 versions.2023-10-276.1CVE-2023-46208
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in G5Theme Grid Plus – Unlimited grid plugin <= 1.3.2 versions.2023-10-276.1CVE-2023-46209
MISC
wordpress — wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder plugin <= 3.19.14 versions.2023-10-275.4CVE-2023-46211
MISC
wordpress — wordpressThe CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘callrail_form’ shortcode in versions up to, and including, 0.5.2 due to insufficient input sanitization and output escaping on the ‘form_id’ user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-275.4CVE-2023-5051
MISC
MISC
MISC
wordpress — wordpressThe Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘buzzsprout’ shortcode in versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-305.4CVE-2023-5335
MISC
MISC
wordpress — wordpressThe Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘shortmenu’ shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-305.4CVE-2023-5565
MISC
MISC
wordpress — wordpressThe Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-305.4CVE-2023-5566
MISC
MISC
MISC
MISC
wordpress — wordpressThe VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘vk_filter_search’ shortcode in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-275.4CVE-2023-5705
MISC
MISC
MISC
wordpress — wordpressThe Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcode(s) in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-275.4CVE-2023-5774
MISC
MISC
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.2023-10-274.8CVE-2023-46091
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in LionScripts.Com Webmaster Tools plugin <= 2.0 versions.2023-10-274.8CVE-2023-46093
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.2023-10-274.8CVE-2023-46192
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Triberr plugin <= 4.1.1 versions.2023-10-274.8CVE-2023-46199
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.3 versions.2023-10-274.8CVE-2023-46200
MISC
zentao — bizZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS).2023-10-276.1CVE-2023-46374
MISC
zentao — bizZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library.2023-10-276.1CVE-2023-46491
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
google — androidIn Game Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-303.3CVE-2023-21345
MISC
google — androidIn the Device Idle Controller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-303.3CVE-2023-21346
MISC
google — androidIn Window Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-303.3CVE-2023-21348
MISC
google — androidIn Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-303.3CVE-2023-21349
MISC
google — androidIn multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-273.3CVE-2023-40127
MISC
MISC
google — androidIn isFullScreen of FillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-273.3CVE-2023-40134
MISC
MISC
google — androidIn applyCustomDescription of SaveUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-273.3CVE-2023-40135
MISC
MISC
google — androidIn setHeader of DialogFillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-273.3CVE-2023-40136
MISC
MISC
google — androidIn multiple functions of DialogFillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-273.3CVE-2023-40137
MISC
MISC
google — androidIn FillUi of FillUi.java, there is a possible way to view another user’s images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-273.3CVE-2023-40138
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
7-zip — 7-zip
 
7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive.2023-11-03not yet calculatedCVE-2023-31102
MISC
MISC
MISC
addify — addifyfreegiftsSQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component.2023-11-01not yet calculatedCVE-2023-44025
MISC
artifex_software — jbig2dec
 
Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c.2023-10-31not yet calculatedCVE-2023-46361
MISC
asus — rt-ax55ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.2023-11-03not yet calculatedCVE-2023-41345
MISC
asus — rt-ax55ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.2023-11-03not yet calculatedCVE-2023-41346
MISC
asus — rt-ax55ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.2023-11-03not yet calculatedCVE-2023-41347
MISC
asus — rt-ax55ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.2023-11-03not yet calculatedCVE-2023-41348
MISC
atera — agent_package_availability
 
The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.2023-10-31not yet calculatedCVE-2023-37243
MISC
atlassian — confluence_data_center
 
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. There is no impact to confidentiality as an attacker cannot exfiltrate any instance data. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.2023-10-31not yet calculatedCVE-2023-22518
MISC
MISC
authentik — authentikauthentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the default admin user, which can also optionally set the default admin users’ password from an environment variable. When the user is deleted, the `initial-setup` flow used to configure authentik after the first installation becomes available again. authentik 2023.8.4 and 2023.10.2 fix this issue. As a workaround, ensure the default admin user (Username `akadmin`) exists and has a password set. It is recommended to use a very strong password for this user and store it in a secure location like a password manager. It is also possible to deactivate the user to prevent any logins as akadmin.2023-10-31not yet calculatedCVE-2023-46249
MISC
MISC
MISC
MISC
MISC
avahi — avahi
 
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.2023-11-02not yet calculatedCVE-2023-38469
MISC
MISC
avahi — avahi
 
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.2023-11-02not yet calculatedCVE-2023-38470
MISC
MISC
avahi — avahi
 
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.2023-11-02not yet calculatedCVE-2023-38471
MISC
MISC
avahi — avahi
 
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.2023-11-02not yet calculatedCVE-2023-38472
MISC
MISC
avahi — avahi
 
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.2023-11-02not yet calculatedCVE-2023-38473
MISC
MISC
basercms — basercms
 
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross-site scripting vulnerability in the file upload feature of baserCMS. Version 4.8.0 contains a patch for this issue.2023-10-30not yet calculatedCVE-2023-43647
MISC
MISC
MISC
basercms — basercms
 
baserCMS is a website development framework. Prior to version 4.8.0, there is a Directory Traversal Vulnerability in the form submission data management feature of baserCMS. Version 4.8.0 contains a patch for this issue.2023-10-30not yet calculatedCVE-2023-43648
MISC
MISC
MISC
basercms — basercms
 
baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue.2023-10-30not yet calculatedCVE-2023-43649
MISC
MISC
MISC
basercms — basercms
 
baserCMS is a website development framework. In versions 4.6.0 through 4.7.6, there is a Code Injection vulnerability in the mail form of baserCMS. As of time of publication, no known patched versions are available.2023-10-30not yet calculatedCVE-2023-43792
MISC
MISC
beijing_yunfan_internet_technology_co.,_ltd — yunfan_learning_examination_systemAn issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.2023-11-04not yet calculatedCVE-2023-46963
MISC
best_courier_management_system — best_courier_management_system
 
Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.2023-10-31not yet calculatedCVE-2023-46451
MISC
MISC
best_courier_management_system — best_courier_management_systemAn issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.2023-11-03not yet calculatedCVE-2023-46980
MISC
MISC
best_practical_solutions_llc. — request_tracker
 
Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.2023-11-03not yet calculatedCVE-2023-45024
MISC
CONFIRM
best_practical_solutions_llc. — request_tracker
 
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.2023-11-03not yet calculatedCVE-2023-41259
MISC
CONFIRM
CONFIRM
best_practical_solutions_llc. — request_tracker
 
Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.2023-11-03not yet calculatedCVE-2023-41260
MISC
CONFIRM
CONFIRM
bigbluebutton — bigbluebutton
 
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.2 is vulnerable to unrestricted file upload, where the insertDocument API call does not validate the given file extension before saving the file, and does not remove it in case of validation failures. BigBlueButton 2.6.0-beta.2 contains a patch. There are no known workarounds.2023-10-30not yet calculatedCVE-2023-42803
MISC
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to version 2.6.0-beta.1 has a path traversal vulnerability that allows an attacker with a valid starting folder path, to traverse and read other files without authentication, assuming the files have certain extensions (txt, swf, svg, png). In version 2.6.0-beta.1, input validation was added on the parameters being passed and dangerous characters are stripped. There are no known workarounds.2023-10-30not yet calculatedCVE-2023-42804
MISC
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open-source virtual classroom. Prior to versions 2.6.11 and 2.7.0-beta.3, Guest Lobby was vulnerable to cross-site scripting when users wait to enter the meeting due to inserting unsanitized messages to the element using unsafe innerHTML. Text sanitizing was added for lobby messages starting in versions 2.6.11 and 2.7.0-beta.3. There are no known workarounds.2023-10-30not yet calculatedCVE-2023-43797
MISC
MISC
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open-source virtual classroom. BigBlueButton prior to versions 2.6.12 and 2.7.0-rc.1 is vulnerable to Server-Side Request Forgery (SSRF). This issue is a bypass of CVE-2023-33176. A patch in versions 2.6.12 and 2.7.0-rc.1 disabled follow redirect at `httpclient.execute` since the software no longer has to follow it when using `finalUrl`. There are no known workarounds. We recommend upgrading to a patched version of BigBlueButton.2023-10-30not yet calculatedCVE-2023-43798
MISC
MISC
MISC
MISC
bigtree_cms — bigtree_cms
 
Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.2023-11-01not yet calculatedCVE-2023-44954
MISC
MISC
bitrix24 — bitrix24
 
Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted “.htaccess” file.2023-11-01not yet calculatedCVE-2023-1713
MISC
bitrix24 — bitrix24
 
Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.2023-11-01not yet calculatedCVE-2023-1714
MISC
bitrix24 — bitrix24
 
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitization via placing HTML tags at the beginning of the payload.2023-11-01not yet calculatedCVE-2023-1715
MISC
bitrix24 — bitrix24
 
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.2023-11-01not yet calculatedCVE-2023-1716
MISC
bitrix24 — bitrix24
 
Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`.2023-11-01not yet calculatedCVE-2023-1717
MISC
bitrix24 — bitrix24
 
Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted “tmp_url”.2023-11-01not yet calculatedCVE-2023-1718
MISC
bitrix24 — bitrix24
 
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialized variables.2023-11-01not yet calculatedCVE-2023-1719
MISC
bitrix24 — bitrix24
 
Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.2023-11-01not yet calculatedCVE-2023-1720
MISC
bluespice — bluespiceavatarsCross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. This only applies to the genuine user context.2023-10-30not yet calculatedCVE-2023-42431
MISC
bon_presta — boninstagramcarouselBon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call.2023-11-03not yet calculatedCVE-2023-43982
MISC
boomerang_parental_control — boomerang_parental_control
 
An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup=”false” attribute in the manifest. This allows the user to back up the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.2023-11-03not yet calculatedCVE-2023-36620
MISC
MISC
MISC
boomerang_parental_control — boomerang_parental_control
 
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.2023-11-03not yet calculatedCVE-2023-36621
MISC
MISC
MISC
botan — botan
 
bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.2023-11-03not yet calculatedCVE-2017-7252
CONFIRM
MISC
campcodes — simple_student_information_system
 
A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323.2023-11-02not yet calculatedCVE-2023-5923
MISC
MISC
MISC
campcodes — simple_student_information_system
 
A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324.2023-11-02not yet calculatedCVE-2023-5924
MISC
MISC
MISC
campcodes — simple_student_information_system
 
A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244325 was assigned to this vulnerability.2023-11-02not yet calculatedCVE-2023-5925
MISC
MISC
MISC
campcodes — simple_student_information_system
 
A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-244326 is the identifier assigned to this vulnerability.2023-11-02not yet calculatedCVE-2023-5926
MISC
MISC
MISC
campcodes — simple_student_information_system
 
A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327.2023-11-02not yet calculatedCVE-2023-5927
MISC
MISC
MISC
campcodes — simple_student_information_system
 
A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244328.2023-11-02not yet calculatedCVE-2023-5928
MISC
MISC
MISC
campcodes — simple_student_information_system
 
A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/students/manage_academic.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244329 was assigned to this vulnerability.2023-11-02not yet calculatedCVE-2023-5929
MISC
MISC
MISC
campcodes — simple_student_information_system
 
A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-244330 is the identifier assigned to this vulnerability.2023-11-02not yet calculatedCVE-2023-5930
MISC
MISC
MISC
chef_automate –chef_automateUpload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution.2023-10-31not yet calculatedCVE-2023-40050
MISC
MISC
MISC
chef_inspec — chef_inspecArchive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile.2023-10-31not yet calculatedCVE-2023-42658
MISC
MISC
MISC
chinghwa_telecom — nokiaChunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.2023-11-03not yet calculatedCVE-2023-41350
MISC
chunghwa_telecom — nokiaChunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.2023-11-03not yet calculatedCVE-2023-41351
MISC
chunghwa_telecom — nokiaChunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.2023-11-03not yet calculatedCVE-2023-41352
MISC
chunghwa_telecom — nokiaChunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.2023-11-03not yet calculatedCVE-2023-41353
MISC
chunghwa_telecom — nokiaChunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor.2023-11-03not yet calculatedCVE-2023-41354
MISC
chunghwa_telecom — nokiaChunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.2023-11-03not yet calculatedCVE-2023-41355
MISC
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
 
A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.2023-11-01not yet calculatedCVE-2023-20042
MISC
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
 
A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6 messages. An attacker could exploit this vulnerability by sending crafted ICMPv6 messages to a targeted Cisco ASA or FTD system with IPv6 enabled. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.2023-11-01not yet calculatedCVE-2023-20086
MISC
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
 
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of HTTPS requests. An attacker could exploit this vulnerability by sending crafted HTTPS requests to an affected system. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a DoS condition.2023-11-01not yet calculatedCVE-2023-20095
MISC
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
 
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that should be protected.2023-11-01not yet calculatedCVE-2023-20245
MISC
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
 
A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile.2023-11-01not yet calculatedCVE-2023-20247
MISC
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
 
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.2023-11-01not yet calculatedCVE-2023-20256
MISC
cisco — cisco_adaptive_security_appliance/firepower_threat_defense_software
 
A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network.2023-11-01not yet calculatedCVE-2023-20264
MISC
cisco — cisco_firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.2023-11-01not yet calculatedCVE-2023-20005
MISC
cisco — cisco_firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.2023-11-01not yet calculatedCVE-2023-20041
MISC
cisco — cisco_firepower_management_center
 
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software.2023-11-01not yet calculatedCVE-2023-20048
MISC
cisco — cisco_firepower_management_center
 
A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessing the expert mode of an affected device and submitting specific commands to a connected system. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device. Alternatively, a successful exploit could allow the attacker to execute arbitrary code in the context of an FTD device if the attacker has administrative privileges on an associated FMC device.2023-11-01not yet calculatedCVE-2023-20063
MISC
cisco — cisco_firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.2023-11-01not yet calculatedCVE-2023-20074
MISC
cisco — cisco_firepower_management_center
 
A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from the affected system.2023-11-01not yet calculatedCVE-2023-20114
MISC
cisco — cisco_firepower_management_center
 
A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.2023-11-01not yet calculatedCVE-2023-20155
MISC
cisco — cisco_firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.2023-11-01not yet calculatedCVE-2023-20206
MISC
cisco — cisco_firepower_management_center
 
Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device.2023-11-01not yet calculatedCVE-2023-20219
MISC
cisco — cisco_firepower_management_center
 
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device.2023-11-01not yet calculatedCVE-2023-20220
MISC
cisco — cisco_firepower_threat_defense_software
 
A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required.2023-11-01not yet calculatedCVE-2023-20031
MISC
cisco — cisco_firepower_threat_defense_software
 
A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required.2023-11-01not yet calculatedCVE-2023-20070
MISC
cisco — cisco_firepower_threat_defense_software
 
A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this vulnerability. This vulnerability is due to improper error checking when parsing fields within the ICMPv6 header. An attacker could exploit this vulnerability by sending a crafted ICMPv6 packet through an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition. Note: To recover from the DoS condition, the Snort 2 Detection Engine or the Cisco FTD device may need to be restarted.2023-11-01not yet calculatedCVE-2023-20083
MISC
cisco — cisco_firepower_threat_defense_software
 
A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required.2023-11-01not yet calculatedCVE-2023-20177
MISC
cisco — cisco_firepower_threat_defense_software
 
A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state.2023-11-01not yet calculatedCVE-2023-20244
MISC
cisco — cisco_firepower_threat_defense_software
 
A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions.2023-11-01not yet calculatedCVE-2023-20267
MISC
cisco — cisco_firepower_threat_defense_software
 
A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition.2023-11-01not yet calculatedCVE-2023-20270
MISC
cisco — cisco_identity_services_engine_software
 
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.2023-11-01not yet calculatedCVE-2023-20170
MISC
cisco — cisco_identity_services_engine_software
 
A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.2023-11-01not yet calculatedCVE-2023-20175
MISC
cisco — cisco_identity_services_engine_software
 
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.2023-11-01not yet calculatedCVE-2023-20195
MISC
cisco — cisco_identity_services_engine_software
 
Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.2023-11-01not yet calculatedCVE-2023-20196
MISC
cisco — cisco_identity_services_engine_software
 
A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this vulnerability by sending crafted CDP traffic to the device. A successful exploit could cause the CDP process to crash, impacting neighbor discovery and the ability of Cisco ISE to determine the reachability of remote devices. After a crash, the CDP process must be manually restarted using the cdp enable command in interface configuration mode.2023-11-01not yet calculatedCVE-2023-20213
MISC
cisco — cisco_meeting_server
 
A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge.2023-11-01not yet calculatedCVE-2023-20255
MISC
cisco — multiple_products
 
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.2023-11-01not yet calculatedCVE-2023-20071
MISC
cisco — multiple_products
 
Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.2023-11-01not yet calculatedCVE-2023-20246
MISC
click_studios_pty_ltd — passwordstateCross Site Request Forgery vulnerability in Click Studios (SA) Pty Ltd Passwordstate v.Build 9785 and before allows a local attacker to execute arbitrary code via a crafted request.2023-10-31not yet calculatedCVE-2023-43295
MISC
cloudexplorer_lite — cloudexplorer_liteCloudExplorer Lite is an open source, lightweight cloud management platform. Prior to version 1.4.1, the gateway filter of CloudExplorer Lite uses a controller with path starting with `matching/API/`, which can cause a permission bypass. Version 1.4.1 contains a patch for this issue.2023-10-30not yet calculatedCVE-2023-44397
MISC
codeigniter — codeigniterCodeIgniter is a PHP full-stack web framework. Prior to CodeIgniter4 version 4.4.3, if an error or exception occurs, a detailed error report is displayed even if in the production environment. As a result, confidential information may be leaked. Version 4.4.3 contains a patch. As a workaround, replace `ini_set(‘display_errors’, ‘0’)` with `ini_set(‘display_errors’, ‘Off’)` in `app/Config/Boot/production.php`.2023-10-31not yet calculatedCVE-2023-46240
MISC
MISC
MISC
crater — crater/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.2023-10-30not yet calculatedCVE-2023-46865
MISC
MISC
cybozu– remote_serviceUncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication.2023-11-01not yet calculatedCVE-2023-46278
MISC
MISC
daiky-value.fukuten — daiky-value.fukutenAn information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.2023-11-02not yet calculatedCVE-2023-39050
MISC
MISC
dell — powerscale_onefsDell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.2023-11-02not yet calculatedCVE-2023-43076
MISC
dell — powerscale_onefsDell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.2023-11-02not yet calculatedCVE-2023-43087
MISC
demonisblack –demon_image_annotationImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Demonisblack demon image annotation allows SQL Injection. This issue affects demon image annotation: from n/a through 5.1.2023-11-04not yet calculatedCVE-2023-40215
MISC
devolutions — devolutions_server
 
Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.2023-11-01not yet calculatedCVE-2023-5358
MISC
devolutions — remote_desktop_manager
 
Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.2023-11-01not yet calculatedCVE-2023-5765
MISC
devolutions — remote_desktop_manager
 
A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.2023-11-01not yet calculatedCVE-2023-5766
MISC
django — django
 
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.2023-11-03not yet calculatedCVE-2023-41164
CONFIRM
MISC
MISC
FEDORA
django — django
 
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.2023-11-03not yet calculatedCVE-2023-43665
CONFIRM
MISC
MISC
FEDORA
django — django
 
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.2023-11-02not yet calculatedCVE-2023-46695
MISC
MISC
CONFIRM
dm_service — dm_serviceIn dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42644
MISC
dm_service — dm_serviceIn dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42654
MISC
dmpop_mejiro_commit — dmpop_mejiro_commitReflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images.2023-11-01not yet calculatedCVE-2023-46448
MISC
MISC
dolibarr — dolibarr
 
Cross-site Scripting (XSS) – Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5.2023-10-30not yet calculatedCVE-2023-5842
MISC
MISC
dolibarr — erp_crmImproper input validation in Dolibarr ERP CRM <= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.2023-11-01not yet calculatedCVE-2023-4197
MISC
MISC
dolibarr — erp_crmImproper Access Control in Dolibarr ERP CRM <= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data2023-11-01not yet calculatedCVE-2023-4198
MISC
MISC
douhaocms — douhaocmsCross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file.2023-10-30not yet calculatedCVE-2023-42323
MISC
dromara — lamp-cloud
 
Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.2023-11-02not yet calculatedCVE-2023-31579
MISC
MISC
eclipse_foundation — glassfish
 
In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.2023-11-03not yet calculatedCVE-2023-5763
MISC
MISC
eclipse_foundation — parsson
 
In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.2023-11-03not yet calculatedCVE-2023-4043
MISC
MISC
elenos — etg150_fm_transmitter
 
An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted.2023-10-31not yet calculatedCVE-2023-37831
MISC
elenos — etg150_fm_transmitter
 
A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts.2023-10-31not yet calculatedCVE-2023-37832
MISC
elenos — etg150_fm_transmitter
 
Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users.2023-10-31not yet calculatedCVE-2023-37833
MISC
elenos — etg150_fm_transmitter
 
Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out.2023-10-31not yet calculatedCVE-2023-39695
MISC
engineermode — engineermodeIn engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42648
MISC
engineermode — engineermodeIn engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42649
MISC
engineermode — engineermodeIn engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42650
MISC
engineermode — engineermodeIn engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42651
MISC
engineermode — engineermodeIn engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42652
MISC
exfatprogs — exfatprogsexfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set.2023-10-28not yet calculatedCVE-2023-45897
MISC
MISC
MISC
MISC
MISC
faceid_service — faceid_serviceIn faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges2023-11-01not yet calculatedCVE-2023-42653
MISC
fireflow — fireflowNet-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks.2023-11-02not yet calculatedCVE-2023-46595
MISC
flyte — flyteadminFlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Prior to version 1.1.124, list endpoints on FlyteAdmin have a SQL vulnerability where a malicious user can send a REST request with custom SQL statements as list filters. The attacker needs to have access to the FlyteAdmin installation, typically either behind a VPN or authentication. Version 1.1.124 contains a patch for this issue.2023-10-30not yet calculatedCVE-2023-41891
MISC
MISC
MISC
fog — fog
 
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10.15, due to a lack of request sanitization in the logs, a malicious request containing XSS would be stored in a log file. When an administrator of the FOG server logged in and viewed the logs, they would be parsed as HTML and displayed accordingly. Version 1.5.10.15 contains a patch. As a workaround, view logs from an external text editor rather than the dashboard.2023-10-31not yet calculatedCVE-2023-46235
MISC
MISC
fog — fog
 
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery (SSRF) vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote access to files visible to the Apache user group. Other impacts vary based on server configuration. Version 1.5.10 contains a patch.2023-10-31not yet calculatedCVE-2023-46236
MISC
MISC
fog — fog
 
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, an endpoint intended to offer limited enumeration abilities to authenticated users was accessible to unauthenticated users. This enabled unauthenticated users to discover files and their respective paths that were visible to the Apache user group. Version 1.5.10 contains a patch for this issue.2023-10-31not yet calculatedCVE-2023-46237
MISC
MISC
foodcoopshop — foodcoopshopFoodCoopShop is open source software for food coops and local shops. Versions prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability.2023-11-02not yet calculatedCVE-2023-46725
MISC
MISC
MISC
MISC
franfinance — franfinance
 
An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components.2023-10-31not yet calculatedCVE-2023-43139
MISC
franklin_fueling_system — ts-550
 
Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.2023-11-02not yet calculatedCVE-2023-5846
MISC
frigate — frigateFrigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the `config/save` and `config/set` endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server (e.g. via “drive-by” attack). Exploiting this vulnerability requires the attacker to both know very specific information about a user’s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could be exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user’s Frigate instance; attacker crafts a specialized page which links to the user’s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. This issue can lead to arbitrary configuration updates for the Frigate server, resulting in denial of service and possible data exfiltration. Version 0.13.0 Beta 3 contains a patch.2023-10-30not yet calculatedCVE-2023-45670
MISC
MISC
MISC
MISC
MISC
frigate — frigateFrigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/<camera_name>` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user’s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could be exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user’s Frigate instance; attacker crafts a specialized page which links to the user’s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.2023-10-30not yet calculatedCVE-2023-45671
MISC
frigate — frigateFrigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at `/config` or through a direct call to `/api/config/save`. Exploiting this vulnerability requires the attacker to both know very specific information about a user’s Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could be exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user’s Frigate instance; attacker crafts a specialized page which links to the user’s Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. Input is initially accepted through `http.py`. The user-provided input is then parsed and loaded by `load_config_with_no_duplicates`. However, `load_config_with_no_duplicates` does not sanitize this input by merit of using `yaml.loader.Loader` which can instantiate custom constructors. A provided payload will be executed directly at `frigate/util/builtin.py:110`. This issue may lead to pre-authenticated Remote Code Execution. Version 0.13.0 Beta 3 contains a patch.2023-10-30not yet calculatedCVE-2023-45672
MISC
MISC
MISC
MISC
frrouting_frr — frrouting_frrAn issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).2023-11-03not yet calculatedCVE-2023-47234
MISC
frrouting_frr — frrouting_frrAn issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.2023-11-03not yet calculatedCVE-2023-47235
MISC
fujifilm_business_inovation_corp. — apeos_c3070_asia_pacific_model
 
Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].2023-11-02not yet calculatedCVE-2023-46327
MISC
MISC
MISC
galaxy_software_services_corporation — vitals_espGalaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service.2023-11-03not yet calculatedCVE-2023-41357
MISC
gawk — gawk
 
A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.2023-11-02not yet calculatedCVE-2023-3164
MISC
MISC
getsimplecms — getsimplecms
 
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the components.php function.2023-10-31not yet calculatedCVE-2023-46040
MISC
glpi — glpiGLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP files can then be executed through a web server request. Version 10.0.10 fixes this issue. As a workaround, remove write access on `/ajax` and `/front` files to the web server.2023-11-02not yet calculatedCVE-2023-42802
MISC
MISC
gnss_service — gnss_serviceIn gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2023-11-01not yet calculatedCVE-2023-42750
MISC
google — androidIn Bluetooth, there is a possible way for a paired Bluetooth device to access a long-term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.2023-10-30not yet calculatedCVE-2023-21307
MISC
google — androidIn collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-40101
MISC
google — androidKernelSU is a Kernel based root solution for Android. Starting in version 0.6.1 and prior to version 0.7.0, if a KernelSU installed device is infected with a malware whose app signing block specially constructed, it can take over root privileges on the device. The vulnerable verification logic actually obtains the signature of the last block with an id of `0x7109871a`, while the verification logic during Android installation is to obtain the first one. In addition to the actual signature upgrade that has been fixed (KSU thought it was V2 but was actually V3), there is also the problem of actual signature downgrading (KSU thought it was V2 but was actually V1). Find a condition in the signature verification logic that will cause the signature not to be found error, and KernelSU does not implement the same conditions, so KSU thinks there is a V2 signature, but the APK signature verification actually uses the V1 signature. This issue is fixed in version 0.7.0. As workarounds, keep the KernelSU manager installed and avoid installing unknown apps.2023-10-31not yet calculatedCVE-2023-46139
MISC
MISC
MISC
MISC
MISC
MISC
MISC
google — android
 
In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2022-20264
MISC
google — android
 
In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21293
MISC
google — android
 
In SliceManagerService, there is a possible way to check if a content provider is installed due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21295
MISC
google — android
 
In Permission, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2023-10-30not yet calculatedCVE-2023-21296
MISC
google — android
 
In SEPolicy, there is a possible way to access the factory MAC address due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21297
MISC
google — android
 
In Slice, there is a possible disclosure of installed applications due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21298
MISC
google — android
 
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21299
MISC
google — android
 
In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21300
MISC
google — android
 
In ActivityManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21301
MISC
google — android
 
In Package Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21302
MISC
google — android
 
In Content, here is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21303
MISC
google — android
 
In Content Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21304
MISC
google — android
 
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21305
MISC
google — android
 
In ContentService, there is a possible way to read installed sync content providers due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21306
MISC
google — android
 
In Composer, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21308
MISC
google — android
 
In libcore, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21309
MISC
google — android
 
In Bluetooth, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21310
MISC
google — android
 
In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21311
MISC
google — android
 
In IntentResolver, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21312
MISC
google — android
 
In Core, there is a possible way to forward calls without user knowledge due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21313
MISC
google — android
 
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21314
MISC
google — android
 
In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21315
MISC
google — android
 
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21316
MISC
google — android
 
In ContentService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21317
MISC
google — android
 
In Content, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21318
MISC
google — android
 
In UsageStatsService, there is a possible way to read installed 3rd party apps due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21319
MISC
google — android
 
In Device Policy, there is a possible way to verify if a particular admin app is registered on the device due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21320
MISC
google — android
 
In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21321
MISC
google — android
 
In Activity Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21323
MISC
google — android
 
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21324
MISC
google — android
 
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21325
MISC
google — android
 
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21326
MISC
google — android
 
In Permission Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21327
MISC
google — android
 
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21328
MISC
google — android
 
In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21329
MISC
google — android
 
In Overlay Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21330
MISC
google — android
 
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21331
MISC
google — android
 
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21332
MISC
google — android
 
In Text Services, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21333
MISC
google — android
 
In App Ops Service, there is a possible disclosure of information about installed packages due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21334
MISC
google — android
 
In Settings, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21335
MISC
google — android
 
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21336
MISC
google — android
 
In InputMethod, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21337
MISC
google — android
 
In Input Method, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21338
MISC
google — android
 
In Minikin, there is a possible way to trigger ANR by showing a malicious message due to resource exhaustion. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21339
MISC
google — android
 
In Telecomm, there is a possible way to get the call state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21340
MISC
google — android
 
In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21341
MISC
google — android
 
In Speech, there is a possible way to bypass background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21342
MISC
google — android
 
In ActivityStarter, there is a possible background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21343
MISC
google — android
 
In Job Scheduler, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21344
MISC
google — android
 
In User Backup Manager, there is a possible way to leak a token to bypass user confirmation for backup due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21387
MISC
google — android
 
In Settings, there is a possible restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21388
MISC
google — android
 
In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21389
MISC
google — android
 
In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21390
MISC
google — android
 
In Messaging, there is a possible way to disable the messaging application due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21391
MISC
google — android
 
In Bluetooth, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege when connecting to a Bluetooth device with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21392
MISC
google — android
 
In Settings, there is a possible way for the user to change SIM due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21393
MISC
google — android
 
In Activity Manager, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21396
MISC
google — android
 
In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21397
MISC
google — android
 
In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-30not yet calculatedCVE-2023-21398
MISC
google — chrome
 
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)2023-11-01not yet calculatedCVE-2023-5480
MISC
MISC
MISC
google — chrome
 
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)2023-11-01not yet calculatedCVE-2023-5482
MISC
MISC
MISC
google — chrome
 
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-11-01not yet calculatedCVE-2023-5849
MISC
MISC
MISC
google — chrome
 
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)2023-11-01not yet calculatedCVE-2023-5850
MISC
MISC
MISC
google — chrome
 
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)2023-11-01not yet calculatedCVE-2023-5851
MISC
MISC
MISC
google — chrome
 
Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)2023-11-01not yet calculatedCVE-2023-5852
MISC
MISC
MISC
google — chrome
 
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)2023-11-01not yet calculatedCVE-2023-5853
MISC
MISC
MISC
google — chrome
 
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)2023-11-01not yet calculatedCVE-2023-5854
MISC
MISC
MISC
google — chrome
 
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)2023-11-01not yet calculatedCVE-2023-5855
MISC
MISC
MISC
google — chrome
 
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2023-11-01not yet calculatedCVE-2023-5856
MISC
MISC
MISC
google — chrome
 
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)2023-11-01not yet calculatedCVE-2023-5857
MISC
MISC
MISC
google — chrome
 
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)2023-11-01not yet calculatedCVE-2023-5858
MISC
MISC
MISC
google — chrome
 
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)2023-11-01not yet calculatedCVE-2023-5859
MISC
MISC
MISC
govee — led_stripAn issue discovered in Govee LED Strip v3.00.42 allows attackers to cause a denial of service via crafted Move and MoveWithOnoff commands.2023-10-30not yet calculatedCVE-2023-45956
MISC
gpac — gpac
 
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.2023-11-01not yet calculatedCVE-2023-46927
MISC
MISC
gpac — gpac
 
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.2023-11-01not yet calculatedCVE-2023-46928
MISC
MISC
gpac — gpac
 
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.2023-11-01not yet calculatedCVE-2023-46930
MISC
MISC
gpac — gpac
 
GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.2023-11-01not yet calculatedCVE-2023-46931
MISC
MISC
groundhogg_inc. — groundhogg
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.2023-11-03not yet calculatedCVE-2023-34179
MISC
gyouza-newhushimi — gyouza-newhushimiAn information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages.2023-11-02not yet calculatedCVE-2023-39042
MISC
MISC
hadsky — hadskyAn arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file.2023-11-01not yet calculatedCVE-2023-46428
MISC
hattoriya — hattoriyaAn information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages.2023-11-02not yet calculatedCVE-2023-39053
MISC
MISC
hirochankakiwaiting — hirochankakiwaitingAn information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages.2023-11-02not yet calculatedCVE-2023-39057
MISC
MISC
hitachi_energy — esomsThe responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications.2023-11-01not yet calculatedCVE-2023-5515
MISC
hitachi_energy — esomsPoorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities.2023-11-01not yet calculatedCVE-2023-5516
MISC
hitachi_energy — mach_system_software
 
The McFeeder server (distributed as part of SSW package), is susceptible to an arbitrary file write vulnerability on the MAIN computer system. This vulnerability stems from the use of an outdated version of a third-party library, which is used to extract archives uploaded to McFeeder server. An authenticated malicious client can exploit this vulnerability by uploading a crafted ZIP archive via the network to McFeeder’s service endpoint.2023-11-01not yet calculatedCVE-2023-2621
MISC
hitachi_energy — mach_system_software
 
Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read.2023-11-01not yet calculatedCVE-2023-2622
MISC
hitachi_energy — esoms_report_generationThe response messages received from the eSOMS report generation using certain parameter queries with full file path can be abused for enumerating the local file system structure.2023-11-01not yet calculatedCVE-2023-5514
MISC
hp_inc. — hp_pc_hardware_diagnostics_windows
 
Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege.2023-10-31not yet calculatedCVE-2023-5739
MISC
ibm — content_navigator
 
IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247.2023-11-03not yet calculatedCVE-2023-35896
MISC
MISC
ibm — i
 
Management Central as part of IBM i 7.2, 7.3, 7.4, and 7.5 Navigator contains a local privilege escalation vulnerability. A malicious actor with command line access to the operating system can exploit this vulnerability to elevate privileges to gain root access to the operating system. IBM X-Force ID: 264116.2023-10-29not yet calculatedCVE-2023-40685
MISC
MISC
ibm — mq_applianceIBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535.2023-11-03not yet calculatedCVE-2023-46176
MISC
MISC
ibm — multiple_productsIBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163.2023-11-03not yet calculatedCVE-2023-43018
MISC
MISC
ibm — robotic_process_automationA vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.2023-11-03not yet calculatedCVE-2023-45189
MISC
MISC
ibm — multiple_productsIBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.2023-11-03not yet calculatedCVE-2023-42027
MISC
MISC
MISC
ibm — multiple_productsIBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059.2023-11-03not yet calculatedCVE-2023-42029
MISC
MISC
MISC
idnovate_superuser — idnovate_superuserAn issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call.2023-10-31not yet calculatedCVE-2023-45899
MISC
ifaa_service — ifaa_serviceIn Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42646
MISC
ifaa_service — ifaa_serviceIn Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42647
MISC
inkdrop — inkdropInkdrop prior to v5.6.0 allows a local attacker to conduct a code injection attack by having a legitimate user open a specially crafted markdown file.2023-10-30not yet calculatedCVE-2023-44141
MISC
MISC
MISC
insights-client — insights-clientA vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).2023-11-01not yet calculatedCVE-2023-3972
MISC
MISC
MISC
MISC
MISC
MISC
MISC
insyde — insydeh2oA stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.2023-11-01not yet calculatedCVE-2023-39281
MISC
MISC
insyde –insydeh2oAn SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.2023-11-02not yet calculatedCVE-2023-39283
MISC
MISC
insyde — insydeh20
 
An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.2023-11-02not yet calculatedCVE-2023-39284
MISC
MISC
inure — inure
 
Missing Authorization in GitHub repository hamza417/inure prior to Build95.2023-10-31not yet calculatedCVE-2023-5862
MISC
MISC
ivanti — automation
 
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.2023-11-03not yet calculatedCVE-2022-44569
MISC
ivanti — avalanceIvanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability2023-11-03not yet calculatedCVE-2023-41725
MISC
ivanti — avalanche
 
Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability2023-11-03not yet calculatedCVE-2022-43554
MISC
ivanti — avalanche
 
Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability2023-11-03not yet calculatedCVE-2022-43555
MISC
ivanti –avalanceIvanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability2023-11-03not yet calculatedCVE-2023-41726
MISC
jhipster — jhipster
 
JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters.2023-10-31not yet calculatedCVE-2015-20110
MISC
MISC
MISC
MISC
jspxcms — jspxcmsThere is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.2023-11-01not yet calculatedCVE-2023-46911
MISC
jumpserver — jumpserver
 
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is `admin[@]mycompany[.]com`, and users reset their passwords by sending an email. Currently, the domain `mycompany.com` has not been registered. However, if it is registered in the future, it may affect the password reset functionality. This issue has been patched in version 3.8.0 by changing the default email domain to `example.com`. Those who cannot upgrade may change the default email domain to `example.com` manually.2023-10-31not yet calculatedCVE-2023-46138
MISC
MISC
kerawen — kerawen
 
kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().2023-11-04not yet calculatedCVE-2023-40922
MISC
kimai — kimaiKimai is a web-based multi-user time-tracking application. Versions 2.1.0 and prior are vulnerable to a Server-Side Template Injection (SSTI) which can be escalated to Remote Code Execution (RCE). The vulnerability arises when a malicious user uploads a specially crafted Twig file, exploiting the software’s PDF and HTML rendering functionalities. As of time of publication, no patches or known workarounds are available.2023-10-31not yet calculatedCVE-2023-46245
MISC
kubernetes — csi-proxy
 
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy.2023-11-03not yet calculatedCVE-2023-3893
MISC
MISC
kubernetes — kube-apiserver
 
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client’s API server credentials to third parties.2023-11-03not yet calculatedCVE-2022-3172
MISC
MISC
kubernetes — kubelet
 
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.2023-10-31not yet calculatedCVE-2023-3676
MISC
MISC
kubernetes — kubelet
 
A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.2023-10-31not yet calculatedCVE-2023-3955
MISC
MISC
kubernetes — kubernetes
 
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.2023-10-30not yet calculatedCVE-2021-25736
MISC
MISC
kyocera — taskalfa
 
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.2023-11-03not yet calculatedCVE-2023-34259
MISC
MISC
kyocera — taskalfa
 
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.2023-11-03not yet calculatedCVE-2023-34260
MISC
MISC
kyocera — taskalfa
 
Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a “nicht einloggen” error rather than a falsch error.2023-11-03not yet calculatedCVE-2023-34261
MISC
MISC
learndash — learndash_lms
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in LearnDash LearnDash LMS allows SQL Injection. This issue affects LearnDash LMS: from n/a through 4.5.3.2023-10-31not yet calculatedCVE-2023-28777
MISC
lenovo — thinkpad_bios
 
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.2023-10-30not yet calculatedCVE-2022-4574
MISC
lenovo — thinkpad_bios
 
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of some ThinkPad models could allow an attacker with physical or local access and elevated privileges the ability to bypass Secure Boot.2023-10-30not yet calculatedCVE-2022-4575
MISC
line_corporation — line_for_android
 
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.2023-10-31not yet calculatedCVE-2015-0897
MISC
MISC
line_corporation — line_for_android
 
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.2023-10-31not yet calculatedCVE-2015-2968
MISC
MISC
linux — kernel
 
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.2023-11-01not yet calculatedCVE-2023-1192
MISC
MISC
MISC
linux — kernel
 
A use-after-free flaw was found in the Linux kernel’s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.2023-11-03not yet calculatedCVE-2023-1476
MISC
MISC
MISC
MISC
linux — kernel
 
A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.2023-11-01not yet calculatedCVE-2023-3397
MISC
MISC
MISC
linux — kernel
 
An issue was discovered in the Linux kernel through 6.5.9. During a race with SQ thread exit, an io_uring/fdinfo.c io_uring_show_fdinfo NULL pointer dereference can occur.2023-10-29not yet calculatedCVE-2023-46862
MISC
MISC
linux — kernel
 
The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this “could be exploited in a real-world scenario.” This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.2023-11-03not yet calculatedCVE-2023-47233
MISC
MISC
MISC
linux — kernel
 
A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.2023-11-01not yet calculatedCVE-2023-5178
MISC
MISC
MISC
liquidfiles — liquidfilesHTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.2023-10-30not yet calculatedCVE-2023-4393
MISC
lissy93_dashy — lissy93_dashyA vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability.2023-11-02not yet calculatedCVE-2023-5916
MISC
MISC
MISC
MISC
lmxcms — lmxcms
 
An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.2023-11-02not yet calculatedCVE-2023-46958
MISC
MISC
MISC
lost_and_found_information_system — lost_and_found_information_system
 
Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.2023-11-03not yet calculatedCVE-2023-38965
MISC
MISC
loytec — multiple_productsLOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP.2023-11-04not yet calculatedCVE-2023-46380
MISC
loytec — multiple_productsLOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.2023-11-04not yet calculatedCVE-2023-46381
MISC
loytec — multiple_productsLOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.2023-11-04not yet calculatedCVE-2023-46382
MISC
lte-pic32-writer — lte-pic32-writer
 
lte-pic32-writer is a writer for PIC32 devices. In versions 0.0.1 and prior, those who use `sendto.txt` are vulnerable to attackers who known the IMEI reading the sendto.txt. The sendto.txt file can contain the SNS(such as slack and zulip) URL and API key. As of time of publication, a patch is not yet available. As workarounds, avoid using `sendto.txt` or use `.htaccess` to block access to `sendto.txt`.2023-10-31not yet calculatedCVE-2023-46723
MISC
manageengine — desktop_centralA CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.2023-11-03not yet calculatedCVE-2023-4767
MISC
manageengine — desktop_centralA CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.2023-11-03not yet calculatedCVE-2023-4768
MISC
manageengine — desktop_centralA SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.2023-11-03not yet calculatedCVE-2023-4769
MISC
mattermost — mattermost
 
Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server2023-11-02not yet calculatedCVE-2023-5875
MISC
mattermost — mattermost
 
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial-Of-Service.2023-11-02not yet calculatedCVE-2023-5876
MISC
mattermost — mattermost
 
Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.2023-11-02not yet calculatedCVE-2023-5920
MISC
mb_support — openviva
 
A stored XSS in the process overview (bersicht zugewiesener Vorgaenge) in mbsupport openVIVA c2 20220101 allows a remote, authenticated, low-privileged attacker to execute arbitrary code in the victim’s browser via name field of a process.2023-10-30not yet calculatedCVE-2022-39172
MISC
mediawiki — mediawikiAn issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.2023-11-03not yet calculatedCVE-2023-45360
MISC
mediawiki — mediawikiAn issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka “X intermediate revisions by the same user not shown”) ignores username suppression. This is an information leak.2023-11-03not yet calculatedCVE-2023-45362
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2023-11-03not yet calculatedCVE-2023-36022
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability2023-11-03not yet calculatedCVE-2023-36029
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability2023-11-03not yet calculatedCVE-2023-36034
MISC
microweber — microweber
 
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 2.0.2023-10-31not yet calculatedCVE-2023-5861
MISC
MISC
mincal — mincalAn issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter.2023-10-30not yet calculatedCVE-2023-46478
MISC
minicms — minicmsStored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php.2023-10-31not yet calculatedCVE-2023-46378
MISC
mintplex-labs — anything-llm
 
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.2023-10-30not yet calculatedCVE-2023-5832
MISC
MISC
mintplex-labs — anything-llm
 
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.2023-10-30not yet calculatedCVE-2023-5833
MISC
MISC
mlsoft — tco!streamIn MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. This allows an attacker to make the victim download and execute arbitrary files.2023-10-30not yet calculatedCVE-2023-45799
MISC
moxa — multiple_products
 
A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.2023-11-01not yet calculatedCVE-2023-4452
MISC
moxa — nport_6000_series
 
A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.2023-11-01not yet calculatedCVE-2023-5627
MISC
moxa — pt-g503_series
 
A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.2023-11-02not yet calculatedCVE-2023-4217
MISC
moxa — pt-g503_series
 
A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.2023-11-02not yet calculatedCVE-2023-5035
MISC
mupdf — mupdf
 
MuPDF v1.21.1 was discovered to contain an infinite recursion in the component pdf_mark_list_push. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.2023-10-31not yet calculatedCVE-2023-31794
MISC
MISC
MISC
nanoleaf — light_stripAn issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands.2023-10-31not yet calculatedCVE-2023-45955
MISC
nats — nats-serverNATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. An implicit $G user in an authorization block can sometimes be used for unauthenticated access, even when the intention of the configuration was for each user to have an account. The earliest affected version is 2.2.0.2023-10-30not yet calculatedCVE-2023-47090
MISC
MISC
MLIST
ncsist_manageengine — mobile_device_managerNCSIST ManageEngine Mobile Device Manager (MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.2023-11-03not yet calculatedCVE-2023-41356
MISC
ncsist_manageengine — mobile_device_manager
 
NCSIST ManageEngine Mobile Device Manager (MDM) APP’s special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.2023-11-03not yet calculatedCVE-2023-41344
MISC
netmove_corporation — saat_netizen_installer
 
Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being downloaded and executed.2023-10-31not yet calculatedCVE-2016-1203
MISC
MISC
nvidia — multiple_products
 
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.2023-11-02not yet calculatedCVE-2023-31016
MISC
nvidia — multiple_products
 
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.2023-11-02not yet calculatedCVE-2023-31017
MISC
nvidia — multiple_products
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client’s secure context.2023-11-02not yet calculatedCVE-2023-31019
MISC
nvidia — multiple_products
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.2023-11-02not yet calculatedCVE-2023-31020
MISC
nvidia — multiple_products
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.2023-11-02not yet calculatedCVE-2023-31022
MISC
nvidia — multiple_products
 
NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.2023-11-02not yet calculatedCVE-2023-31023
MISC
nvidia — multiple_products
 
NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.2023-11-02not yet calculatedCVE-2023-31027
MISC
nvidia — vgpu_driver_and_cloud_gaming_driver
 
NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.2023-11-02not yet calculatedCVE-2023-31018
MISC
nvidia — vgpu_driver_and_cloud_gaming_driver
 
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.2023-11-02not yet calculatedCVE-2023-31021
MISC
nvidia — vgpu_driver_and_cloud_gaming_driver
 
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.2023-11-02not yet calculatedCVE-2023-31026
MISC
opencrx — opencrxAn issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request.2023-10-30not yet calculatedCVE-2023-46502
MISC
MISC
openeuler — isulad
 
iSulad uses the lcr+lxc runtime (default) to run malicious images, which can cause DOS.2023-10-29not yet calculatedCVE-2021-33634
MISC
MISC
MISC
openeuler — isulad
 
When malicious images are pulled by isula pull, attackers can execute arbitrary code.2023-10-29not yet calculatedCVE-2021-33635
MISC
MISC
MISC
openeuler — isulad
 
When the isula load command is used to load malicious images, attackers can execute arbitrary code.2023-10-29not yet calculatedCVE-2021-33636
MISC
MISC
MISC
openeuler — isulad
 
When the isula export command is used to export a container to an image and the container is controlled by an attacker, the attacker can escape the container.2023-10-29not yet calculatedCVE-2021-33637
MISC
MISC
MISC
openeuler — isulad
 
When the isula cp command is used to copy files from a container to a host machine and the container is controlled by an attacker, the attacker can escape the container.2023-10-29not yet calculatedCVE-2021-33638
MISC
MISC
MISC
openimageio_oiio — openimageio_oiioBuffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.2023-11-02not yet calculatedCVE-2023-42299
MISC
opentext — service_management_automation_x
 
Potential open redirect vulnerability in opentext Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11 and opentext Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. The vulnerability could allow attackers to redirect a user to malicious websites.2023-10-30not yet calculatedCVE-2023-4964
MISC
ox_software_gmbh — ox_app_suite
 
Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-26452
MISC
MISC
ox_software_gmbh — ox_app_suite
 
Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-26453
MISC
MISC
ox_software_gmbh — ox_app_suite
 
Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-26454
MISC
MISC
ox_software_gmbh — ox_app_suite
 
RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-26455
MISC
MISC
ox_software_gmbh — ox_app_suite
 
Users were able to set an arbitrary “product name” for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-26456
MISC
MISC
ox_software_gmbh — ox_app_suite
 
Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-29043
MISC
MISC
ox_software_gmbh — ox_app_suite
 
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-29044
MISC
MISC
ox_software_gmbh — ox_app_suite
 
Documents operations, in this case “drawing”, could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-29045
MISC
MISC
ox_software_gmbh — ox_app_suite
 
Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result, users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-29046
MISC
MISC
ox_software_gmbh — ox_app_suite
 
Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.2023-11-02not yet calculatedCVE-2023-29047
MISC
MISC
pcrs — pcrsPCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.2023-11-03not yet calculatedCVE-2023-46404
MISC
MISC
peppermint_ticket_management — peppermint_ticket_managementPeppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request.2023-10-30not yet calculatedCVE-2023-46863
MISC
peppermint_ticket_management — peppermint_ticket_managementPeppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request.2023-10-30not yet calculatedCVE-2023-46864
MISC
php — php
 
A vulnerability was found in PHP when setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.2023-11-02not yet calculatedCVE-2022-4900
MISC
MISC
phpbb — phpbbA vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.2023-11-02not yet calculatedCVE-2023-5917
MISC
MISC
MISC
MISC
MISC
MISC
phpfox — phpfoxAn issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.2023-11-03not yet calculatedCVE-2023-46817
MISC
MISC
MISC
MISC
MISC
phpmyfaq — phpmyfaqInsufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2.2023-10-31not yet calculatedCVE-2023-5865
MISC
MISC
phpmyfaq — phpmyfaq
 
Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2.2023-10-31not yet calculatedCVE-2023-5863
MISC
MISC
phpmyfaq — phpmyfaq
 
Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1.2023-10-31not yet calculatedCVE-2023-5864
MISC
MISC
phpmyfaq — phpmyfaq
 
Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1.2023-10-31not yet calculatedCVE-2023-5866
MISC
MISC
phpmyfaq — phpmyfaq
 
Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2.2023-10-31not yet calculatedCVE-2023-5867
MISC
MISC
pillow — pillowAn issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.2023-11-03not yet calculatedCVE-2023-44271
MISC
MISC
MISC
pimcore — pimcore
 
The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Prior to version 1.2.0, a cross-site scripting vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 1.2.0 to receive a patch or, as a workaround, apply the patch manually.2023-10-31not yet calculatedCVE-2023-46722
MISC
MISC
MISC
pimcore — pimcore
 
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.2023-10-30not yet calculatedCVE-2023-5844
MISC
MISC
pimcore — pimcore
 
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 11.1.0.2023-10-31not yet calculatedCVE-2023-5873
MISC
MISC
pkp — pkp
 
Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-01not yet calculatedCVE-2023-5889
MISC
MISC
pkp — pkp
 
Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-01not yet calculatedCVE-2023-5890
MISC
MISC
pkp — pkp
 
Cross-site Scripting (XSS) – Reflected in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-01not yet calculatedCVE-2023-5891
MISC
MISC
pkp — pkp
 
Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-01not yet calculatedCVE-2023-5892
MISC
MISC
pkp — pkp
 
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-01not yet calculatedCVE-2023-5893
MISC
MISC
pkp — pkp
 
Cross-site Scripting (XSS) – Stored in GitHub repository pkp/ojs prior to 3.3.0-16.2023-11-01not yet calculatedCVE-2023-5894
MISC
MISC
pkp — pkp
 
Cross-site Scripting (XSS) – DOM in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-01not yet calculatedCVE-2023-5895
MISC
MISC
pkp — pkp
 
Cross-site Scripting (XSS) – Stored in GitHub repository pkp/pkp-lib prior to 3.4.0-4.2023-11-01not yet calculatedCVE-2023-5896
MISC
MISC
pkp — pkp
 
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/customLocale prior to 1.2.0-1.2023-11-01not yet calculatedCVE-2023-5897
MISC
MISC
pkp — pkp
 
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-01not yet calculatedCVE-2023-5898
MISC
MISC
pkp — pkp
 
Cross-Site Request Forgery (CSRF) in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-11-01not yet calculatedCVE-2023-5899
MISC
MISC
popojicms — popojicmsA vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects some unknown processing of the file install.php of the component Web Config. The manipulation of the argument Site Title with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-244229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-11-02not yet calculatedCVE-2023-5910
MISC
MISC
MISC
MISC
prestashop — prestashop
 
SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allows a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist, tvcmscategorychainslider, tvcmscategoryproduct, tvcmscategoryslider, tvcmspaymenticon, tvcmstestimonial components.2023-10-31not yet calculatedCVE-2023-27846
MISC
prestashop — prestashop
 
Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. OpartlimitquantityAlertlimitModuleFrontController::displayAjaxPushAlertMessage()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.2023-10-31not yet calculatedCVE-2023-36263
MISC
prestashop — prestashop
 
In the module “PrestaBlog” (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. The script ajax slider_positions.php has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.2023-10-31not yet calculatedCVE-2023-45378
MISC
prestashop — prestashop
 
In the module “Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module” (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.2023-11-02not yet calculatedCVE-2023-46352
MISC
MISC
prestashop — prestashop
 
In the module “CSV Feeds PRO” (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method `SearchApiCsv::getProducts()` has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection.2023-10-31not yet calculatedCVE-2023-46356
MISC
print_service — print_serviceIn Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.2023-10-30not yet calculatedCVE-2023-45780
MISC
px4-autopilot — px4-autopilotPX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of `parserbuf_index` value checking. A malfunction of the sensor device can cause a heap buffer overflow with leading unexpected drone behavior. Malicious applications can exploit the vulnerability even if device sensor malfunction does not occur. Up to the maximum value of an `unsigned int`, bytes sized data can be written to the heap memory area. As of time of publication, no fixed version is available.2023-10-31not yet calculatedCVE-2023-46256
MISC
MISC
pypdf — pypdfpypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.2023-10-31not yet calculatedCVE-2023-46250
MISC
MISC
MISC
python-eventlet — python-eventlet
 
A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.2023-11-01not yet calculatedCVE-2023-5625
MISC
MISC
MISC
qemu — qemu
 
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM’s boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.2023-11-03not yet calculatedCVE-2023-5088
MISC
MISC
MISC
qnap_systems_inc. — multimedia_console
 
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later2023-11-03not yet calculatedCVE-2023-23369
MISC
qnap_systems_inc. — music_station
 
A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later2023-11-03not yet calculatedCVE-2023-39299
MISC
qnap_systems_inc. — qts
 
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later2023-11-03not yet calculatedCVE-2023-23368
MISC
qnap_systems_inc. — qts
 
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later2023-11-03not yet calculatedCVE-2023-39301
MISC
quic-go — quic-go
 
quic-go is an implementation of the QUIC protocol in Go. Starting in version 0.37.0 and prior to version 0.37.3, by serializing an ACK frame after the CRYTPO that allows a node to complete the handshake, a remote node could trigger a nil pointer dereference (leading to a panic) when the node attempted to drop the Handshake packet number space. An attacker can bring down a quic-go node with very minimal effort. Completing the QUIC handshake only requires sending and receiving a few packets. Version 0.37.3 contains a patch. Versions before 0.37.0 are not affected.2023-10-31not yet calculatedCVE-2023-46239
MISC
MISC
MISC
ragic — no-code_database_builder
 
Rogic No-Code Database Builder’s file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.2023-11-03not yet calculatedCVE-2023-41343
MISC
red_hat — openshift
 
A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.2023-11-02not yet calculatedCVE-2023-5408
MISC
MISC
MISC
MISC
relativity_oda_llc — relativityoneSQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.2023-11-03not yet calculatedCVE-2023-46954
MISC
reportico — reportico
 
Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).2023-11-02not yet calculatedCVE-2023-46925
MISC
rsvpmaker — rsvpmakerImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.2023-11-03not yet calculatedCVE-2023-41652
MISC
ruby-magick — ruby-magick
 
A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.2023-10-30not yet calculatedCVE-2023-5349
MISC
MISC
MISC
MISC
samba — sambaA use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.2023-11-01not yet calculatedCVE-2023-1193
MISC
MISC
MISC
samba — samba
 
An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.2023-11-03not yet calculatedCVE-2023-1194
MISC
MISC
MISC
samba — samba
 
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.2023-11-03not yet calculatedCVE-2023-3961
MISC
MISC
MISC
MISC
MISC
MISC
samba — samba
 
A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module “acl_xattr” is configured with “acl_xattr:ignore system acls = yes”. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba’s permissions.2023-11-03not yet calculatedCVE-2023-4091
MISC
MISC
MISC
MISC
MISC
MISC
samba — samba
 
A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba’s RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation “classic DCs”) can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as “The procedure number is out of range” when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.2023-11-03not yet calculatedCVE-2023-42670
MISC
MISC
MISC
MISC
MISC
sangoma_technologies — freepbxSangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.2023-11-02not yet calculatedCVE-2023-43336
MISC
MISC
MISC
sap_se — sap_enable_now
 
In SAP Enable Now – versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.2023-10-30not yet calculatedCVE-2023-36920
MISC
MISC
schedmd_slurm — schedmd_slurmSchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.2023-11-03not yet calculatedCVE-2023-41914
MISC
CONFIRM
FEDORA
securepoint_ssl_vpn_client — securepoint_ssl_vpn_clientThe installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair.2023-10-30not yet calculatedCVE-2023-47101
MISC
MISC
senayan — multiple_productsSQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the reborrowLimit parameter in the member_type.php.2023-10-31not yet calculatedCVE-2023-45996
MISC
MISC
shouzu — sweets_ozAn information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages.2023-11-02not yet calculatedCVE-2023-39047
MISC
MISC
sim_service — sim_serviceIn sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42645
MISC
sim_service — sim_serviceIn sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed2023-11-01not yet calculatedCVE-2023-42655
MISC
six_apart — multiple_productsCross-site scripting vulnerability in Movable Type series allows a remote authenticated attacker to inject an arbitrary script. Affected products/versions are as follows: Movable Type 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5405 and earlier (Movable Type 7 Series), Movable Type Premium 1.58 and earlier, Movable Type Premium Advanced 1.58 and earlier, Movable Type Cloud Edition (Version 7) r.5405 and earlier, and Movable Type Premium Cloud Edition 1.58 and earlier.2023-10-30not yet calculatedCVE-2023-45746
MISC
MISC
solwin_infotech — user_activity_log
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection. This issue affects User Activity Log: from n/a through 1.6.2.2023-10-31not yet calculatedCVE-2023-37966
MISC
sourcecodester — company_website_cms
 
A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability.2023-11-02not yet calculatedCVE-2023-5919
MISC
MISC
MISC
sourcecodester — visitor_management_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244308.2023-11-02not yet calculatedCVE-2023-5918
MISC
MISC
MISC
sourcegraph — cody
 
Cody is an artificial intelligence (AI) coding assistant. The Cody AI VSCode extension versions 0.10.0 through 0.14.0 are vulnerable to Remote Code Execution under certain conditions. An attacker in control of a malicious repository could modify the Cody configuration file `.vscode/cody.json` and overwrite Cody commands. If a user with the extension installed opens this malicious repository and runs a Cody command such as /explain or /doc, this could allow arbitrary code execution on the user’s machine. The vulnerability is rated as critical severity, but with low exploitability. It requires the user to have a malicious repository loaded and execute the overwritten command in VS Code. The issue is exploitable regardless of the user blocking code execution on a repository through VS Code Workspace Trust. The issue was found during a regular 3rd party penetration test. The maintainers of Cody do not have evidence of open source repositories having malicious `.vscode/cody.json` files to exploit this vulnerability. The issue is fixed in version 0.14.1 of the Cody VSCode extension. In case users can’t promptly upgrade, they should not open any untrusted repositories with the Cody extension loaded.2023-10-31not yet calculatedCVE-2023-46248
MISC
MISC
spicedb — spicedbSpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Prior to version 1.27.0-rc1, when the provided datastore URI is malformed (e.g. by having a password which contains `:`) the full URI (including the provided password) is printed, so that the password is shown in the logs. Version 1.27.0-rc1 patches this issue.2023-10-31not yet calculatedCVE-2023-46255
MISC
MISC
squid — squid
 
Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `–with-openssl` are vulnerable to a Denial-of-Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid’s patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.2023-11-01not yet calculatedCVE-2023-46724
MISC
MISC
MISC
MISC
squid — squid
 
SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.2023-11-03not yet calculatedCVE-2023-46846
MISC
MISC
MISC
MISC
MISC
MISC
squid — squid
 
Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.2023-11-03not yet calculatedCVE-2023-46847
MISC
MISC
MISC
MISC
MISC
MISC
squid — squid
 
Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.2023-11-03not yet calculatedCVE-2023-46848
MISC
MISC
MISC
MISC
MISC
squid — squid
 
Squid is vulnerable to Denial-of-Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.2023-11-03not yet calculatedCVE-2023-5824
MISC
MISC
MISC
submitty — submitty
 
Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.2023-11-02not yet calculatedCVE-2023-43193
MISC
MISC
submitty — submitty
 
Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.2023-11-02not yet calculatedCVE-2023-43194
MISC
MISC
subrion — subrion
 
Subrion 4.2.1 has a remote command execution vulnerability in the backend.2023-11-03not yet calculatedCVE-2023-46947
MISC
swtpm — swtpm
 
In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.2023-11-03not yet calculatedCVE-2020-28407
MISC
CONFIRM
CONFIRM
synapse — synapseSynapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cached device information of remote users can be queried from Synapse. This can be used to enumerate the remote users known to a homeserver. System administrators are encouraged to upgrade to Synapse 1.95.1 or 1.96.0rc1 to receive a patch. As a workaround, the `federation_domain_whitelist` can be used to limit federation traffic with a homeserver.2023-10-31not yet calculatedCVE-2023-43796
MISC
MISC
teamamaze — amazefileutilitiesImproper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.2023-11-03not yet calculatedCVE-2023-5948
MISC
MISC
tenable — nessusUnder certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.2023-11-01not yet calculatedCVE-2023-5847
MISC
MISC
thorn_sftp_gateway — thorn_sftp_gatewayThorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.2023-10-31not yet calculatedCVE-2023-47174
MISC
tinyfiledialogs — tinyfiledialogs
 
tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data.2023-10-30not yet calculatedCVE-2020-36767
MISC
tinyfiledialogs — tinyfiledialogstinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. NOTE: this issue exists because of an incomplete fix for CVE-2020-36767, which only considered single and double quote characters.2023-10-30not yet calculatedCVE-2023-47104
MISC
MISC
tokudaya.ekimae_mc — tokudaya.ekimae_mcAn information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages.2023-11-02not yet calculatedCVE-2023-39054
MISC
MISC
tokudaya.honten — tokudaya.hontenAn information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.2023-11-02not yet calculatedCVE-2023-39048
MISC
MISC
totolink — totolinkAn issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function.2023-10-31not yet calculatedCVE-2023-46484
MISC
totolink — totolinkAn issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component.2023-10-31not yet calculatedCVE-2023-46485
MISC
totolink — totolinkTOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function.2023-10-31not yet calculatedCVE-2023-46976
MISC
totolink — totolinkTOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth.2023-10-31not yet calculatedCVE-2023-46977
MISC
totolink — totolinkTOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control. Attackers can reset login password & WIFI passwords without authentication.2023-10-31not yet calculatedCVE-2023-46978
MISC
totolink — totolinkTOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function.2023-10-31not yet calculatedCVE-2023-46979
MISC
totolink — totolinkTOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Attackers are able to reset several critical passwords without authentication by visiting specific pages.2023-10-31not yet calculatedCVE-2023-46992
MISC
totolink — totolinkIn TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection.2023-10-31not yet calculatedCVE-2023-46993
MISC
tp-link — tapo_c100
 
An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request.2023-10-31not yet calculatedCVE-2023-39610
MISC
transmute-core — transmute-coreUnsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.2023-11-02not yet calculatedCVE-2023-47204
MISC
MISC
turing_video — turing_edge+_evc5fdAn issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.2023-10-31not yet calculatedCVE-2023-42425
MISC
MISC
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_productsIn TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2023-11-01not yet calculatedCVE-2022-48457
MISC
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
 
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed2023-11-01not yet calculatedCVE-2022-48454
MISC
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
 
In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed2023-11-01not yet calculatedCVE-2022-48455
MISC
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
 
In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed2023-11-01not yet calculatedCVE-2022-48456
MISC
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
 
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2023-11-01not yet calculatedCVE-2022-48458
MISC
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
 
In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2023-11-01not yet calculatedCVE-2022-48459
MISC
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
 
In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed2023-11-01not yet calculatedCVE-2022-48460
MISC
unisoc_(shanghai)_technologies_co.,_ltd. — multiple_products
 
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2023-11-01not yet calculatedCVE-2022-48461
MISC
univention_ucs — univention_ucs
 
An issue in Univention UCS v.5.0 allows a local attacker to execute arbitrary code and gain privileges via the check_univention_joinstatus function.2023-10-31not yet calculatedCVE-2023-38994
MISC
MISC
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42631
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42632
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42633
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42634
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42635
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42636
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42637
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42638
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42639
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42640
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42641
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42642
MISC
validationtools — validationtoolsIn validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-11-01not yet calculatedCVE-2023-42643
MISC
vinchin_backup_&_recovery — vinchin_backup_&_recoveryVinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability.2023-10-27not yet calculatedCVE-2023-45498
MISC
FULLDISC
MISC
vinchin_backup_&_recovery — vinchin_backup_&_recoveryVinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials.2023-10-27not yet calculatedCVE-2023-45499
MISC
FULLDISC
MISC
virtualmin — virtualminA Stored Cross-Site Scripting (XSS) vulnerability in the Account Plans tab of System Settings in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Plan name field while editing Account plan details.2023-11-01not yet calculatedCVE-2023-47094
MISC
virtualmin — virtualminA Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields of Edit Virtual Server under System Customization in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Batch Label field while details of Virtual Server.2023-11-01not yet calculatedCVE-2023-47095
MISC
virtualmin — virtualminA Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin services master field.2023-11-01not yet calculatedCVE-2023-47096
MISC
virtualmin — virtualminA Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name field while creating server templates.2023-11-01not yet calculatedCVE-2023-47097
MISC
virtualmin — virtualminA Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real name or description field.2023-11-01not yet calculatedCVE-2023-47098
MISC
virtualmin — virtualminA Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the Virtual server.2023-11-01not yet calculatedCVE-2023-47099
MISC
vision_meat_works — track_diner_10/10mblAn information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages.2023-11-02not yet calculatedCVE-2023-39051
MISC
MISC
vmware — open-vm-tools
 
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.2023-10-27not yet calculatedCVE-2023-34059
MISC
MISC
MISC
MISC
MISC
vmware — tools
 
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .2023-10-27not yet calculatedCVE-2023-34058
MISC
MISC
MISC
MISC
vmware — workspace_one_uem_console
 
VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login as the victim user.2023-10-31not yet calculatedCVE-2023-20886
MISC
wordpress — wordpressImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeisle Multiple Page Generator Plugin – MPG multiple-pages-generator-by-porthas allows SQL Injection. This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.3.19.2023-10-31not yet calculatedCVE-2023-33927
MISC
wordpress — wordpress
 
A vulnerability, which was classified as critical, was found in almosteffortless secure-files Plugin up to 1.1 on WordPress. Affected is the function sf_downloads of the file secure-files.php. The manipulation of the argument downloadfile leads to path traversal. Upgrading to version 1.2 is able to address this issue. The name of the patch is cab025e5fc2bcdad8032d833ebc38e6bd2a13c92. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-243804.2023-10-29not yet calculatedCVE-2005-10002
MISC
MISC
MISC
wordpress — wordpress
 
A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-243803.2023-10-29not yet calculatedCVE-2007-10003
MISC
MISC
MISC
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection. This issue affects Paytm Payment Gateway: from n/a through 2.7.3.2023-11-03not yet calculatedCVE-2022-45805
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection. This issue affects ARMember: from n/a through 3.4.11.2023-11-03not yet calculatedCVE-2022-46808
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection. This issue affects Email posts to subscribers: from n/a through 6.2.2023-11-03not yet calculatedCVE-2022-46818
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection. This issue affects Spiffy Calendar: from n/a through 4.9.1.2023-11-03not yet calculatedCVE-2022-46859
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection. This issue affects Neshan Maps: from n/a through 1.1.4.2023-11-03not yet calculatedCVE-2022-47426
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection. This issue affects Be POPIA Compliant: from n/a through 1.2.0.2023-11-03not yet calculatedCVE-2022-47445
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection. This issue affects Simple Photo Gallery: from n/a through v1.8.1.2023-11-03not yet calculatedCVE-2022-47588
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in GamiPress gamipress allows SQL Injection.This issue affects GamiPress: from n/a through 2.5.7.2023-10-31not yet calculatedCVE-2023-24000
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Contact Form – WPManageNinja LLC Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms fluentform allows SQL Injection.This issue affects Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms: from n/a through 4.3.25.2023-10-31not yet calculatedCVE-2023-24410
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in David F. Carr RSVPMaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.2023-10-31not yet calculatedCVE-2023-25045
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 9.9.3.2023-10-31not yet calculatedCVE-2023-25047
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.2023-11-03not yet calculatedCVE-2023-25700
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.2023-11-03not yet calculatedCVE-2023-25800
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection. This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.2023-11-03not yet calculatedCVE-2023-25960
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themeum Tutor LMS allows SQL Injection. This issue affects Tutor LMS: from n/a through 2.1.10.2023-11-03not yet calculatedCVE-2023-25990
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection. This issue affects MapPress Maps for WordPress: from n/a through 2.85.4.2023-11-03not yet calculatedCVE-2023-26015
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in CRM Perks Database for Contact Form 7, WPforms, Elementor forms contact-form-entries allows SQL Injection.This issue affects Database for Contact Form 7, WPforms, Elementor forms: from n/a through 1.3.0.2023-10-31not yet calculatedCVE-2023-31212
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection. This issue affects Zero Spam for WordPress: from n/a through 5.4.4.2023-11-03not yet calculatedCVE-2023-32121
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection. This issue affects Order Your Posts Manually: from n/a through 2.2.5.2023-11-03not yet calculatedCVE-2023-32508
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection. This issue affects Contact Form to Any API: from n/a through 1.1.2.2023-11-04not yet calculatedCVE-2023-32741
MISC
wordpress — wordpress
 
The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user’s email address. We are disclosing this issue as the developer has not yet released a patch but continues to release updates and we escalated this issue to the plugin’s team 30 days ago.2023-11-03not yet calculatedCVE-2023-3277
MISC
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection. This issue affects WP Project Manager: from n/a through 2.6.0.2023-11-03not yet calculatedCVE-2023-34383
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in WooCommerce Product Vendors allows SQL Injection. This issue affects Product Vendors: from n/a through 2.1.78.2023-10-31not yet calculatedCVE-2023-35879
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Nucleus_genius Quasar form free – Contact Form Builder for WordPress allows SQL Injection. This issue affects Quasar form free – Contact Form Builder for WordPress: from n/a through 6.0.2023-11-04not yet calculatedCVE-2023-35910
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in BestWebSoft Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress contact-form-to-db allows SQL Injection. This issue affects Contact Form to DB by BestWebSoft – Messages Database Plugin For WordPress: from n/a through 1.7.1.2023-10-31not yet calculatedCVE-2023-36508
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Favethemes Houzez – Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez – Real Estate WordPress Theme: from n/a through 1.3.4.2023-11-03not yet calculatedCVE-2023-36529
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Smartypants SP Project & Document Manager allows SQL Injection. This issue affects SP Project & Document Manager: from n/a through 4.67.2023-11-03not yet calculatedCVE-2023-36677
MISC
wordpress — wordpress
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Themesgrove Onepage Builder allows SQL Injection. This issue affects Onepage Builder: from n/a through 2.4.1.2023-11-04not yet calculatedCVE-2023-38391
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11.10 versions.2023-10-31not yet calculatedCVE-2023-40681
MISC
wordpress — wordpress
 
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2023-10-31not yet calculatedCVE-2023-4250
MISC
wordpress — wordpress
 
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.2023-10-31not yet calculatedCVE-2023-4251
MISC
wordpress — wordpress
 
The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfiltered_html capability is disallowed (for example in a multisite setup).2023-10-31not yet calculatedCVE-2023-4390
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebCource WC Captcha plugin <= 1.4 versions.2023-10-31not yet calculatedCVE-2023-46210
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Zaytech Smart Online Order for Clover plugin <= 1.5.4 versions.2023-10-31not yet calculatedCVE-2023-46312
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Katie Seaborn Zotpress plugin <= 7.3.4 versions.2023-10-31not yet calculatedCVE-2023-46313
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.18.2 versions.2023-10-31not yet calculatedCVE-2023-46622
MISC
wordpress — wordpress
 
The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. This endpoint has no capability checks and does not sanitize the user input, which is then later output unescaped. Allowing any authenticated users, such as subscriber change them and perform Stored Cross-Site Scripting.2023-10-31not yet calculatedCVE-2023-4823
MISC
wordpress — wordpress
 
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs which can easily be brute forced2023-10-31not yet calculatedCVE-2023-4836
MISC
MISC
wordpress — wordpress
 
The Giveaways and Contests by RafflePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘rafflepress’ and ‘rafflepress_gutenberg’ shortcode in versions up to, and including, 1.12.0 due to insufficient input sanitization and output escaping on ‘giframe’ user supplied attribute. This makes it possible for authenticated attackers with contributor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-30not yet calculatedCVE-2023-5049
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘iframe’ shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-31not yet calculatedCVE-2023-5073
MISC
MISC
wordpress — wordpress
 
The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string “true”, which could lead to a variety of outcomes, including DoS.2023-10-31not yet calculatedCVE-2023-5098
MISC
wordpress — wordpress
 
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the ‘src’ attribute of the ‘csvsearch’ shortcode. This allows authenticated attackers, with contributor-level permissions and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.2023-10-31not yet calculatedCVE-2023-5099
MISC
MISC  
wordpress — wordpress
 
The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘idbbee’ shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-31not yet calculatedCVE-2023-5114
MISC
MISC
wordpress — wordpress
 
The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ipushpull_page’ shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-31not yet calculatedCVE-2023-5116
MISC
MISC
wordpress — wordpress
 
The Bellows Accordion Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-30not yet calculatedCVE-2023-5164
MISC
MISC
MISC
wordpress — wordpress
 
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the ‘php-to-page’ shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code on the server. While subscribers may need to poison log files or otherwise get a file installed in order to achieve remote code execution, author and above users can upload files by default and achieve remote code execution easily.2023-10-30not yet calculatedCVE-2023-5199
MISC
MISC
wordpress — wordpress
 
The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the ‘id’ parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability.2023-10-31not yet calculatedCVE-2023-5211
MISC
wordpress — wordpress
 
The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2023-10-31not yet calculatedCVE-2023-5229
MISC
wordpress — wordpress
 
The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.2023-10-31not yet calculatedCVE-2023-5237
MISC
MISC
wordpress — wordpress
 
The EventPrime WordPress plugin before 3.2.0 does not sanitize and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.2023-10-31not yet calculatedCVE-2023-5238
MISC
wordpress — wordpress
 
The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-10-31not yet calculatedCVE-2023-5243
MISC
wordpress — wordpress
 
The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.2 via a shortcode attribute. This allows subscriber-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files with arbitrary content can be uploaded and included. This is limited to .php files.2023-10-30not yet calculatedCVE-2023-5250
MISC
MISC
wordpress — wordpress
 
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the ‘grid_plus_save_layout_callback’ and ‘grid_plus_delete_callback’ functions in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with subscriber privileges or above, to add, update or delete grid layout.2023-10-30not yet calculatedCVE-2023-5251
MISC
MISC
MISC
wordpress — wordpress
 
The FareHarbor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-30not yet calculatedCVE-2023-5252
MISC
MISC
wordpress — wordpress
 
The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitize and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via certain headers.2023-10-31not yet calculatedCVE-2023-5307
MISC
MISC
wordpress — wordpress
 
The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-30not yet calculatedCVE-2023-5315
MISC
MISC
wordpress — wordpress
 
The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and achieve RCE.2023-10-31not yet calculatedCVE-2023-5360
MISC
wordpress — wordpress
 
The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘spice_post_slider’ shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-30not yet calculatedCVE-2023-5362
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 13.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5412
MISC
MISC
MISC
wordpress — wordpress
 
The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5428
MISC
MISC
MISC
wordpress — wordpress
 
The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5429
MISC
MISC
MISC
wordpress — wordpress
 
The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5430
MISC
MISC
MISC
wordpress — wordpress
 
The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5431
MISC
MISC
MISC
wordpress — wordpress
 
The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5433
MISC
MISC
MISC
wordpress — wordpress
 
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5434
MISC
MISC
MISC
wordpress — wordpress
 
The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5435
MISC
MISC
MISC
wordpress — wordpress
 
The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5436
MISC
MISC
MISC
wordpress — wordpress
 
The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5437
MISC
MISC
MISC
wordpress — wordpress
 
The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5438
MISC
MISC
MISC
wordpress — wordpress
 
The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5439
MISC
MISC
MISC
wordpress — wordpress
 
The CITS Support svg, webp Media and TTF, OTF File Upload WordPress plugin before 3.0 does not sanitize uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.2023-10-31not yet calculatedCVE-2023-5458
MISC
wordpress — wordpress
 
The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin’s shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-10-31not yet calculatedCVE-2023-5464
MISC
MISC
MISC
wordpress — wordpress
 
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.2023-10-31not yet calculatedCVE-2023-5519
MISC
wordpress — wordpress
 
The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the ‘wpsimplegallery_gallery’ post meta via ‘wpsgallery’ shortcode. This allows authenticated attackers, with contributor-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2023-10-30not yet calculatedCVE-2023-5583
MISC
MISC
wordpress — wordpress
 
The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.2023-11-02not yet calculatedCVE-2023-5606
MISC
MISC
wordpress — wordpress
 
The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘tcpaccordion’ shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-30not yet calculatedCVE-2023-5666
MISC
MISC
MISC
wordpress — wordpress
 
The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘slider’ shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-11-03not yet calculatedCVE-2023-5707
MISC
MISC
MISC
MISC
wordpress — wordpress
 
The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the ‘dfads_ajax_load_ads’ function. This allows unauthenticated attackers to execute code on the server. The parameters of the callable function are limited, they cannot be specified arbitrarily.2023-10-30not yet calculatedCVE-2023-5843
MISC
MISC
wordpress — wordpress
 
The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.2023-11-02not yet calculatedCVE-2023-5860
MISC
MISC
wordpress — wordpress
 
The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-11-03not yet calculatedCVE-2023-5945
MISC
MISC
MISC
wordpress — wordpress
 
The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘current_group_id’ parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-11-03not yet calculatedCVE-2023-5946
MISC
MISC
wpn-xm_serverstack — wpn-xm_serverstackA local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.2023-11-03not yet calculatedCVE-2023-4591
MISC
wpn-xm_serverstack — wpn-xm_serverstackA Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking.2023-11-03not yet calculatedCVE-2023-4592
MISC
wuzhicms — wuzhicms
 
SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.2023-11-01not yet calculatedCVE-2023-46482
MISC
yettiesoft — vestcertIn Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution.2023-10-30not yet calculatedCVE-2023-45798
MISC
zentao — zentaoA Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.2023-11-02not yet calculatedCVE-2023-46475
MISC
MISC
 nats.io — multiple_productsNATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. The cryptographic key handling library, nkeys, recently gained support for encryption, not just for signing/authentication. This is used in nats-server 2.10 (Sep 2023) and newer for authentication callouts. In nkeys versions 0.4.0 through 0.4.5, corresponding with NATS server versions 2.10.0 through 2.10.3, the nkeys library’s `xkeys` encryption handling logic mistakenly passed an array by value into an internal function, where the function mutated that buffer to populate the encryption key to use. As a result, all encryption was actually to an all-zeros key. This affects encryption only, not signing. FIXME: FILL IN IMPACT ON NATS-SERVER AUTH CALLOUT SECURITY. nkeys Go library 0.4.6, corresponding with NATS Server 2.10.4, has a patch for this issue. No known workarounds are available. For any application handling auth callouts in Go, if using the nkeys library, update the dependency, recompile and deploy that in lockstep.2023-10-31not yet calculatedCVE-2023-46129
MISC
MISC

Back to top


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.