US-CERT Vulnerability Summary for the Week of October 9, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

 High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
3ds — teamwork_cloud_no_magic_releaseA Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server.2023-10-098.8CVE-2023-3589
MISC
acronis — agentLocal privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497.2023-10-097.3CVE-2023-45248
MISC
acronis — agentSensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895.2023-10-067.1CVE-2023-45244
MISC
acronis — agentSensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343.2023-10-067.1CVE-2023-45246
MISC
acronis — agentSensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497.2023-10-097.1CVE-2023-45247
MISC
adobe — commerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.2023-10-138.8CVE-2023-38218
MISC
adobe — commerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact.2023-10-138.7CVE-2023-38219
MISC
adobe — commerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction.2023-10-137.5CVE-2023-38220
MISC
adobe — photoshop_2022Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-10-117.8CVE-2023-26370
MISC
arm — mbed_tlsMbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.2023-10-079.8CVE-2023-45199
MISC
arm — mbed_tlsMbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.2023-10-077.5CVE-2023-43615
MISC
FEDORA
atos — unify_openscape_4000_managerAtos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm. This is also known as OSFOURK-24034.2023-10-098.8CVE-2023-45350
MISC
MISC
atos — unify_openscape_4000_managerAtos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.2023-10-098.8CVE-2023-45351
MISC
MISC
atos — unify_openscape_4000_managerAtos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120.2023-10-098.8CVE-2023-45355
MISC
MISC
atos — unify_openscape_4000_managerAtos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719.2023-10-098.8CVE-2023-45356
MISC
MISC
atos — unify_openscape_4000_managerAtos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722.2023-10-097.5CVE-2023-45349
MISC
MISC
atos — unify_openscape_common_managementAtos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592.2023-10-098.8CVE-2023-45352
MISC
MISC
atos — unify_openscape_common_managementAtos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591.2023-10-098.8CVE-2023-45353
MISC
MISC
atos — unify_openscape_common_managementAtos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. This is also known as OCMP-6589.2023-10-098.8CVE-2023-45354
MISC
MISC
bainternet — shortcodes_uiCross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.2023-10-108.8CVE-2023-44994
MISC
biltay_technology — kayisi
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286.2023-10-1210CVE-2023-5045
MISC
biltay_technology — procost
 
Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390.2023-10-1210CVE-2023-5046
MISC
byzoro — smart_s45f_firmwareA vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-108.8CVE-2023-5488
MISC
MISC
MISC
byzoro — smart_s45f_firmwareA vulnerability classified as critical has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-108.8CVE-2023-5489
MISC
MISC
MISC
byzoro — smart_s45f_firmwareA vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-108.8CVE-2023-5490
MISC
MISC
MISC
byzoro — smart_s45f_firmwareA vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-108.8CVE-2023-5491
MISC
MISC
MISC
byzoro — smart_s45f_firmwareA vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Affected is an unknown function of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241644. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-108.8CVE-2023-5492
MISC
MISC
MISC
byzoro — smart_s45f_firmwareA vulnerability has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241645 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-108.8CVE-2023-5493
MISC
MISC
MISC
byzoro — smart_s45f_firmwareA vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-241646 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-108.8CVE-2023-5494
MISC
MISC
MISC
contiki-ng — contiki-ngIn Contiki 4.5, TCP ISNs are improperly random.2023-10-109.1CVE-2020-27634
MISC
MISC
MISC
d-link — dir-820l_firmwareD-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.2023-10-069.8CVE-2023-44807
MISC
MISC
d-link — dph-400se_firmwareAn issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component.2023-10-118.8CVE-2023-43960
MISC
MISC
d-link — dsl-3782_firmwareAn issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.2023-10-108.8CVE-2023-44959
MISC
decidim — decidimDecidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn’t enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.2023-10-067.1CVE-2023-36465
MISC
MISC
MISC
easycorp — zentaoAn issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.2023-10-108.8CVE-2023-44827
MISC
f5 — big-ipWhen a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user’s role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-107.2CVE-2023-42768
MISC
f5 — big-ip
 
A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-109.9CVE-2023-41373
MISC
f5 — big-ip
 
When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system.  A successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-108.7CVE-2023-43746
MISC
f5 — big-ip
 
An authenticated user’s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-108.1CVE-2023-40537
MISC
f5 — big-ip
 
When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-107.5CVE-2023-40534
MISC
f5 — big-ip
 
When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2023-10-107.5CVE-2023-40542
MISC
f5 — big-ip
 
When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-107.5CVE-2023-41085
MISC
f5 — big-ip_edge_clientAn insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-107.3CVE-2023-5450
MISC
f5 — big-ip_edge_client
 
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  This vulnerability is due to an incomplete fix for CVE-2023-38418.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2023-10-107.8CVE-2023-43611
MISC
f5 — big-ip_next_spkThe BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated2023-10-107.4CVE-2023-45226
MISC
facebook — tac_plusA lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.2023-10-069.8CVE-2023-45239
MISC
MISC
MISC
farmacia — farmaciaA vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument usario/senha leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241608.2023-10-107.5CVE-2023-5471
MISC
MISC
MISC
fnet — fnetIn FNET 4.6.3, TCP ISNs are improperly random.2023-10-109.1CVE-2020-27633
MISC
MISC
MISC
fortinet — fortiadcAn improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC  7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function.2023-10-107.8CVE-2023-25607
MISC
fortinet — fortiisolatorA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.2023-10-107.8CVE-2022-22298
MISC
fortinet — fortimailAn incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.2023-10-108.8CVE-2023-36556
MISC
fortinet — fortimanagerAn improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least “device management” permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs2023-10-109.6CVE-2023-41679
MISC
fortinet — fortimanagerAn improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command2023-10-107.8CVE-2023-42788
MISC
fortinet — fortimanagerAn improper neutralization of special elements used in an os command (‘os command injection’) in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.2023-10-107.1CVE-2023-41838
MISC
fortinet — fortiosAn improper authorization vulnerability in Fortinet FortiOS 7.0.0 – 7.0.11 and 7.2.0 – 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.2023-10-108.8CVE-2023-41841
MISC
fortinet — fortiosA use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 – 7.0.12, 7.2.0 – 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.2023-10-107.5CVE-2023-37935
MISC
fortinet — fortios_ips_engineA interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.2023-10-107.5CVE-2023-40718
MISC
fortinet — fortisiemA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests.2023-10-109.8CVE-2023-34992
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.2023-10-109.8CVE-2023-34993
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.2023-10-109.8CVE-2023-36547
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.2023-10-109.8CVE-2023-36548
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.2023-10-109.8CVE-2023-36549
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.2023-10-109.8CVE-2023-36550
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.2023-10-108.8CVE-2023-34985
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.2023-10-108.8CVE-2023-34986
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.2023-10-108.8CVE-2023-34987
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.2023-10-108.8CVE-2023-34988
MISC
fortinet — fortiwlmA improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.2023-10-108.8CVE-2023-34989
MISC
geokit — geokit-railsVersions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialization of YAML within the ‘geo_location’ cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system.2023-10-069.8CVE-2023-26153
MISC
MISC
MISC
MISC
MISC
google — androidIn TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-119.8CVE-2023-35646
MISC
google — androidIn ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.2023-10-119.8CVE-2023-35647
MISC
google — androidIn ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.2023-10-119.8CVE-2023-35648
MISC
google — androidIn killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-067.8CVE-2023-21266
MISC
MISC
google — androidIn phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed2023-10-087.8CVE-2023-40634
MISC
google — androidIn linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed2023-10-087.8CVE-2023-40635
MISC
google — androidIn ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.2023-10-117.5CVE-2023-35652
MISC
google — androidIn jpg driver, there is a possible use after free due to a logic error. This could lead to remote information disclosure no additional execution privileges needed2023-10-087.5CVE-2023-40632
MISC
google — chromeUse after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)2023-10-118.8CVE-2023-5218
MISC
MISC
MISC
MISC
google — chromeHeap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)2023-10-118.8CVE-2023-5474
MISC
MISC
MISC
google — chromeUse after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2023-10-118.8CVE-2023-5476
MISC
MISC
MISC
gpac — gpacOut-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.2023-10-117.1CVE-2023-5520
MISC
MISC
hansuncms — hansuncmshansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx.2023-10-099.8CVE-2023-43899
MISC
MISC
hp — lifeHP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.2023-10-099.8CVE-2023-5365
MISC
huawei — harmonyosVulnerability of permissions not being strictly verified in the window management module. Successful exploitation of this vulnerability may cause features to perform abnormally.2023-10-119.8CVE-2023-44105
MISC
MISC
huawei — harmonyosAPI permission management vulnerability in the Fwk-Display module. Successful exploitation of this vulnerability may cause features to perform abnormally.2023-10-119.8CVE-2023-44106
MISC
MISC
huawei — harmonyosVulnerability of access permissions not being strictly verified in the APPWidget module. Successful exploitation of this vulnerability may cause some apps to run without being authorized.2023-10-119.8CVE-2023-44116
MISC
MISC
huawei — harmonyosVulnerability of defects introduced in the design process in the screen projection module. Successful exploitation of this vulnerability may affect service availability and integrity.2023-10-119.1CVE-2023-44107
MISC
huawei — harmonyosVulnerability of undefined permissions in the MeeTime module. Successful exploitation of this vulnerability will affect availability and confidentiality.2023-10-119.1CVE-2023-44118
MISC
MISC
huawei — harmonyosType confusion vulnerability in the distributed file module. Successful exploitation of this vulnerability may cause the device to restart.2023-10-117.5CVE-2023-44108
MISC
MISC
huawei — harmonyosOut-of-bounds array vulnerability in the dataipa module. Successful exploitation of this vulnerability may affect service confidentiality.2023-10-117.5CVE-2023-44114
MISC
MISC
huawei — harmonyosVulnerability of mutual exclusion management in the kernel module. Successful exploitation of this vulnerability will affect availability.2023-10-117.5CVE-2023-44119
MISC
MISC
ibm — robotic_process_automationIBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.2023-10-069.8CVE-2023-43058
MISC
MISC
ibm — security_directory_suiteIBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.2023-10-067.5CVE-2022-33160
MISC
MISC
ibm — spectrum_protect_client/storage_protectIBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.2023-10-067.8CVE-2023-35897
MISC
MISC
ietf — httpThe HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.2023-10-107.5CVE-2023-44487
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
DEBIAN
DEBIAN
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MLIST
MLIST
MLIST
MISC
MISC
FEDORA
MISC
jetbrains — ktorIn JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE2023-10-099.8CVE-2023-45612
MISC
jetbrains — ktorIn JetBrains Ktor before 2.3.5 server certificates were not verified2023-10-099.1CVE-2023-45613
MISC
kernelsu — kernelsuIncorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.2023-10-119.8CVE-2023-5521
MISC
MISC
langchain — langchain_experimentallangchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.2023-10-099.8CVE-2023-44467
MISC
lenovo — ideapad_creator_5-16ach6_firmwareA potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.2023-10-097.8CVE-2022-3431
MISC
libx11 — libx11A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.2023-10-107.8CVE-2023-43787
MISC
MISC
mattermost — mattermostMattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable.2023-10-097.5CVE-2023-5330
MISC
mediawiki — mediawikiAn issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.2023-10-097.5CVE-2023-45363
MISC
DEBIAN
mediawiki — mediawikiAn issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.2023-10-097.5CVE-2023-45371
MISC
MISC
microchip — mplab_network_creatorIn Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.2023-10-109.1CVE-2020-27636
MISC
MISC
MISC
microsoft — azure_devops_serverAzure DevOps Server Elevation of Privilege Vulnerability2023-10-107.3CVE-2023-36561
MISC
microsoft — azure_hdinsightsAzure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability2023-10-109.8CVE-2023-36419
MISC
microsoft — azure_identity_sdkAzure Identity SDK Remote Code Execution Vulnerability2023-10-108.8CVE-2023-36414
MISC
microsoft — azure_identity_sdkAzure Identity SDK Remote Code Execution Vulnerability2023-10-108.8CVE-2023-36415
MISC
microsoft — azure_network_watcherAzure Network Watcher VM Agent Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36737
MISC
microsoft — azure_rtos_guix_studioAzure RTOS GUIX Studio Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36418
MISC
microsoft — exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability2023-10-108CVE-2023-36778
MISC
microsoft — odbc_driver_for_sql_serverMicrosoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36785
MISC
microsoft — officeMicrosoft Office Elevation of Privilege Vulnerability2023-10-108.4CVE-2023-36569
MISC
microsoft — officeMicrosoft Office Graphics Elevation of Privilege Vulnerability2023-10-107CVE-2023-36565
MISC
microsoft — officeMicrosoft Office Click-To-Run Elevation of Privilege Vulnerability2023-10-107CVE-2023-36568
MISC
microsoft — skype_for_business_serverSkype for Business Remote Code Execution Vulnerability2023-10-107.2CVE-2023-36780
MISC
microsoft — skype_for_business_serverSkype for Business Remote Code Execution Vulnerability2023-10-107.2CVE-2023-36786
MISC
microsoft — skype_for_business_serverSkype for Business Remote Code Execution Vulnerability2023-10-107.2CVE-2023-36789
MISC
microsoft — sql_serverMicrosoft SQL OLE DB Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36417
MISC
microsoft — sql_serverMicrosoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36420
MISC
microsoft — sql_serverMicrosoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36730
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-109.8CVE-2023-35349
MISC
microsoft — windows_server_2008Windows IIS Server Elevation of Privilege Vulnerability2023-10-109.8CVE-2023-36434
MISC
microsoft — windows_server_2008Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2023-10-108.8CVE-2023-36577
MISC
microsoft — windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-10-108.1CVE-2023-38166
MISC
microsoft — windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-10-108.1CVE-2023-41765
MISC
microsoft — windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-10-108.1CVE-2023-41767
MISC
microsoft — windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-10-108.1CVE-2023-41768
MISC
microsoft — windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-10-108.1CVE-2023-41769
MISC
microsoft — windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-10-108.1CVE-2023-41770
MISC
microsoft — windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-10-108.1CVE-2023-41771
MISC
microsoft — windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-10-108.1CVE-2023-41773
MISC
microsoft — windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-10-108.1CVE-2023-41774
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-108CVE-2023-36697
MISC
microsoft — windows_server_2008Windows Graphics Component Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36594
MISC
microsoft — windows_server_2008Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36598
MISC
microsoft — windows_server_2008Microsoft DirectMusic Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36702
MISC
microsoft — windows_server_2008Windows Media Foundation Core Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36710
MISC
microsoft — windows_server_2008Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36726
MISC
microsoft — windows_server_2008Win32k Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36731
MISC
microsoft — windows_server_2008Win32k Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36732
MISC
microsoft — windows_server_2008Win32k Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36743
MISC
microsoft — windows_server_2008Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36790
MISC
microsoft — windows_server_2008Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-41766
MISC
microsoft — windows_server_2008Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability2023-10-107.5CVE-2023-29348
MISC
microsoft — windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-10-107.5CVE-2023-36431
MISC
microsoft — windows_server_2008Windows TCP/IP Information Disclosure Vulnerability2023-10-107.5CVE-2023-36438
MISC
microsoft — windows_server_2008Windows Deployment Services Information Disclosure Vulnerability2023-10-107.5CVE-2023-36567
MISC
microsoft — windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-10-107.5CVE-2023-36579
MISC
microsoft — windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-10-107.5CVE-2023-36581
MISC
microsoft — windows_server_2008Active Template Library Denial of Service Vulnerability2023-10-107.5CVE-2023-36585
MISC
microsoft — windows_server_2008Windows TCP/IP Denial of Service Vulnerability2023-10-107.5CVE-2023-36602
MISC
microsoft — windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-10-107.5CVE-2023-36606
MISC
microsoft — windows_server_2008DHCP Server Service Denial of Service Vulnerability2023-10-107.5CVE-2023-36703
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36570
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36571
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36572
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36573
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36574
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36575
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36578
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36582
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36583
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36589
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36590
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36591
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36592
MISC
microsoft — windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-10-107.3CVE-2023-36593
MISC
microsoft — windows_server_2008Win32k Elevation of Privilege Vulnerability2023-10-107CVE-2023-36776
MISC
microsoft — windows_server_2012Windows MSHTML Platform Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36436
MISC
microsoft — windows_server_2012Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36701
MISC
microsoft — windows_server_2012Windows Runtime C++ Template Library Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36711
MISC
microsoft — windows_server_2012Windows Kernel Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36712
MISC
microsoft — windows_server_2012Named Pipe File System Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36729
MISC
microsoft — windows_server_2012Remote Procedure Call Information Disclosure Vulnerability2023-10-107.5CVE-2023-36596
MISC
microsoft — windows_server_2012Windows Deployment Services Denial of Service Vulnerability2023-10-107.5CVE-2023-36707
MISC
microsoft — windows_server_2016PrintHTML API Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36557
MISC
microsoft — windows_server_2016Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36718
MISC
microsoft — windows_server_2016Microsoft AllJoyn API Denial of Service Vulnerability2023-10-107.5CVE-2023-36709
MISC
microsoft — windows_server_2016Windows Mixed Reality Developer Tools Denial of Service Vulnerability2023-10-107.5CVE-2023-36720
MISC
microsoft — windows_server_2016Windows Runtime Remote Code Execution Vulnerability2023-10-107CVE-2023-36902
MISC
microsoft — windows_server_2016Windows Graphics Component Elevation of Privilege Vulnerability2023-10-107CVE-2023-38159
MISC
microsoft — windows_server_2019Windows Named Pipe Filesystem Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36605
MISC
microsoft — windows_server_2019Windows Setup Files Cleanup Remote Code Execution Vulnerability2023-10-107.8CVE-2023-36704
MISC
microsoft — windows_server_2019Windows Container Manager Service Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36723
MISC
microsoft — windows_server_2019Windows Kernel Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-36725
MISC
microsoft — windows_server_2019Win32k Elevation of Privilege Vulnerability2023-10-107.8CVE-2023-41772
MISC
microsoft — windows_server_2019Windows TCP/IP Denial of Service Vulnerability2023-10-107.5CVE-2023-36603
MISC
microsoft — windows_server_2019Windows Error Reporting Service Elevation of Privilege Vulnerability2023-10-107CVE-2023-36721
MISC
microsoft — windows_server_2022Microsoft QUIC Denial of Service Vulnerability2023-10-107.5CVE-2023-36435
MISC
microsoft — windows_server_2022Microsoft QUIC Denial of Service Vulnerability2023-10-107.5CVE-2023-38171
MISC
moosocial — moosocialCross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.2023-10-098.8CVE-2023-44811
MISC
netis-systems — n3m_firmwareAn issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.2023-10-067.5CVE-2023-44860
MISC
openmct — openmctIn NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action.2023-10-067.5CVE-2023-45282
MISC
MISC
MISC
CONFIRM
opentelemetry — opentelemetryOpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server’s potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0.2023-10-067.5CVE-2023-43810
MISC
MISC
MISC
oryx-embedded — cyclonetcpIn Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.2023-10-109.8CVE-2020-27631
MISC
MISC
MISC
phpjabbers — appointment_schedulerUser enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.2023-10-107.5CVE-2023-36127
MISC
picotcp — picotcpIn PicoTCP 1.7.0, TCP ISNs are improperly random.2023-10-109.1CVE-2020-27635
MISC
MISC
MISC
plain_craft_launcher_2 — plain_craft_launcher_2Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.2023-10-077.8CVE-2023-36123
MISC
MISC
puppet — boltIn Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.2023-10-069.8CVE-2023-5214
MISC
qnap — multiple_productsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later2023-10-067.2CVE-2023-32971
MISC
qnap — multiple_productsA buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later2023-10-067.2CVE-2023-32972
MISC
sangfor — next-gen_application_firewallThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header.2023-10-109.8CVE-2023-30803
MISC
MISC
MISC
sangfor — next-gen_application_firewallThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the “un” parameter.2023-10-109.8CVE-2023-30805
MISC
MISC
MISC
sangfor — next-gen_application_firewallThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie.2023-10-109.8CVE-2023-30806
MISC
MISC
MISC
sap — powerdesignerSAP PowerDesigner Client – version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client.2023-10-107.5CVE-2023-40310
MISC
MISC
seacms — seacmsAn issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.2023-10-108.8CVE-2023-44846
MISC
MISC
seacms — seacmsAn issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.2023-10-108.1CVE-2023-44848
MISC
seacms — seacmsAn issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.2023-10-107.2CVE-2023-44847
MISC
sick — apu0200_firmwareImproper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.2023-10-099.8CVE-2023-43696
MISC
MISC
MISC
sick — apu0200_firmwareImproper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited.2023-10-097.5CVE-2023-43699
MISC
MISC
MISC
sick — apu0200_firmwareMissing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.2023-10-097.5CVE-2023-43700
MISC
MISC
MISC
siemens — multiple_productsA vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.2023-10-109.8CVE-2023-36380
MISC
siemens — multiple_products
 
A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role.2023-10-107.5CVE-2023-42796
MISC
siemens — sicam_pas/pqsA vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`.2023-10-107.8CVE-2023-45205
MISC
siemens — simcenter_amesimA vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process.2023-10-109.8CVE-2023-43625
MISC
siemens — sinec_nms
 
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.2023-10-107.8CVE-2022-30527
MISC
siemens — sinema_server
 
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)2023-10-108.3CVE-2023-35796
MISC
siemens — tecnomatixA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.2023-10-107.8CVE-2023-44081
MISC
siemens — tecnomatixA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.2023-10-107.8CVE-2023-44082
MISC
siemens — tecnomatixA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.2023-10-107.8CVE-2023-44083
MISC
siemens — tecnomatixA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.2023-10-107.8CVE-2023-44084
MISC
siemens — tecnomatixA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.2023-10-107.8CVE-2023-44085
MISC
siemens — tecnomatixA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.2023-10-107.8CVE-2023-44086
MISC
siemens — tecnomatixA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.2023-10-107.8CVE-2023-44087
MISC
siemens — tecnomatixA vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)2023-10-107.8CVE-2023-45204
MISC
siemens — tecnomatixA vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)2023-10-107.8CVE-2023-45601
MISC
siemens — xpedition_layout_browserA vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process.2023-10-107.8CVE-2023-30900
MISC
silabs — uc/tcp-ipIn Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.2023-10-109.8CVE-2020-27630
MISC
MISC
MISC
simple_and_nice_shopping_cart_script — simple_and_nice_shopping_cart_scriptFile Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.2023-10-068.8CVE-2023-44061
MISC
snipeitapp — snipe-itCross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.2023-10-118.8CVE-2023-5511
MISC
MISC
thingsboard — thingsboardThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).2023-10-068.8CVE-2023-45303
MISC
MISC
turnatasarim — advertising_administration_panelImproper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Turna Advertising Administration Panel allows SQL Injection. This issue affects Advertising Administration Panel: before 1.1.2023-10-069.8CVE-2023-4530
MISC
typora — typoraCross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function.2023-10-107.4CVE-2020-18336
MISC
uptime_kuma — uptime_kumaUptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user’s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.2023-10-097.8CVE-2023-44400
MISC
MISC
MISC
vantage6 — vantage6vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround.2023-10-117.2CVE-2023-23930
MISC
MISC
MISC
MISC
wazuh — wazuh-dashboardWazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds.2023-10-098.8CVE-2023-42455
MISC
MISC
MISC
webkitgtk — webkitgtkA use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.2023-10-068.8CVE-2023-39928
MISC
MISC
MISC
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.2023-10-068.8CVE-2023-25480
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions.2023-10-068.8CVE-2023-27615
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions.2023-10-128.8CVE-2023-45047
MISC
wordpress — wordpressAuth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions.2023-10-128.8CVE-2023-23651
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.2023-10-068.8CVE-2023-27448
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions.2023-10-108.8CVE-2023-44996
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.2023-10-098.8CVE-2023-44993
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.2023-10-068.8CVE-2022-47175
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions.2023-10-068.8CVE-2023-25033
MISC
wordpress — wordpressA vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability.2023-10-069.8CVE-2015-10126
MISC
MISC
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.2023-10-068.8CVE-2023-40008
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.2023-10-068.8CVE-2023-40556
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <= 1.4.0 versions.2023-10-068.8CVE-2023-40671
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions.2023-10-068.8CVE-2023-41650
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions.2023-10-068.8CVE-2023-41654
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions.2023-10-068.8CVE-2023-41659
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions.2023-10-098.8CVE-2023-41660
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.2023-10-098.8CVE-2023-41667
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.2023-10-098.8CVE-2023-41668
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions.2023-10-098.8CVE-2023-41669
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions.2023-10-098.8CVE-2023-41670
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions.2023-10-098.8CVE-2023-41672
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions.2023-10-108.8CVE-2023-41684
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions.2023-10-108.8CVE-2023-41694
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions.2023-10-108.8CVE-2023-41697
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.2023-10-108.8CVE-2023-41730
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.2023-10-068.8CVE-2023-41732
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.2023-10-068.8CVE-2023-41801
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.2023-10-108.8CVE-2023-41850
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.2023-10-108.8CVE-2023-41851
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.2023-10-108.8CVE-2023-41852
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.2023-10-108.8CVE-2023-41853
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions.2023-10-108.8CVE-2023-41854
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.2023-10-108.8CVE-2023-41858
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.2023-10-108.8CVE-2023-41876
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Laposta – Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions.2023-10-068.8CVE-2023-41950
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <= 3.6 versions.2023-10-068.8CVE-2023-44146
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions.2023-10-098.8CVE-2023-44231
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions.2023-10-098.8CVE-2023-44232
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions.2023-10-068.8CVE-2023-44233
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions.2023-10-098.8CVE-2023-44236
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.2023-10-098.8CVE-2023-44237
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions.2023-10-098.8CVE-2023-44238
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <= 1.54 versions.2023-10-098.8CVE-2023-44240
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions.2023-10-108.8CVE-2023-44241
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions.2023-10-068.8CVE-2023-44243
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions.2023-10-098.8CVE-2023-44246
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions.2023-10-108.8CVE-2023-44257
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions.2023-10-108.8CVE-2023-44259
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÃœ Woocommerce ESTO plugin <= 2.23.1 versions.2023-10-098.8CVE-2023-44260
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.2023-10-108.8CVE-2023-44261
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions.2023-10-108.8CVE-2023-44470
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions.2023-10-108.8CVE-2023-44471
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions.2023-10-098.8CVE-2023-44473
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions.2023-10-108.8CVE-2023-44475
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.2023-10-108.8CVE-2023-44476
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions.2023-10-108.8CVE-2023-44995
MISC
yifanwireless — yf325_firmwareAn authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.2023-10-119.8CVE-2023-24479
MISC
yifanwireless — yf325_firmwareA stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.2023-10-119.8CVE-2023-31272
MISC
yifanwireless — yf325_firmwareA command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.2023-10-119.8CVE-2023-32632
MISC
yifanwireless — yf325_firmwareA leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.2023-10-119.8CVE-2023-32645
MISC
yifanwireless — yf325_firmwareA stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.2023-10-119.8CVE-2023-34346
MISC
yifanwireless — yf325_firmwareA stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability.2023-10-119.8CVE-2023-34365
MISC
yifanwireless — yf325_firmwareA stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.2023-10-119.8CVE-2023-34426
MISC
yifanwireless — yf325_firmwareA buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.2023-10-119.8CVE-2023-35055
MISC
yifanwireless — yf325_firmwareA buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function.2023-10-119.8CVE-2023-35056
MISC
yifanwireless — yf325_firmwareTwo heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as argument for the malloc function.2023-10-119.8CVE-2023-35965
MISC
yifanwireless — yf325_firmwareTwo heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as argument for the realloc function.2023-10-119.8CVE-2023-35966
MISC
yifanwireless — yf325_firmwareTwo heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as argument for the malloc function.2023-10-119.8CVE-2023-35967
MISC
yifanwireless — yf325_firmwareTwo heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as argument for the realloc function.2023-10-119.8CVE-2023-35968
MISC
zephyrproject — zephyrPotential buffer overflow vulnerability in the Zephyr CAN bus subsystem2023-10-069.8CVE-2023-3725
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
acronis — agentSensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.2023-10-065.5CVE-2023-45245
MISC
adobe — bridgeAdobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-10-115.5CVE-2023-38216
MISC
adobe — bridgeAdobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-10-115.5CVE-2023-38217
MISC
adobe — commerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application’s path boundary.2023-10-136.8CVE-2023-26366
MISC
adobe — commerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.2023-10-136.6CVE-2023-38221
MISC
adobe — commerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.2023-10-136.6CVE-2023-38249
MISC
adobe — commerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI.2023-10-136.6CVE-2023-38250
MISC
adobe — commerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction.2023-10-135.3CVE-2023-38251
MISC
adobe — commerceAdobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.2023-10-134.9CVE-2023-26367
MISC
antisamy — antisamyAntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. This issue has been patched in AntiSamy 1.7.4 and later.2023-10-096.1CVE-2023-43643
MISC
MISC
atx — ucryptThe web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.2023-10-096.5CVE-2023-39854
MISC
canonical — subiquitySensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.2023-10-075.5CVE-2023-5182
MISC
MISC
chiefonboarding — chiefonboardingCross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47.2023-10-104.3CVE-2023-5498
MISC
MISC
concretecms — concrete_cmsConcrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail” file upload, which allows Cross-Site Scripting (XSS).2023-10-105.4CVE-2023-44763
MISC
consensys — gnarkgnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods.2023-10-095.5CVE-2023-44378
MISC
MISC
MISC
delta_electronics — wplsoftA vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-095.9CVE-2023-5461
MISC
MISC
MISC
delta_electronics — wplsoftA vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-095.7CVE-2023-5460
MISC
MISC
MISC
discourse — discourse_jiraDiscourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application.2023-10-064.1CVE-2023-44384
MISC
MISC
MISC
easycorp — zentaoCross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.2023-10-105.4CVE-2023-44826
MISC
f5 — big-ipWhen on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-105.5CVE-2023-41253
MISC
f5 — big-ipWhen TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-105.5CVE-2023-43485
MISC
f5 — big-ipWhen BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-104.4CVE-2023-39447
MISC
f5 — big-ipExposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-104.4CVE-2023-45219
MISC
f5 — big-ipThe BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-10-104.3CVE-2023-41964
MISC
fortinet — fortianalyzerA client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.2023-10-106.5CVE-2023-42787
MISC
fortinet — fortianalyzerAn authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.2023-10-106.5CVE-2023-44249
MISC
fortinet — fortianalyzerA insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.2023-10-105.3CVE-2023-42782
MISC
fortinet — fortiguestAn insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.2023-10-105.5CVE-2023-25604
MISC
fortinet — fortimailAn improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail’s calendar via input fields.2023-10-105.4CVE-2023-36637
MISC
fortinet — fortiosAn improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 – 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.2023-10-105.4CVE-2023-36555
MISC
fortinet — fortiosAn improper access control vulnerability in Fortinet FortiOS 7.2.0 – 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from an untrusted host.2023-10-104.3CVE-2023-33301
MISC
fortinet — fortiproxyA use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.2023-10-105.3CVE-2023-41675
MISC
gdidees — gdidees_cmsGDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.2023-10-065.4CVE-2023-44758
MISC
google — androidIn visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.2023-10-066.7CVE-2023-21244
MISC
MISC
MISC
MISC
google — androidIn ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2023-10-116.7CVE-2023-35654
MISC
google — androidIn CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2023-10-116.7CVE-2023-35655
MISC
google — androidIn FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed2023-10-086.7CVE-2023-40653
MISC
google — androidIn FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed2023-10-086.7CVE-2023-40654
MISC
google — androidIn tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2023-10-116.4CVE-2023-35645
MISC
google — androidIn validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-065.5CVE-2023-21252
MISC
MISC
MISC
google — androidIn multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-065.5CVE-2023-21253
MISC
MISC
MISC
MISC
google — androidIn visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.2023-10-065.5CVE-2023-21291
MISC
MISC
google — androidIn phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40633
MISC
google — androidIn telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges2023-10-085.5CVE-2023-40637
MISC
google — androidIn SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges2023-10-085.5CVE-2023-40639
MISC
google — androidIn SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges2023-10-085.5CVE-2023-40640
MISC
google — androidIn Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40641
MISC
google — androidIn Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40642
MISC
google — androidIn Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40643
MISC
google — androidIn Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40644
MISC
google — androidIn Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40645
MISC
google — androidIn Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40646
MISC
google — androidIn Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40647
MISC
google — androidIn Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40648
MISC
google — androidIn Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40649
MISC
google — androidIn Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed2023-10-085.5CVE-2023-40650
MISC
google — androidIn TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.2023-10-114.4CVE-2023-35653
MISC
google — androidIn Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed2023-10-084.4CVE-2023-40631
MISC
google — androidIn telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed2023-10-084.4CVE-2023-40636
MISC
google — androidIn Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed2023-10-084.4CVE-2023-40638
MISC
google — androidIn urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2023-10-084.4CVE-2023-40651
MISC
google — androidIn jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed2023-10-084.4CVE-2023-40652
MISC
google — chromeInappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)2023-10-116.5CVE-2023-5475
MISC
MISC
MISC
MISC
google — chromeInappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)2023-10-116.5CVE-2023-5479
MISC
MISC
MISC
google — chromeInappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)2023-10-116.5CVE-2023-5481
MISC
MISC
MISC
google — chromeInappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)2023-10-116.5CVE-2023-5483
MISC
MISC
MISC
google — chromeInappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)2023-10-116.5CVE-2023-5484
MISC
MISC
MISC
MISC
google — chromeInappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)2023-10-116.5CVE-2023-5487
MISC
MISC
MISC
MISC
google — chromeUse after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)2023-10-116.3CVE-2023-5473
MISC
MISC
MISC
google — chromeInappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)2023-10-114.3CVE-2023-5477
MISC
MISC
MISC
google — chromeInappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)2023-10-114.3CVE-2023-5478
MISC
MISC
MISC
google — chromeInappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)2023-10-114.3CVE-2023-5485
MISC
MISC
MISC
google — chromeInappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)2023-10-114.3CVE-2023-5486
MISC
MISC
MISC
gradle — gradleGradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities.2023-10-065.3CVE-2023-42445
MISC
MISC
MISC
hpe — msa_1060_storage_firmwareHPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. 2023-10-095.4CVE-2023-30910
MISC
huawei — harmonyosOut-of-bounds access vulnerability in the audio module. Successful exploitation of this vulnerability may affect availability.2023-10-114.3CVE-2023-44110
MISC
MISC
MISC
ibm — collaborative_lifecycle_managementIBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.2023-10-065.5CVE-2022-34355
MISC
MISC
janusintl — noke_standard_smart_padlock_firmwareNokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.2023-10-096.5CVE-2022-36228
MISC
lenovo — thinkpad_t14s_gen_3_firmwareA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.2023-10-096.8CVE-2022-3728
MISC
lenovo — thinkpad_t14s_gen_3_firmwareA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.2023-10-096.8CVE-2022-48182
MISC
lenovo — thinkpad_t14s_gen_3_firmwareA vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.2023-10-096.8CVE-2022-48183
MISC
libx11 — libx11A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.2023-10-105.5CVE-2023-43785
MISC
MISC
libx11 — libx11A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial-of-service condition.2023-10-105.5CVE-2023-43786
MISC
MISC
libxpm — libxpmA vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system.2023-10-105.5CVE-2023-43788
MISC
MISC
MISC
linux — kernelA flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.2023-10-096CVE-2023-39189
MISC
MISC
linux — kernelA flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.2023-10-096CVE-2023-39192
MISC
MISC
MISC
linux — kernelA flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.2023-10-096CVE-2023-39193
MISC
MISC
MISC
linux — kernelA flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.2023-10-094.4CVE-2023-39194
MISC
MISC
MISC
mattermost — mattermostMattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information.2023-10-095.3CVE-2023-5331
MISC
mattermost — mattermostMattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs.2023-10-096.5CVE-2023-5333
MISC
mediawiki — mediawikiAn issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service.2023-10-096.5CVE-2023-45367
MISC
mediawiki — mediawikiAn issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.2023-10-096.1CVE-2023-45373
MISC
MISC
mediawiki — mediawikiAn issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.2023-10-095.3CVE-2023-45364
MISC
DEBIAN
mediawiki — mediawikiAn issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams.2023-10-095.3CVE-2023-45370
MISC
MISC
mediawiki — mediawikiAn issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).2023-10-095.3CVE-2023-45372
MISC
MISC
mediawiki — mediawikiAn issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.2023-10-095.3CVE-2023-45374
MISC
MISC
mediawiki — mediawikiAn issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.2023-10-094.3CVE-2023-45369
MISC
MISC
microsoft — common_data_model_sdkMicrosoft Common Data Model SDK Denial of Service Vulnerability2023-10-106.5CVE-2023-36566
MISC
microsoft — dynamics_365Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability2023-10-106.5CVE-2023-36429
MISC
microsoft — dynamics_365Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability2023-10-106.5CVE-2023-36433
MISC
microsoft — dynamics_365Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability2023-10-106.1CVE-2023-36416
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability2023-10-134.2CVE-2023-36559
MISC
microsoft — skype_for_business_serverSkype for Business Elevation of Privilege Vulnerability2023-10-105.3CVE-2023-41763
MISC
microsoft — sql_serverMicrosoft SQL Server Denial of Service Vulnerability2023-10-105.5CVE-2023-36728
MISC
microsoft — windows_server_2008Microsoft WordPad Information Disclosure Vulnerability2023-10-106.5CVE-2023-36563
MISC
microsoft — windows_server_2008Windows Search Security Feature Bypass Vulnerability2023-10-106.5CVE-2023-36564
MISC
microsoft — windows_server_2008Windows Deployment Services Information Disclosure Vulnerability2023-10-106.5CVE-2023-36706
MISC
microsoft — windows_server_2008Windows Power Management Service Information Disclosure Vulnerability2023-10-105.5CVE-2023-36724
MISC
microsoft — windows_server_2008Windows Mark of the Web Security Feature Bypass Vulnerability2023-10-105.4CVE-2023-36584
MISC
microsoft — windows_server_2008Active Directory Domain Services Information Disclosure Vulnerability2023-10-104.4CVE-2023-36722
MISC
microsoft — windows_server_2012Windows Common Log File System Driver Information Disclosure Vulnerability2023-10-105.5CVE-2023-36713
MISC
microsoft — windows_server_2016Windows Virtual Trusted Platform Module Denial of Service Vulnerability2023-10-106.5CVE-2023-36717
MISC
microsoft — windows_server_2016Windows Kernel Information Disclosure Vulnerability2023-10-105.5CVE-2023-36576
MISC
microsoft — windows_server_2019Windows Kernel Security Feature Bypass Vulnerability2023-10-104.4CVE-2023-36698
MISC
moosocial — moosocialCross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.2023-10-096.1CVE-2023-44812
MISC
moosocial — moosocialCross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.2023-10-096.1CVE-2023-44813
MISC
objectcomputing — micronaut_securityMicronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1.2023-10-096.5CVE-2023-36820
MISC
MISC
octoprint — octoprintOctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.2023-10-096.5CVE-2023-41047
MISC
MISC
MISC
openvswitch — openvswitchA flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.2023-10-065.5CVE-2023-5366
MISC
MISC
oro_inc — orocommerceOroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a note for it. Versions 5.0.11 and 5.1.1 contain a fix for this issue.2023-10-094.8CVE-2022-35950
MISC
phpjabbers — appointment_schedulerThere is a Cross Site Scripting (XSS) vulnerability in the “theme” parameter of preview.php in PHPJabbers Appointment Scheduler v3.02023-10-106.1CVE-2023-36126
MISC
piwigo — piwigoPiwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS code into the HTML page, which could then be executed by admin users when they visit the URL with the payload. The vulnerability is caused by the insecure injection of the `plugin_id` value from the URL into the HTML page. An attacker can exploit this vulnerability by crafting a malicious URL that contains a specially crafted `plugin_id` value. When a victim who is logged in as an administrator visits this URL, the malicious code will be injected into the HTML page and executed. This vulnerability can be exploited by any attacker who has access to a malicious URL. However, only users who are logged in as administrators are affected. This is because the vulnerability is only present on the `/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page, which is only accessible to administrators. Version 14.0.0.beta4 contains a patch for this issue.2023-10-096.1CVE-2023-44393
MISC
MISC
qnap — music_stationA path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later2023-10-066.5CVE-2023-23365
MISC
qnap — music_stationA path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later2023-10-066.5CVE-2023-23366
MISC
qnap — qvpnAn insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later2023-10-064.4CVE-2023-23370
MISC
qnap — qvpnA cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later2023-10-064.4CVE-2023-23371
MISC
qnap — video_stationA cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later2023-10-135.4CVE-2023-34977
MISC
reportportal — reportportalReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable `ltree` field type indexing limit (path length>=120, approximately recursive nesting of the nested steps). REINDEX INDEX path_gist_idx and path_idx aren’t helped. The problem was fixed in `com.epam.reportportal:service-api` module version 5.10.0 (product release 23.2), where the maximum number of nested elements were programmatically limited. A workaround is available. After deletion of the data with long paths, and reindexing both indexes (path_gist_idx and path_idx), the database becomes stable and ReportPortal works properly.2023-10-096.5CVE-2023-25822
MISC
MISC
MISC
sangfor — next-gen_application_firewallThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803.2023-10-106.5CVE-2023-30804
MISC
MISC
MISC
sangfor — next-gen_application_firewallThe Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field.2023-10-105.3CVE-2023-30802
MISC
MISC
MISC
sap — business_oneSAP Business One (B1i) – version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability.2023-10-104.3CVE-2023-41365
MISC
MISC
sap — businessobjects_web_intelligenceSAP BusinessObjects Web Intelligence – version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information.2023-10-105.4CVE-2023-42474
MISC
MISC
sap — s/4hanaS/4HANA Manage (Withholding Tax Items) – version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application.2023-10-105.4CVE-2023-42473
MISC
MISC
sap — s/4hanaThe Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality.2023-10-104.3CVE-2023-42475
MISC
MISC
sick — apu0200_firmwareModification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.2023-10-096.5CVE-2023-43697
MISC
MISC
MISC
sick — apu0200_firmwareCleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted.2023-10-096.5CVE-2023-5100
MISC
MISC
MISC
sick — apu0200_firmwareImproper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the client’s browser via injecting code into the website.2023-10-096.1CVE-2023-43698
MISC
MISC
MISC
sick — apu0200_firmwareFiles or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests.2023-10-095.3CVE-2023-5101
MISC
MISC
MISC
sick — apu0200_firmwareInsufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.2023-10-095.3CVE-2023-5102
MISC
MISC
MISC
sick — apu0200_firmwareImproper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe.2023-10-094.3CVE-2023-5103
MISC
MISC
MISC
siemens — mendix_forgot_passwordA vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.2023-10-105.3CVE-2023-43623
MISC
siemens — sicam_pas/pqsA vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.2023-10-104.4CVE-2023-38640
MISC
siemens — simatic_cpA vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.2023-10-106.7CVE-2023-37194
MISC
siemens — simatic_cpA vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial-of-service situation on the host. A physical power cycle is required to get the system working again.2023-10-104.4CVE-2023-37195
MISC
siemens — sinec_nmsA vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.2023-10-105.4CVE-2023-44315
MISC
snipeitapp — snipe-itCross-site Scripting (XSS) – Stored in GitHub repository snipe/snipe-it prior to v6.2.2.2023-10-065.4CVE-2023-5452
MISC
MISC
wordpress — wordpressThe GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-105.4CVE-2023-5467
MISC
MISC
MISC
wordpress — wordpressThe Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘dcscf-link’ shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-105.4CVE-2023-5468
MISC
MISC
wordpress — wordpressThe Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘etsy-shop’ shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-125.4CVE-2023-5470
MISC
MISC
MISC
MISC
wordpress — wordpressThe Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.2023-10-065.3CVE-2023-4469
MISC
MISC
wordpress — wordpress
 
The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘calendly’ shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-10-136.4CVE-2023-4995
MISC
MISC
wordpress — wordpress
 
The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-10-144.4CVE-2023-1259
MISC
MISC
wordpress — wordpress
 
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image lightboxes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-10-124.3CVE-2023-5531
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
fortinet — forticlientAn exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.2023-10-103.3CVE-2023-37939
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
1e — 1e_platform
 
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution.  Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23173 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently – please contact 1E to arrange this2023-10-13not yet calculatedCVE-2023-45162
MISC
70mai — a500s
 
Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols.2023-10-09not yet calculatedCVE-2023-43271
MISC
MISC
babel — babel
 
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any “polyfill provider” plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/[email protected]` and `@babel/[email protected]`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.2023-10-12not yet calculatedCVE-2023-45133
MISC
MISC
MISC
MISC
MISC
beyondtrust — privileged_remote_access
 
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.2023-10-12not yet calculatedCVE-2023-23632
MISC
broadcom — lsi_pci-sv92ex
 
An issue was discovered in Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns.2023-10-10not yet calculatedCVE-2023-31096
MISC
MISC
cachethq — cachet
 
Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue.2023-10-11not yet calculatedCVE-2023-43661
MISC
MISC
citrix — netscaler_adc/gateway
 
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. 2023-10-10not yet calculatedCVE-2023-4966
MISC
d-link — dap-x1860
 
A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service.2023-10-10not yet calculatedCVE-2023-45208
MISC
dell — dell_openmanage_server_administratorDell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise.2023-10-13not yet calculatedCVE-2023-43079
MISC
delta_electronics — dvp32es2_plc
 
A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. VDB-241582 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-09not yet calculatedCVE-2023-5459
MISC
MISC
MISC
devolutions — server
 
Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request.2023-10-13not yet calculatedCVE-2023-5240
MISC
digital_agency — e-gov_client_application_for_windows
 
e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack.2023-10-11not yet calculatedCVE-2023-44689
MISC
MISC
eclipse — jetty
 
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.2023-10-10not yet calculatedCVE-2023-36478
MISC
MISC
MISC
MISC
MISC
election_services_co. — internet_election_serviceElection Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12.2023-10-10not yet calculatedCVE-2023-4309
MISC
MISC
MISC
elenos — etg150
 
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12.2023-10-11not yet calculatedCVE-2023-45396
MISC
erlang — erlang
 
In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.2023-10-10not yet calculatedCVE-2023-45312
MISC
ethernut — nut/os
 
An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.2023-10-10not yet calculatedCVE-2020-27213
MISC
MISC
MISC
MISC
farmbot — farmbot-web-app
 
Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot’s web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue.2023-10-14not yet calculatedCVE-2023-45674
MISC
fortinet — fortiedr
 
A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request2023-10-13not yet calculatedCVE-2023-33303
MISC
fortinet — fortisandbox
 
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.2023-10-13not yet calculatedCVE-2023-41680
MISC
fortinet — fortisandbox
 
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests.2023-10-13not yet calculatedCVE-2023-41681
MISC
fortinet — fortisandbox
 
A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests.2023-10-13not yet calculatedCVE-2023-41682
MISC
fortinet — fortisandbox
 
An improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests.2023-10-13not yet calculatedCVE-2023-41836
MISC
fortinet — fortisandbox
 
A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests.2023-10-13not yet calculatedCVE-2023-41843
MISC
frappe_lms — frappe_lms
 
Cross-site Scripting (XSS) – Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4.2023-10-12not yet calculatedCVE-2023-5555
MISC
MISC
frappe_lms — frappe_lms
 
Cross-site Scripting (XSS) – Reflected in GitHub repository structurizr/onpremises prior to 3194.2023-10-12not yet calculatedCVE-2023-5556
MISC
MISC
froxlor — froxlor
 
Cross-site Scripting (XSS) – Stored in GitHub repository froxlor/froxlor prior to 2.0.22.2023-10-13not yet calculatedCVE-2023-4829
MISC
MISC
froxlor — froxlor
 
Cross-site Scripting (XSS) – Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1.2023-10-13not yet calculatedCVE-2023-5564
MISC
MISC
garden-io — garden
 
Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the Kubernetes `ConfigMap` resources prefixed with `test-result` and `run-result` to cache Garden test and run results. These `ConfigMaps` are stored either in the `garden-system` namespace or the configured user namespace. When a user invokes the command `garden test` or `garden run` objects stored in the `ConfigMap` are retrieved and deserialized. This can be used by an attacker with access to the Kubernetes cluster to store malicious objects in the `ConfigMap`, which can trigger a remote code execution on the users machine when cryo deserializes the object. In order to exploit this vulnerability, an attacker must have access to the Kubernetes cluster used to deploy garden remote environments. Further, a user must actively invoke either a `garden test` or `garden run` which has previously cached results. The issue has been patched in Garden versions `0.13.17` (Bonsai) and `0.12.65` (Acorn). Only Garden versions prior to these are vulnerable. No known workarounds are available.2023-10-09not yet calculatedCVE-2023-44392
MISC
MISC
go_standard_library — net/http
 
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.2023-10-11not yet calculatedCVE-2023-39325
MISC
MISC
MISC
MISC
MISC
google — android
 
In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.2023-10-11not yet calculatedCVE-2023-35649
MISC
google — android
 
In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.2023-10-11not yet calculatedCVE-2023-35660
MISC
google — android
 
In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-11not yet calculatedCVE-2023-35661
MISC
google — android
 
There is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-11not yet calculatedCVE-2023-35662
MISC
google — android
 
There is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-11not yet calculatedCVE-2023-3781
MISC
google — android
 
In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-11not yet calculatedCVE-2023-40141
MISC
google — android
 
In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.2023-10-11not yet calculatedCVE-2023-40142
MISC
gpac — gpac
 
An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c.2023-10-12not yet calculatedCVE-2023-42298
MISC
granding_utime_master — granding_utime_master
 
A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.2023-10-13not yet calculatedCVE-2023-45391
MISC
granding_utime_master — granding_utime_master
 
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.2023-10-13not yet calculatedCVE-2023-45393
MISC
hcl_software — bigfix_insights_for_vulnerability_remediationBigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.2023-10-11not yet calculatedCVE-2022-44757
MISC
hcl_software — bigfix_insights_for_vulnerability_remediationBigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.2023-10-11not yet calculatedCVE-2022-44758
MISC
hcl_software — bigfix_patch_managementCertain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user.2023-10-11not yet calculatedCVE-2022-42451
MISC
hcl_software — bigfix_platform
 
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.2023-10-11not yet calculatedCVE-2023-37536
MISC
hcl_software — digital_experience
 
HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site).2023-10-11not yet calculatedCVE-2023-37538
MISC
hestiacp — hestiacp
 
Cross-site Scripting (XSS) – Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6.2023-10-13not yet calculatedCVE-2023-4517
MISC
MISC
hp_inc. — hp_displays
 
A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated.2023-10-13not yet calculatedCVE-2023-5449
MISC
hp_inc. — hp_life_android_mobile
 
HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability.2023-10-13not yet calculatedCVE-2023-5409
MISC
hp_inc. — hp_thinupdate
 
A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability.2023-10-13not yet calculatedCVE-2023-4499
MISC
huawei — harmonyos
 
Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window.2023-10-11not yet calculatedCVE-2023-41304
MISC
MISC
huawei — harmonyos
 
Vulnerability of package names’ public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality.2023-10-11not yet calculatedCVE-2023-44093
MISC
MISC
huawei — harmonyos
 
Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart.2023-10-11not yet calculatedCVE-2023-44094
MISC
MISC
huawei — harmonyos
 
Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash.2023-10-11not yet calculatedCVE-2023-44095
MISC
MISC
huawei — harmonyos
 
Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality.2023-10-11not yet calculatedCVE-2023-44096
MISC
MISC
huawei — harmonyos
 
Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality.2023-10-11not yet calculatedCVE-2023-44097
MISC
MISC
huawei — harmonyos
 
Broadcast permission control vulnerability in the Bluetooth module. Successful exploitation of this vulnerability may affect service confidentiality.2023-10-11not yet calculatedCVE-2023-44100
MISC
MISC
huawei — harmonyos
 
The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality.2023-10-11not yet calculatedCVE-2023-44101
MISC
huawei — harmonyos
 
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable.2023-10-11not yet calculatedCVE-2023-44102
MISC
MISC
huawei — harmonyos
 
Out-of-bounds read vulnerability in the Bluetooth module. Successful exploitation of this vulnerability may affect service confidentiality.2023-10-11not yet calculatedCVE-2023-44103
MISC
MISC
huawei — harmonyos
 
Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality.2023-10-11not yet calculatedCVE-2023-44104
MISC
MISC
huawei — harmonyos
 
Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality.2023-10-11not yet calculatedCVE-2023-44109
MISC
MISC
huawei — harmonyos
 
Vulnerability of brute-force attacks on the device authentication module. Successful exploitation of this vulnerability may affect service confidentiality.2023-10-11not yet calculatedCVE-2023-44111
MISC
MISC
ibm — app_connect_enterprise
 
IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833.2023-10-13not yet calculatedCVE-2023-40682
MISC
MISC
ibm — app_connect_enterprise
 
IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998.2023-10-14not yet calculatedCVE-2023-45176
MISC
MISC
ibm — cloud_pak_for_business_automation
 
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.2023-10-14not yet calculatedCVE-2023-35024
MISC
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 2541382023-10-14not yet calculatedCVE-2023-30994
MISC
MISC
ibm — qradar_siem
 
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.2023-10-14not yet calculatedCVE-2023-40367
MISC
MISC
ibm — security_directory_serverIBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505.2023-10-14not yet calculatedCVE-2022-32755
MISC
MISC
ibm — security_directory_serverIBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569.2023-10-14not yet calculatedCVE-2022-33161
MISC
MISC
MISC
ibm — security_directory_serverIBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582.2023-10-14not yet calculatedCVE-2022-33165
MISC
MISC
MISC
ibm — security_verify_accessIBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921.2023-10-14not yet calculatedCVE-2022-43740
MISC
MISC
ibm — security_verify_accessIBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445.2023-10-14not yet calculatedCVE-2022-43868
MISC
MISC
icecms — icecms
 
An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting.2023-10-12not yet calculatedCVE-2023-40833
MISC
inspect_element_ltd. — echo.ac
 
An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor’s position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was “deactivated by Microsoft itself.”2023-10-11not yet calculatedCVE-2023-38817
MISC
json-java — json-java
 
Denial of Service in JSON-Java versions up to and including 20230618.  A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. 2023-10-12not yet calculatedCVE-2023-5072
MISC
MISC
juniper_networks — junos_os
 
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command “show chassis fpc”. The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed. expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware expr_dfw_base_hw_add:52 Failed to add h/w sfm data. expr_dfw_base_hw_create:114 Failed to add h/w data. expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__ expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0 expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0! expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure expr_dfw_bp_topo_handler:1102 Failed to program fnum. expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__. This issue affects Juniper Networks Junos OS: on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S2, 21.4R3; * 22.1 versions prior to 22.1R1-S2, 22.1R2. on PTX3000, PTX5000, QFX10000: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3 * 22.2 versions prior to 22.2R3-S1 * 22.3 versions prior to 22.3R2-S2, 22.3R3 * 22.4 versions prior to 22.4R2.2023-10-12not yet calculatedCVE-2023-22392
MISC
juniper_networks — junos_os
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover. This issue affects interfaces with PPPoE configured and tcp-mss enabled. This issue affects Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2.2023-10-12not yet calculatedCVE-2023-36841
MISC
juniper_networks — junos_os
 
An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device. This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’). This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8, 20.4R3-S9; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3;2023-10-12not yet calculatedCVE-2023-36843
MISC
juniper_networks — junos_os
 
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3.2023-10-13not yet calculatedCVE-2023-44176
MISC
juniper_networks — junos_os
 
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1; * 23.2 versions prior to 23.2R2.2023-10-13not yet calculatedCVE-2023-44178
MISC
juniper_networks — junos_os
 
An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k.2023-10-13not yet calculatedCVE-2023-44181
MISC
MISC
juniper_networks — junos_os
 
An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur. An indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing. Use the following command to determine if FPC0 has gone missing from the device. show chassis fpc detail This issue affects: Juniper Networks Junos OS on QFX5000 Series, EX4600 Series: * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2.2023-10-13not yet calculatedCVE-2023-44183
MISC
MISC
MISC
juniper_networks — junos_os
 
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition. This issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart. This issue affects: Juniper Networks Junos OS: * 20.4 versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.1 versions prior to 23.1R2; * 23.2 versions prior to 23.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1.2023-10-11not yet calculatedCVE-2023-44188
MISC
juniper_networks — junos_os
 
An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R12023-10-13not yet calculatedCVE-2023-44191
MISC
juniper_networks — junos_os
 
An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak. To confirm the memory leak, monitor for “sheaf:possible leak” and “vtep not found” messages in the logs. This issue affects: Juniper Networks Junos OS QFX5000 Series: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2.2023-10-13not yet calculatedCVE-2023-44192
MISC
juniper_networks — junos_os
 
An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 – MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S1; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2.2023-10-13not yet calculatedCVE-2023-44193
MISC
juniper_networks — junos_os
 
An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S1.2023-10-13not yet calculatedCVE-2023-44194
MISC
juniper_networks — junos_os
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn’t not affected releases prior to 20.4R1.2023-10-13not yet calculatedCVE-2023-44198
MISC
juniper_networks — junos_os
 
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2.2023-10-13not yet calculatedCVE-2023-44199
MISC
juniper_networks — junos_os
 
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2.2023-10-13not yet calculatedCVE-2023-44203
MISC
juniper_networks — junos_os/junos_evo
 
A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R2. Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S1-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO.2023-10-13not yet calculatedCVE-2023-44177
MISC
juniper_networks — junos_os/os_evolved
 
An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service (DoS). This issue occurs when specific LLDP packets are received, and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2; Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 version 21.1R1-EVO and later versions; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S3-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R1-S1-EVO;2023-10-12not yet calculatedCVE-2023-36839
MISC
juniper_networks — junos_os/os_evolved
 
A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO.2023-10-12not yet calculatedCVE-2023-44175
MISC
juniper_networks — junos_os/os_evolved
 
An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operator’s actions to occur. Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S3-EVO; * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.2023-10-13not yet calculatedCVE-2023-44182
MISC
MISC
MISC
juniper_networks — junos_os/os_evolved
 
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device’s control plane. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command: mgd process example: user@device-re#> show system processes extensive | match “mgd|PID” | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity: While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with “client-mode ‘netconf'” For example: mgd[38121]: UI_LOGIN_EVENT: User ‘root’ login, class ‘super-user’ [38121], ssh-connection ‘10.1.1.1 201 55480 10.1.1.2 22’, client-mode ‘netconf’2023-10-13not yet calculatedCVE-2023-44184
MISC
juniper_networks — junos_os/os_evolved
 
An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS) to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO.2023-10-13not yet calculatedCVE-2023-44185
MISC
juniper_networks — junos_os/os_evolved
 
An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition. This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor. This issue affects: Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R2. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions prior to 22.2R3-S2-EVO; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO.2023-10-11not yet calculatedCVE-2023-44186
MISC
juniper_networks — junos_os/os_evolved
 
An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later versions; * 21.2-EVO versions prior to 21.2R3-S2-EVO; * 21.3-EVO version 21.3R1-EVO and later versions; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO.2023-10-13not yet calculatedCVE-2023-44197
MISC
juniper_networks — junos_os/os_evolved
 
An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO.2023-10-13not yet calculatedCVE-2023-44201
MISC
juniper_networks — junos_os/os_evolved
 
An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO;2023-10-13not yet calculatedCVE-2023-44204
MISC
juniper_networks — junos_os_evolved
 
An Exposure of Sensitive Information vulnerability in the ‘file copy’ command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S7-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R2-EVO.2023-10-11not yet calculatedCVE-2023-44187
MISC
juniper_networks — junos_os_evolved
 
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series: * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 version 22.2R1-EVO and later versions; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO.2023-10-11not yet calculatedCVE-2023-44189
MISC
juniper_networks — junos_os_evolved
 
An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016: * All versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions 22.2R1-EVO and later; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO.2023-10-11not yet calculatedCVE-2023-44190
MISC
juniper_networks — junos_os_evolved
 
An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access. CVE-2023-44196 is a prerequisite for this issue. This issue affects Juniper Networks Junos OS Evolved: * 21.3-EVO versions prior to 21.3R3-S5-EVO; * 21.4-EVO versions prior to 21.4R3-S4-EVO; * 22.1-EVO version 22.1R1-EVO and later; * 22.2-EVO version 22.2R1-EVO and later; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4-EVO versions prior to 22.4R3-EVO. This issue does not affect Junos OS Evolved versions prior to 21.3R1-EVO.2023-10-13not yet calculatedCVE-2023-44195
MISC
juniper_networks — junos_os_evolved
 
An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later; * 21.2-EVO versions prior to 21.2R3-S6-EVO; * 21.3-EVO version 21.3R1-EVO and later; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-S4-EVO; * 22.2-EVO versions prior to 22.2R3-S3-EVO; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R2-EVO.2023-10-13not yet calculatedCVE-2023-44196
MISC
keyence_corporation — kv_studio
 
Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed, or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file.2023-10-11not yet calculatedCVE-2023-42138
MISC
MISC
knime — knime_analytics_platform
 
An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently. KNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks. KNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor’s knime.ini.2023-10-12not yet calculatedCVE-2023-5562
MISC
koha_library_software — koha_library_software
 
SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component.2023-10-11not yet calculatedCVE-2023-44961
MISC
koha_library_software — koha_library_software
 
File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component.2023-10-11not yet calculatedCVE-2023-44962
MISC
kubernetes — kopsPrivilege Escalation in kOps using GCE/GCP Provider in Gossip Mode.2023-10-12not yet calculatedCVE-2023-1943
MISC
MISC
libcue — libcue
 
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.2023-10-09not yet calculatedCVE-2023-43641
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
libxpm — libxpm
 
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.2023-10-12not yet calculatedCVE-2023-43789
MISC
MISC
line_corporation — line_client_for_ios
 
Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0.2023-10-12not yet calculatedCVE-2023-5554
MISC
linux — kernel
 
An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers.2023-10-13not yet calculatedCVE-2023-42752
MISC
MISC
MISC
MISC
linux — kernel
 
An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation.2023-10-14not yet calculatedCVE-2023-45862
MISC
MISC
linux — kernel
 
An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write.2023-10-14not yet calculatedCVE-2023-45863
MISC
MISC
macrium — reflect
 
A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.2023-10-10not yet calculatedCVE-2023-43896
MISC
MISC
matter — multiple_productsInsecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.2023-10-10not yet calculatedCVE-2023-42189
MISC
MISC
MISC
mcl_technologies — mcl-net
 
Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files.2023-10-11not yet calculatedCVE-2023-4990
MISC
micro_research_ltd. — mr-gm2
 
Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration.2023-10-11not yet calculatedCVE-2023-45194
MISC
MISC
mitsubishi_electric_corporation — melsec-f_seriesImproper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages.2023-10-13not yet calculatedCVE-2023-4562
MISC
MISC
MISC
netapp — ontap_9
 
ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service.2023-10-12not yet calculatedCVE-2023-27314
MISC
netapp — snapcenter
 
SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user.2023-10-12not yet calculatedCVE-2023-27313
MISC
netapp — snapcenter
 
SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.2023-10-12not yet calculatedCVE-2023-27316
MISC
MISC
netapp — snapcenter_plugin_for_vmware_vsphere
 
SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface.2023-10-12not yet calculatedCVE-2023-27312
MISC
netapp — snapgathers
 
SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials2023-10-12not yet calculatedCVE-2023-27315
MISC
netis_systems — n3m
 
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.2023-10-13not yet calculatedCVE-2023-45463
MISC
netis_systems — n3m
 
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.2023-10-13not yet calculatedCVE-2023-45464
MISC
netis_systems — n3m
 
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.2023-10-13not yet calculatedCVE-2023-45465
MISC
netis_systems — n3m
 
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.2023-10-13not yet calculatedCVE-2023-45466
MISC
netis_systems — n3m
 
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.2023-10-13not yet calculatedCVE-2023-45467
MISC
netis_systems — n3m
 
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.2023-10-13not yet calculatedCVE-2023-45468
MISC
nextcloud — nextcloud_server
 
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available.2023-10-13not yet calculatedCVE-2023-39960
MISC
MISC
MISC
node-qpdf — node-qpdf
 
All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path.2023-10-14not yet calculatedCVE-2023-26155
MISC
MISC
nodejs — undici
 
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici’s implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.2023-10-12not yet calculatedCVE-2023-45143
MISC
MISC
MISC
MISC
MISC
opart — opartmultihtmlblock
 
Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php.2023-10-14not yet calculatedCVE-2023-30148
MISC
opentelemetry-go — opentelemetry-go
 
OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server’s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it.2023-10-12not yet calculatedCVE-2023-45142
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
oracle — apache_airflow
 
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.2023-10-14not yet calculatedCVE-2023-42663
MISC
MISC
oracle — apache_airflow
 
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.2023-10-14not yet calculatedCVE-2023-42780
MISC
MISC
oracle — apache_airflow
 
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn’t. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.2023-10-14not yet calculatedCVE-2023-42792
MISC
MISC
oracle — apache_airflow
 
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the “expose_config” option is set to “non-sensitive-only”. The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected.2023-10-14not yet calculatedCVE-2023-45348
MISC
MISC
oracle — apache_tomcat
 
Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.2023-10-10not yet calculatedCVE-2023-42794
MISC
MISC
oracle — apache_tomcat
 
Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.2023-10-10not yet calculatedCVE-2023-42795
MISC
MISC
MISC
MISC
MISC
oracle — apache_zookeeper
 
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it’s missing, like ‘[email protected]’, the authorization check will be skipped. As a result, an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration.2023-10-11not yet calculatedCVE-2023-44981
MISC
MISC
oracle — apache_tomcat
 
Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.2023-10-10not yet calculatedCVE-2023-45648
MISC
MISC
MISC
MISC
MISC
paritytech — frontier
 
Frontier is Substrate’s Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier’s maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain’s limit. This is especially an issue for XCM transactions, because they can’t be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it’s recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It’s recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds.2023-10-13not yet calculatedCVE-2023-45130
MISC
MISC
MISC
peplink — surf_soho_hw1An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.2023-10-11not yet calculatedCVE-2023-27380
MISC
peplink — surf_soho_hw1
 
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.2023-10-11not yet calculatedCVE-2023-28381
MISC
peplink — surf_soho_hw1
 
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user’s browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.2023-10-11not yet calculatedCVE-2023-34354
MISC
peplink — surf_soho_hw1
 
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.2023-10-11not yet calculatedCVE-2023-34356
MISC
peplink — surf_soho_hw1
 
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.2023-10-11not yet calculatedCVE-2023-35193
MISC
peplink — surf_soho_hw1
 
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`.2023-10-11not yet calculatedCVE-2023-35194
MISC
phpjabbers — limo_booking_software
 
PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI.2023-10-12not yet calculatedCVE-2023-43147
MISC
plixer — scrutinizerAn issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results.2023-10-12not yet calculatedCVE-2023-41261
MISC
plixer — scrutinizerAn issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application’s backend database server.2023-10-12not yet calculatedCVE-2023-41262
MISC
plixer — scrutinizerAn issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information.2023-10-12not yet calculatedCVE-2023-41263
MISC
portábilis — i-educar
 
A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument cod_agenda with the input “);’> <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-14not yet calculatedCVE-2023-5578
MISC
MISC
prestashop — prestashop
 
Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the ‘id_product’ parameter in hooks DisplayRightColumnProduct and DisplayProductButtons.2023-10-14not yet calculatedCVE-2023-30154
MISC
qbittorrent — qbittorrent_client
 
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the “external program” feature in the web user interface. This was reportedly exploited in the wild in March 2023.2023-10-10not yet calculatedCVE-2023-30801
MISC
MISC
qdPM — qdPM
 
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.2023-10-14not yet calculatedCVE-2023-45855
MISC
MISC
qdPM — qdPM
 
qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI.2023-10-14not yet calculatedCVE-2023-45856
MISC
MISC
qdocs — smart_school
 
A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-10not yet calculatedCVE-2023-5495
MISC
MISC
MISC
qnap_systems_inc. — container_station
 
An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Container Station 2.6.7.44 and later2023-10-13not yet calculatedCVE-2023-32976
MISC
qnap_systems_inc. — multiple_products
 
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later2023-10-13not yet calculatedCVE-2023-32970
MISC
qnap_systems_inc. — multiple_products
 
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTScloud c5.1.0.2498 and later2023-10-13not yet calculatedCVE-2023-32974
MISC
qnap_systems_inc. — qts
 
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later2023-10-13not yet calculatedCVE-2023-32973
MISC
qnap_systems_inc. — video_station
 
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later2023-10-13not yet calculatedCVE-2023-34975
MISC
qnap_systems_inc. — video_station
 
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later2023-10-13not yet calculatedCVE-2023-34976
MISC
rockwell_automation — factorytalk_linx
 
FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol.2023-10-13not yet calculatedCVE-2023-29464
MISC
sandbox — sandbox
 
A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242144.2023-10-14not yet calculatedCVE-2023-5579
MISC
MISC
MISC
sap_se — sap_netweaver_as_java
 
SAP NetWeaver AS Java (GRMG Heartbeat application) – version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.2023-10-10not yet calculatedCVE-2023-42477
MISC
MISC
shenzhen_reachfar_technology_company_limited — shenzhen_reachfar_v28
 
Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week’s logs stored in the ‘log2’ directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.2023-10-10not yet calculatedCVE-2023-5499
MISC
softether_vpn — softether_vpnAn integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.2023-10-12not yet calculatedCVE-2023-22308
MISC
softether_vpn — softether_vpnA denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.2023-10-12not yet calculatedCVE-2023-22325
MISC
MISC
softether_vpn — softether_vpnA denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service.2023-10-12not yet calculatedCVE-2023-23581
MISC
softether_vpn — softether_vpnA denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.2023-10-12not yet calculatedCVE-2023-25774
MISC
softether_vpn — softether_vpnAn information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.2023-10-12not yet calculatedCVE-2023-31192
MISC
MISC
softether_vpn — softether_vpn
 
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.2023-10-12not yet calculatedCVE-2023-27395
MISC
MISC
softether_vpn — softether_vpn
 
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.2023-10-12not yet calculatedCVE-2023-27516
MISC
MISC
softether_vpn — softether_vpn
 
An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.2023-10-12not yet calculatedCVE-2023-32275
MISC
MISC
softether_vpn — softether_vpn
 
An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.2023-10-12not yet calculatedCVE-2023-32634
MISC
MISC
sourcecodester — library_system
 
A vulnerability classified as critical has been found in SourceCodester Library System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-242145 was assigned to this vulnerability.2023-10-14not yet calculatedCVE-2023-5580
MISC
MISC
MISC
sourcecodester — medicine_tracker_system
 
A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability.2023-10-14not yet calculatedCVE-2023-5581
MISC
MISC
MISC
spa-cart — spa-cart
 
SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts.2023-10-12not yet calculatedCVE-2023-43148
MISC
spa-cart — spa-cart
 
SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status.2023-10-12not yet calculatedCVE-2023-43149
MISC
synapse — synapse
 
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.2023-10-10not yet calculatedCVE-2023-45129
MISC
MISC
MISC
synaptics — displaylink_usb_graphics_software_for_windows
 
It is possible to sideload a compromised DLL during the installation at elevated privilege.2023-10-11not yet calculatedCVE-2023-4936
MISC
MISC
MISC
tencent_enterprise — wechat_privatization
 
There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000.2023-10-12not yet calculatedCVE-2023-40829
MISC
tibco_software_inc. — spotfire_analyst
 
The Spotfire Library component of TIBCO Software Inc.’s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1.2023-10-10not yet calculatedCVE-2023-26220
MISC
tongda — oa
 
A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 is the identifier assigned to this vulnerability.2023-10-10not yet calculatedCVE-2023-5497
MISC
MISC
MISC
tracker-miners — tracker-miners
 
A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability.2023-10-13not yet calculatedCVE-2023-5557
MISC
MISC
translator — poqdev_add-on
 
A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-10not yet calculatedCVE-2023-5496
MISC
MISC
MISC
tsmuxer — tsmuxer
 
tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error.2023-10-12not yet calculatedCVE-2023-45510
MISC
MISC
tsmuxer — tsmuxer
 
A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.2023-10-12not yet calculatedCVE-2023-45511
MISC
MISC
vantage6 — vantage6
 
vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username ’13’, they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character.2023-10-11not yet calculatedCVE-2023-28635
MISC
MISC
MISC
vantage6 — vantage6
 
vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds.2023-10-11not yet calculatedCVE-2023-41881
MISC
MISC
MISC
vantage6 — vantage6
 
vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds.2023-10-11not yet calculatedCVE-2023-41882
MISC
MISC
MISC
viessmann_manufacturing_co._inc. — vitogate_300
 
In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.2023-10-14not yet calculatedCVE-2023-45852
MISC
MISC
vim — vim
 
Use After Free in GitHub repository vim/vim prior to v9.0.2010.2023-10-11not yet calculatedCVE-2023-5535
MISC
MISC
vriteio — vriteio/vrite
 
Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0.2023-10-13not yet calculatedCVE-2023-5571
MISC
MISC
vriteio — vriteio/vrite
 
Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0.2023-10-13not yet calculatedCVE-2023-5572
MISC
MISC
vriteio — vriteio/vrite
 
Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0.2023-10-13not yet calculatedCVE-2023-5573
MISC
MISC
wargio — naxsi
 
NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions.2023-10-11not yet calculatedCVE-2023-45132
MISC
MISC
MISC
wordpress — wordpressUnauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions.2023-10-12not yet calculatedCVE-2023-23737
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions.2023-10-12not yet calculatedCVE-2023-45102
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions.2023-10-13not yet calculatedCVE-2023-45109
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions.2023-10-12not yet calculatedCVE-2023-32124
MISC
wordpress — wordpress
 
Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions.2023-10-13not yet calculatedCVE-2023-38000
MISC
MISC
MISC
wordpress — wordpress
 
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38.2023-10-13not yet calculatedCVE-2023-39999
MISC
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions.2023-10-12not yet calculatedCVE-2023-41131
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions.2023-10-11not yet calculatedCVE-2023-44997
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions.2023-10-12not yet calculatedCVE-2023-44998
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.2023-10-12not yet calculatedCVE-2023-45011
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions.2023-10-12not yet calculatedCVE-2023-45048
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions.2023-10-12not yet calculatedCVE-2023-45052
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions.2023-10-12not yet calculatedCVE-2023-45058
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions.2023-10-12not yet calculatedCVE-2023-45060
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions.2023-10-12not yet calculatedCVE-2023-45063
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions.2023-10-12not yet calculatedCVE-2023-45068
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.2023-10-12not yet calculatedCVE-2023-45103
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.2023-10-12not yet calculatedCVE-2023-45106
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions.2023-10-13not yet calculatedCVE-2023-45107
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions.2023-10-13not yet calculatedCVE-2023-45108
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions.2023-10-13not yet calculatedCVE-2023-45267
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions.2023-10-13not yet calculatedCVE-2023-45268
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.23 versions.2023-10-13not yet calculatedCVE-2023-45269
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.2023-10-13not yet calculatedCVE-2023-45270
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions.2023-10-13not yet calculatedCVE-2023-45276
MISC
xiaomi — xiaomi_router
 
Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers.2023-10-11not yet calculatedCVE-2023-26318
MISC
xiaomi — xiaomi_router
 
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Xiaomi Xiaomi Router allows Command Injection.2023-10-11not yet calculatedCVE-2023-26319
MISC
xiaomi — xiaomi_router
 
Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Xiaomi Xiaomi Router allows Command Injection.2023-10-11not yet calculatedCVE-2023-26320
MISC
xinje — xd5e-30r-e
 
A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-09not yet calculatedCVE-2023-5462
MISC
MISC
MISC
xinje — xdppro
 
A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-10-09not yet calculatedCVE-2023-5463
MISC
MISC
MISC
xwiki-contrib — application-changerequest
 
Change Request is an application allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it’s possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights. The vulnerability has been fixed in Change Request 1.9.2. It’s possible to work around the issue without upgrading by editing the document `ChangeRequest.Code.ChangeRequestSheet` and by performing the same change as in the fix commit.2023-10-12not yet calculatedCVE-2023-45138
MISC
MISC
MISC
zabbix — zabbix
 
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., “var a = {{.}}”), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.2023-10-12not yet calculatedCVE-2023-29453
MISC
zabbix — zabbix
 
A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.2023-10-12not yet calculatedCVE-2023-32721
MISC
zabbix — zabbix
 
The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open.2023-10-12not yet calculatedCVE-2023-32722
MISC
zabbix — zabbix
 
Request to LDAP is sent before user permissions are checked.2023-10-12not yet calculatedCVE-2023-32723
MISC
zabbix — zabbix
 
Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation.2023-10-12not yet calculatedCVE-2023-32724
MISC
zebra_technologies — ztc_zt410
 
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled.2023-10-11not yet calculatedCVE-2023-4957
MISC
zephyr — zephyr
 
Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows.2023-10-13not yet calculatedCVE-2023-4257
MISC
zephyr — zephyr
 
Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver2023-10-13not yet calculatedCVE-2023-4263
MISC
zephyr — zephyr
 
The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception.2023-10-13not yet calculatedCVE-2023-5563
MISC
zitadel — zitadel
 
ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called “Ignoring unknown usernames” which helps mitigate attacks that try to guess/enumerate usernames. While this setting was properly working during the authentication process it did not work correctly on the password reset flow. This meant that even if this feature was active that an attacker could use the password reset function to verify if an account exists within ZITADEL. This bug has been patched in versions 2.37.3 and 2.38.0. No known workarounds are available.2023-10-10not yet calculatedCVE-2023-44399
MISC
MISC
MISC
zlib — zlib
 
MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product.2023-10-14not yet calculatedCVE-2023-45853
MISC
MISC
MISC
MISC
MISC
zpe_systems,_inc — nodegrid_os
 
An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component.2023-10-14not yet calculatedCVE-2023-44037
CONFIRM
zzzcms — zzzcms
 
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147.2023-10-14not yet calculatedCVE-2023-5582
MISC
MISC
MISC

Back to top


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.