US-CERT Vulnerability Summary for the Week of October 9, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
High Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
3ds — teamwork_cloud_no_magic_release | A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server. | 2023-10-09 | 8.8 | CVE-2023-3589 MISC |
acronis — agent | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497. | 2023-10-09 | 7.3 | CVE-2023-45248 MISC |
acronis — agent | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895. | 2023-10-06 | 7.1 | CVE-2023-45244 MISC |
acronis — agent | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343. | 2023-10-06 | 7.1 | CVE-2023-45246 MISC |
acronis — agent | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497. | 2023-10-09 | 7.1 | CVE-2023-45247 MISC |
adobe — commerce | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation. | 2023-10-13 | 8.8 | CVE-2023-38218 MISC |
adobe — commerce | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. Payload is stored in an admin area, resulting in high confidentiality and integrity impact. | 2023-10-13 | 8.7 | CVE-2023-38219 MISC |
adobe — commerce | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in a security feature bypass in a way that an attacker could access unauthorised data. Exploitation of this issue does not require user interaction. | 2023-10-13 | 7.5 | CVE-2023-38220 MISC |
adobe — photoshop_2022 | Adobe Photoshop versions 23.5.5 (and earlier) and 24.7 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-10-11 | 7.8 | CVE-2023-26370 MISC |
arm — mbed_tls | Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. | 2023-10-07 | 9.8 | CVE-2023-45199 MISC |
arm — mbed_tls | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | 2023-10-07 | 7.5 | CVE-2023-43615 MISC FEDORA |
atos — unify_openscape_4000_manager | Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm. This is also known as OSFOURK-24034. | 2023-10-09 | 8.8 | CVE-2023-45350 MISC MISC |
atos — unify_openscape_4000_manager | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039. | 2023-10-09 | 8.8 | CVE-2023-45351 MISC MISC |
atos — unify_openscape_4000_manager | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120. | 2023-10-09 | 8.8 | CVE-2023-45355 MISC MISC |
atos — unify_openscape_4000_manager | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719. | 2023-10-09 | 8.8 | CVE-2023-45356 MISC MISC |
atos — unify_openscape_4000_manager | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722. | 2023-10-09 | 7.5 | CVE-2023-45349 MISC MISC |
atos — unify_openscape_common_management | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592. | 2023-10-09 | 8.8 | CVE-2023-45352 MISC MISC |
atos — unify_openscape_common_management | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591. | 2023-10-09 | 8.8 | CVE-2023-45353 MISC MISC |
atos — unify_openscape_common_management | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. This is also known as OCMP-6589. | 2023-10-09 | 8.8 | CVE-2023-45354 MISC MISC |
bainternet — shortcodes_ui | Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. | 2023-10-10 | 8.8 | CVE-2023-44994 MISC |
biltay_technology — kayisi | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Kayisi: before 1286. | 2023-10-12 | 10 | CVE-2023-5045 MISC |
biltay_technology — procost | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Procost: before 1390. | 2023-10-12 | 10 | CVE-2023-5046 MISC |
byzoro — smart_s45f_firmware | A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-10 | 8.8 | CVE-2023-5488 MISC MISC MISC |
byzoro — smart_s45f_firmware | A vulnerability classified as critical has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-10 | 8.8 | CVE-2023-5489 MISC MISC MISC |
byzoro — smart_s45f_firmware | A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-10 | 8.8 | CVE-2023-5490 MISC MISC MISC |
byzoro — smart_s45f_firmware | A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-10 | 8.8 | CVE-2023-5491 MISC MISC MISC |
byzoro — smart_s45f_firmware | A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Affected is an unknown function of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241644. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-10 | 8.8 | CVE-2023-5492 MISC MISC MISC |
byzoro — smart_s45f_firmware | A vulnerability has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241645 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-10 | 8.8 | CVE-2023-5493 MISC MISC MISC |
byzoro — smart_s45f_firmware | A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-241646 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-10 | 8.8 | CVE-2023-5494 MISC MISC MISC |
contiki-ng — contiki-ng | In Contiki 4.5, TCP ISNs are improperly random. | 2023-10-10 | 9.1 | CVE-2020-27634 MISC MISC MISC |
d-link — dir-820l_firmware | D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. | 2023-10-06 | 9.8 | CVE-2023-44807 MISC MISC |
d-link — dph-400se_firmware | An issue in DLINK DPH-400SE FRU 2.2.15.8 allows a remote attacker to escalate privileges via the User Modify function in the Maintenance/Access function component. | 2023-10-11 | 8.8 | CVE-2023-43960 MISC MISC |
d-link — dsl-3782_firmware | An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | 2023-10-10 | 8.8 | CVE-2023-44959 MISC |
decidim — decidim | Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn’t enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4. | 2023-10-06 | 7.1 | CVE-2023-36465 MISC MISC MISC |
easycorp — zentao | An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | 2023-10-10 | 8.8 | CVE-2023-44827 MISC |
f5 — big-ip | When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user’s role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 7.2 | CVE-2023-42768 MISC |
f5 — big-ip | A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 9.9 | CVE-2023-41373 MISC |
f5 — big-ip | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 8.7 | CVE-2023-43746 MISC |
f5 — big-ip | An authenticated user’s session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 8.1 | CVE-2023-40537 MISC |
f5 — big-ip | When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 7.5 | CVE-2023-40534 MISC |
f5 — big-ip | When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2023-10-10 | 7.5 | CVE-2023-40542 MISC |
f5 — big-ip | When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 7.5 | CVE-2023-41085 MISC |
f5 — big-ip_edge_client | An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 7.3 | CVE-2023-5450 MISC |
f5 — big-ip_edge_client | The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2023-10-10 | 7.8 | CVE-2023-43611 MISC |
f5 — big-ip_next_spk | The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 2023-10-10 | 7.4 | CVE-2023-45226 MISC |
facebook — tac_plus | A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | 2023-10-06 | 9.8 | CVE-2023-45239 MISC MISC MISC |
farmacia — farmacia | A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument usario/senha leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241608. | 2023-10-10 | 7.5 | CVE-2023-5471 MISC MISC MISC |
fnet — fnet | In FNET 4.6.3, TCP ISNs are improperly random. | 2023-10-10 | 9.1 | CVE-2020-27633 MISC MISC MISC |
fortinet — fortiadc | An improper neutralization of special elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function. | 2023-10-10 | 7.8 | CVE-2023-25607 MISC |
fortinet — fortiisolator | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters. | 2023-10-10 | 7.8 | CVE-2022-22298 MISC |
fortinet — fortimail | An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | 2023-10-10 | 8.8 | CVE-2023-36556 MISC |
fortinet — fortimanager | An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least “device management” permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | 2023-10-10 | 9.6 | CVE-2023-41679 MISC |
fortinet — fortimanager | An improper neutralization of special elements used in an os command (‘OS Command Injection’) vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command | 2023-10-10 | 7.8 | CVE-2023-42788 MISC |
fortinet — fortimanager | An improper neutralization of special elements used in an os command (‘os command injection’) in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. | 2023-10-10 | 7.1 | CVE-2023-41838 MISC |
fortinet — fortios | An improper authorization vulnerability in Fortinet FortiOS 7.0.0 – 7.0.11 and 7.2.0 – 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. | 2023-10-10 | 8.8 | CVE-2023-41841 MISC |
fortinet — fortios | A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 – 7.0.12, 7.2.0 – 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | 2023-10-10 | 7.5 | CVE-2023-37935 MISC |
fortinet — fortios_ips_engine | A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | 2023-10-10 | 7.5 | CVE-2023-40718 MISC |
fortinet — fortisiem | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. | 2023-10-10 | 9.8 | CVE-2023-34992 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 2023-10-10 | 9.8 | CVE-2023-34993 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 2023-10-10 | 9.8 | CVE-2023-36547 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 2023-10-10 | 9.8 | CVE-2023-36548 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 2023-10-10 | 9.8 | CVE-2023-36549 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | 2023-10-10 | 9.8 | CVE-2023-36550 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 2023-10-10 | 8.8 | CVE-2023-34985 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 2023-10-10 | 8.8 | CVE-2023-34986 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 2023-10-10 | 8.8 | CVE-2023-34987 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 2023-10-10 | 8.8 | CVE-2023-34988 MISC |
fortinet — fortiwlm | A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | 2023-10-10 | 8.8 | CVE-2023-34989 MISC |
geokit — geokit-rails | Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialization of YAML within the ‘geo_location’ cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system. | 2023-10-06 | 9.8 | CVE-2023-26153 MISC MISC MISC MISC MISC |
google — android | In TBD of TBD, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | 9.8 | CVE-2023-35646 MISC |
google — android | In ProtocolEmbmsGlobalCellIdAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | 2023-10-11 | 9.8 | CVE-2023-35647 MISC |
google — android | In ProtocolMiscLceIndAdapter::GetConfLevel() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | 2023-10-11 | 9.8 | CVE-2023-35648 MISC |
google — android | In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-06 | 7.8 | CVE-2023-21266 MISC MISC |
google — android | In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | 2023-10-08 | 7.8 | CVE-2023-40634 MISC |
google — android | In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | 2023-10-08 | 7.8 | CVE-2023-40635 MISC |
google — android | In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. | 2023-10-11 | 7.5 | CVE-2023-35652 MISC |
google — android | In jpg driver, there is a possible use after free due to a logic error. This could lead to remote information disclosure no additional execution privileges needed | 2023-10-08 | 7.5 | CVE-2023-40632 MISC |
google — chrome | Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 2023-10-11 | 8.8 | CVE-2023-5218 MISC MISC MISC MISC |
google — chrome | Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | 2023-10-11 | 8.8 | CVE-2023-5474 MISC MISC MISC |
google — chrome | Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-10-11 | 8.8 | CVE-2023-5476 MISC MISC MISC |
gpac — gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. | 2023-10-11 | 7.1 | CVE-2023-5520 MISC MISC |
hansuncms — hansuncms | hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. | 2023-10-09 | 9.8 | CVE-2023-43899 MISC MISC |
hp — life | HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. | 2023-10-09 | 9.8 | CVE-2023-5365 MISC |
huawei — harmonyos | Vulnerability of permissions not being strictly verified in the window management module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-10-11 | 9.8 | CVE-2023-44105 MISC MISC |
huawei — harmonyos | API permission management vulnerability in the Fwk-Display module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-10-11 | 9.8 | CVE-2023-44106 MISC MISC |
huawei — harmonyos | Vulnerability of access permissions not being strictly verified in the APPWidget module. Successful exploitation of this vulnerability may cause some apps to run without being authorized. | 2023-10-11 | 9.8 | CVE-2023-44116 MISC MISC |
huawei — harmonyos | Vulnerability of defects introduced in the design process in the screen projection module. Successful exploitation of this vulnerability may affect service availability and integrity. | 2023-10-11 | 9.1 | CVE-2023-44107 MISC |
huawei — harmonyos | Vulnerability of undefined permissions in the MeeTime module. Successful exploitation of this vulnerability will affect availability and confidentiality. | 2023-10-11 | 9.1 | CVE-2023-44118 MISC MISC |
huawei — harmonyos | Type confusion vulnerability in the distributed file module. Successful exploitation of this vulnerability may cause the device to restart. | 2023-10-11 | 7.5 | CVE-2023-44108 MISC MISC |
huawei — harmonyos | Out-of-bounds array vulnerability in the dataipa module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-10-11 | 7.5 | CVE-2023-44114 MISC MISC |
huawei — harmonyos | Vulnerability of mutual exclusion management in the kernel module. Successful exploitation of this vulnerability will affect availability. | 2023-10-11 | 7.5 | CVE-2023-44119 MISC MISC |
ibm — robotic_process_automation | IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. | 2023-10-06 | 9.8 | CVE-2023-43058 MISC MISC |
ibm — security_directory_suite | IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. | 2023-10-06 | 7.5 | CVE-2022-33160 MISC MISC |
ibm — spectrum_protect_client/storage_protect | IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | 2023-10-06 | 7.8 | CVE-2023-35897 MISC MISC |
ietf — http | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 2023-10-10 | 7.5 | CVE-2023-44487 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC DEBIAN DEBIAN MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MLIST MLIST MLIST MISC MISC FEDORA MISC |
jetbrains — ktor | In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | 2023-10-09 | 9.8 | CVE-2023-45612 MISC |
jetbrains — ktor | In JetBrains Ktor before 2.3.5 server certificates were not verified | 2023-10-09 | 9.1 | CVE-2023-45613 MISC |
kernelsu — kernelsu | Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. | 2023-10-11 | 9.8 | CVE-2023-5521 MISC MISC |
langchain — langchain_experimental | langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method. | 2023-10-09 | 9.8 | CVE-2023-44467 MISC |
lenovo — ideapad_creator_5-16ach6_firmware | A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 2023-10-09 | 7.8 | CVE-2022-3431 MISC |
libx11 — libx11 | A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. | 2023-10-10 | 7.8 | CVE-2023-43787 MISC MISC |
mattermost — mattermost | Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable. | 2023-10-09 | 7.5 | CVE-2023-5330 MISC |
mediawiki — mediawiki | An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. | 2023-10-09 | 7.5 | CVE-2023-45363 MISC DEBIAN |
mediawiki — mediawiki | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items. | 2023-10-09 | 7.5 | CVE-2023-45371 MISC MISC |
microchip — mplab_network_creator | In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | 2023-10-10 | 9.1 | CVE-2020-27636 MISC MISC MISC |
microsoft — azure_devops_server | Azure DevOps Server Elevation of Privilege Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36561 MISC |
microsoft — azure_hdinsights | Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability | 2023-10-10 | 9.8 | CVE-2023-36419 MISC |
microsoft — azure_identity_sdk | Azure Identity SDK Remote Code Execution Vulnerability | 2023-10-10 | 8.8 | CVE-2023-36414 MISC |
microsoft — azure_identity_sdk | Azure Identity SDK Remote Code Execution Vulnerability | 2023-10-10 | 8.8 | CVE-2023-36415 MISC |
microsoft — azure_network_watcher | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36737 MISC |
microsoft — azure_rtos_guix_studio | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36418 MISC |
microsoft — exchange_server | Microsoft Exchange Server Remote Code Execution Vulnerability | 2023-10-10 | 8 | CVE-2023-36778 MISC |
microsoft — odbc_driver_for_sql_server | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36785 MISC |
microsoft — office | Microsoft Office Elevation of Privilege Vulnerability | 2023-10-10 | 8.4 | CVE-2023-36569 MISC |
microsoft — office | Microsoft Office Graphics Elevation of Privilege Vulnerability | 2023-10-10 | 7 | CVE-2023-36565 MISC |
microsoft — office | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | 2023-10-10 | 7 | CVE-2023-36568 MISC |
microsoft — skype_for_business_server | Skype for Business Remote Code Execution Vulnerability | 2023-10-10 | 7.2 | CVE-2023-36780 MISC |
microsoft — skype_for_business_server | Skype for Business Remote Code Execution Vulnerability | 2023-10-10 | 7.2 | CVE-2023-36786 MISC |
microsoft — skype_for_business_server | Skype for Business Remote Code Execution Vulnerability | 2023-10-10 | 7.2 | CVE-2023-36789 MISC |
microsoft — sql_server | Microsoft SQL OLE DB Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36417 MISC |
microsoft — sql_server | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36420 MISC |
microsoft — sql_server | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36730 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 9.8 | CVE-2023-35349 MISC |
microsoft — windows_server_2008 | Windows IIS Server Elevation of Privilege Vulnerability | 2023-10-10 | 9.8 | CVE-2023-36434 MISC |
microsoft — windows_server_2008 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 2023-10-10 | 8.8 | CVE-2023-36577 MISC |
microsoft — windows_server_2008 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 2023-10-10 | 8.1 | CVE-2023-38166 MISC |
microsoft — windows_server_2008 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 2023-10-10 | 8.1 | CVE-2023-41765 MISC |
microsoft — windows_server_2008 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 2023-10-10 | 8.1 | CVE-2023-41767 MISC |
microsoft — windows_server_2008 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 2023-10-10 | 8.1 | CVE-2023-41768 MISC |
microsoft — windows_server_2008 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 2023-10-10 | 8.1 | CVE-2023-41769 MISC |
microsoft — windows_server_2008 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 2023-10-10 | 8.1 | CVE-2023-41770 MISC |
microsoft — windows_server_2008 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 2023-10-10 | 8.1 | CVE-2023-41771 MISC |
microsoft — windows_server_2008 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 2023-10-10 | 8.1 | CVE-2023-41773 MISC |
microsoft — windows_server_2008 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 2023-10-10 | 8.1 | CVE-2023-41774 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 8 | CVE-2023-36697 MISC |
microsoft — windows_server_2008 | Windows Graphics Component Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36594 MISC |
microsoft — windows_server_2008 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36598 MISC |
microsoft — windows_server_2008 | Microsoft DirectMusic Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36702 MISC |
microsoft — windows_server_2008 | Windows Media Foundation Core Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36710 MISC |
microsoft — windows_server_2008 | Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36726 MISC |
microsoft — windows_server_2008 | Win32k Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36731 MISC |
microsoft — windows_server_2008 | Win32k Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36732 MISC |
microsoft — windows_server_2008 | Win32k Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36743 MISC |
microsoft — windows_server_2008 | Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36790 MISC |
microsoft — windows_server_2008 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-41766 MISC |
microsoft — windows_server_2008 | Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | 2023-10-10 | 7.5 | CVE-2023-29348 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36431 MISC |
microsoft — windows_server_2008 | Windows TCP/IP Information Disclosure Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36438 MISC |
microsoft — windows_server_2008 | Windows Deployment Services Information Disclosure Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36567 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36579 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36581 MISC |
microsoft — windows_server_2008 | Active Template Library Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36585 MISC |
microsoft — windows_server_2008 | Windows TCP/IP Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36602 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36606 MISC |
microsoft — windows_server_2008 | DHCP Server Service Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36703 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36570 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36571 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36572 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36573 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36574 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36575 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36578 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36582 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36583 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36589 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36590 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36591 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36592 MISC |
microsoft — windows_server_2008 | Microsoft Message Queuing Remote Code Execution Vulnerability | 2023-10-10 | 7.3 | CVE-2023-36593 MISC |
microsoft — windows_server_2008 | Win32k Elevation of Privilege Vulnerability | 2023-10-10 | 7 | CVE-2023-36776 MISC |
microsoft — windows_server_2012 | Windows MSHTML Platform Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36436 MISC |
microsoft — windows_server_2012 | Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36701 MISC |
microsoft — windows_server_2012 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36711 MISC |
microsoft — windows_server_2012 | Windows Kernel Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36712 MISC |
microsoft — windows_server_2012 | Named Pipe File System Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36729 MISC |
microsoft — windows_server_2012 | Remote Procedure Call Information Disclosure Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36596 MISC |
microsoft — windows_server_2012 | Windows Deployment Services Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36707 MISC |
microsoft — windows_server_2016 | PrintHTML API Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36557 MISC |
microsoft — windows_server_2016 | Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36718 MISC |
microsoft — windows_server_2016 | Microsoft AllJoyn API Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36709 MISC |
microsoft — windows_server_2016 | Windows Mixed Reality Developer Tools Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36720 MISC |
microsoft — windows_server_2016 | Windows Runtime Remote Code Execution Vulnerability | 2023-10-10 | 7 | CVE-2023-36902 MISC |
microsoft — windows_server_2016 | Windows Graphics Component Elevation of Privilege Vulnerability | 2023-10-10 | 7 | CVE-2023-38159 MISC |
microsoft — windows_server_2019 | Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36605 MISC |
microsoft — windows_server_2019 | Windows Setup Files Cleanup Remote Code Execution Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36704 MISC |
microsoft — windows_server_2019 | Windows Container Manager Service Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36723 MISC |
microsoft — windows_server_2019 | Windows Kernel Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-36725 MISC |
microsoft — windows_server_2019 | Win32k Elevation of Privilege Vulnerability | 2023-10-10 | 7.8 | CVE-2023-41772 MISC |
microsoft — windows_server_2019 | Windows TCP/IP Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36603 MISC |
microsoft — windows_server_2019 | Windows Error Reporting Service Elevation of Privilege Vulnerability | 2023-10-10 | 7 | CVE-2023-36721 MISC |
microsoft — windows_server_2022 | Microsoft QUIC Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-36435 MISC |
microsoft — windows_server_2022 | Microsoft QUIC Denial of Service Vulnerability | 2023-10-10 | 7.5 | CVE-2023-38171 MISC |
moosocial — moosocial | Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. | 2023-10-09 | 8.8 | CVE-2023-44811 MISC |
netis-systems — n3m_firmware | An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. | 2023-10-06 | 7.5 | CVE-2023-44860 MISC |
openmct — openmct | In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. | 2023-10-06 | 7.5 | CVE-2023-45282 MISC MISC MISC CONFIRM |
opentelemetry — opentelemetry | OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server’s potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0. | 2023-10-06 | 7.5 | CVE-2023-43810 MISC MISC MISC |
oryx-embedded — cyclonetcp | In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. | 2023-10-10 | 9.8 | CVE-2020-27631 MISC MISC MISC |
phpjabbers — appointment_scheduler | User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 2023-10-10 | 7.5 | CVE-2023-36127 MISC |
picotcp — picotcp | In PicoTCP 1.7.0, TCP ISNs are improperly random. | 2023-10-10 | 9.1 | CVE-2020-27635 MISC MISC MISC |
plain_craft_launcher_2 — plain_craft_launcher_2 | Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information. | 2023-10-07 | 7.8 | CVE-2023-36123 MISC MISC |
puppet — bolt | In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | 2023-10-06 | 9.8 | CVE-2023-5214 MISC |
qnap — multiple_products | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | 2023-10-06 | 7.2 | CVE-2023-32971 MISC |
qnap — multiple_products | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | 2023-10-06 | 7.2 | CVE-2023-32972 MISC |
sangfor — next-gen_application_firewall | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header. | 2023-10-10 | 9.8 | CVE-2023-30803 MISC MISC MISC |
sangfor — next-gen_application_firewall | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the “un” parameter. | 2023-10-10 | 9.8 | CVE-2023-30805 MISC MISC MISC |
sangfor — next-gen_application_firewall | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie. | 2023-10-10 | 9.8 | CVE-2023-30806 MISC MISC MISC |
sap — powerdesigner | SAP PowerDesigner Client – version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client. | 2023-10-10 | 7.5 | CVE-2023-40310 MISC MISC |
seacms — seacms | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | 2023-10-10 | 8.8 | CVE-2023-44846 MISC MISC |
seacms — seacms | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. | 2023-10-10 | 8.1 | CVE-2023-44848 MISC |
seacms — seacms | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | 2023-10-10 | 7.2 | CVE-2023-44847 MISC |
sick — apu0200_firmware | Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | 2023-10-09 | 9.8 | CVE-2023-43696 MISC MISC MISC |
sick — apu0200_firmware | Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. | 2023-10-09 | 7.5 | CVE-2023-43699 MISC MISC MISC |
sick — apu0200_firmware | Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. | 2023-10-09 | 7.5 | CVE-2023-43700 MISC MISC MISC |
siemens — multiple_products | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected. | 2023-10-10 | 9.8 | CVE-2023-36380 MISC |
siemens — multiple_products | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role. | 2023-10-10 | 7.5 | CVE-2023-42796 MISC |
siemens — sicam_pas/pqs | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`. | 2023-10-10 | 7.8 | CVE-2023-45205 MISC |
siemens — simcenter_amesim | A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. | 2023-10-10 | 9.8 | CVE-2023-43625 MISC |
siemens — sinec_nms | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | 2023-10-10 | 7.8 | CVE-2022-30527 MISC |
siemens — sinema_server | A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823) | 2023-10-10 | 8.3 | CVE-2023-35796 MISC |
siemens — tecnomatix | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 2023-10-10 | 7.8 | CVE-2023-44081 MISC |
siemens — tecnomatix | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 2023-10-10 | 7.8 | CVE-2023-44082 MISC |
siemens — tecnomatix | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 2023-10-10 | 7.8 | CVE-2023-44083 MISC |
siemens — tecnomatix | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 2023-10-10 | 7.8 | CVE-2023-44084 MISC |
siemens — tecnomatix | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 2023-10-10 | 7.8 | CVE-2023-44085 MISC |
siemens — tecnomatix | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 2023-10-10 | 7.8 | CVE-2023-44086 MISC |
siemens — tecnomatix | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 2023-10-10 | 7.8 | CVE-2023-44087 MISC |
siemens — tecnomatix | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268) | 2023-10-10 | 7.8 | CVE-2023-45204 MISC |
siemens — tecnomatix | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290) | 2023-10-10 | 7.8 | CVE-2023-45601 MISC |
siemens — xpedition_layout_browser | A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 2023-10-10 | 7.8 | CVE-2023-30900 MISC |
silabs — uc/tcp-ip | In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | 2023-10-10 | 9.8 | CVE-2020-27630 MISC MISC MISC |
simple_and_nice_shopping_cart_script — simple_and_nice_shopping_cart_script | File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. | 2023-10-06 | 8.8 | CVE-2023-44061 MISC |
snipeitapp — snipe-it | Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3. | 2023-10-11 | 8.8 | CVE-2023-5511 MISC MISC |
thingsboard — thingsboard | ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). | 2023-10-06 | 8.8 | CVE-2023-45303 MISC MISC |
turnatasarim — advertising_administration_panel | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Turna Advertising Administration Panel allows SQL Injection. This issue affects Advertising Administration Panel: before 1.1. | 2023-10-06 | 9.8 | CVE-2023-4530 MISC |
typora — typora | Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | 2023-10-10 | 7.4 | CVE-2020-18336 MISC |
uptime_kuma — uptime_kuma | Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user’s device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue. | 2023-10-09 | 7.8 | CVE-2023-44400 MISC MISC MISC |
vantage6 — vantage6 | vantage6 is privacy preserving federated learning infrastructure. Versions prior to 4.0.0 use pickle, which has known security issue, as a default serialization module but that has known security issues. All users of vantage6 that post tasks with the default serialization are affected. Version 4.0.0 contains a patch. Users may specify JSON serialization as a workaround. | 2023-10-11 | 7.2 | CVE-2023-23930 MISC MISC MISC MISC |
wazuh — wazuh-dashboard | Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds. | 2023-10-09 | 8.8 | CVE-2023-42455 MISC MISC MISC |
webkitgtk — webkitgtk | A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. | 2023-10-06 | 8.8 | CVE-2023-39928 MISC MISC MISC MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions. | 2023-10-06 | 8.8 | CVE-2023-25480 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions. | 2023-10-06 | 8.8 | CVE-2023-27615 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions. | 2023-10-12 | 8.8 | CVE-2023-45047 MISC |
wordpress — wordpress | Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP Google Analytics Extension plugin <= 4.0.4 versions. | 2023-10-12 | 8.8 | CVE-2023-23651 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions. | 2023-10-06 | 8.8 | CVE-2023-27448 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions. | 2023-10-10 | 8.8 | CVE-2023-44996 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions. | 2023-10-09 | 8.8 | CVE-2023-44993 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions. | 2023-10-06 | 8.8 | CVE-2022-47175 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions. | 2023-10-06 | 8.8 | CVE-2023-25033 MISC |
wordpress — wordpress | A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability. | 2023-10-06 | 9.8 | CVE-2015-10126 MISC MISC MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. | 2023-10-06 | 8.8 | CVE-2023-40008 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions. | 2023-10-06 | 8.8 | CVE-2023-40556 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <= 1.4.0 versions. | 2023-10-06 | 8.8 | CVE-2023-40671 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions. | 2023-10-06 | 8.8 | CVE-2023-41650 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions. | 2023-10-06 | 8.8 | CVE-2023-41654 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions. | 2023-10-06 | 8.8 | CVE-2023-41659 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions. | 2023-10-09 | 8.8 | CVE-2023-41660 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | 2023-10-09 | 8.8 | CVE-2023-41667 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. | 2023-10-09 | 8.8 | CVE-2023-41668 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions. | 2023-10-09 | 8.8 | CVE-2023-41669 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions. | 2023-10-09 | 8.8 | CVE-2023-41670 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions. | 2023-10-09 | 8.8 | CVE-2023-41672 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions. | 2023-10-10 | 8.8 | CVE-2023-41684 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions. | 2023-10-10 | 8.8 | CVE-2023-41694 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions. | 2023-10-10 | 8.8 | CVE-2023-41697 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | 2023-10-10 | 8.8 | CVE-2023-41730 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions. | 2023-10-06 | 8.8 | CVE-2023-41732 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions. | 2023-10-06 | 8.8 | CVE-2023-41801 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions. | 2023-10-10 | 8.8 | CVE-2023-41850 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions. | 2023-10-10 | 8.8 | CVE-2023-41851 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions. | 2023-10-10 | 8.8 | CVE-2023-41852 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions. | 2023-10-10 | 8.8 | CVE-2023-41853 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions. | 2023-10-10 | 8.8 | CVE-2023-41854 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions. | 2023-10-10 | 8.8 | CVE-2023-41858 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions. | 2023-10-10 | 8.8 | CVE-2023-41876 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Laposta – Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions. | 2023-10-06 | 8.8 | CVE-2023-41950 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <= 3.6 versions. | 2023-10-06 | 8.8 | CVE-2023-44146 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions. | 2023-10-09 | 8.8 | CVE-2023-44231 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions. | 2023-10-09 | 8.8 | CVE-2023-44232 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions. | 2023-10-06 | 8.8 | CVE-2023-44233 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions. | 2023-10-09 | 8.8 | CVE-2023-44236 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions. | 2023-10-09 | 8.8 | CVE-2023-44237 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions. | 2023-10-09 | 8.8 | CVE-2023-44238 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <= 1.54 versions. | 2023-10-09 | 8.8 | CVE-2023-44240 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions. | 2023-10-10 | 8.8 | CVE-2023-44241 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions. | 2023-10-06 | 8.8 | CVE-2023-44243 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions. | 2023-10-09 | 8.8 | CVE-2023-44246 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions. | 2023-10-10 | 8.8 | CVE-2023-44257 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions. | 2023-10-10 | 8.8 | CVE-2023-44259 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÃœ Woocommerce ESTO plugin <= 2.23.1 versions. | 2023-10-09 | 8.8 | CVE-2023-44260 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions. | 2023-10-10 | 8.8 | CVE-2023-44261 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions. | 2023-10-10 | 8.8 | CVE-2023-44470 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions. | 2023-10-10 | 8.8 | CVE-2023-44471 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions. | 2023-10-09 | 8.8 | CVE-2023-44473 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions. | 2023-10-10 | 8.8 | CVE-2023-44475 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions. | 2023-10-10 | 8.8 | CVE-2023-44476 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions. | 2023-10-10 | 8.8 | CVE-2023-44995 MISC |
yifanwireless — yf325_firmware | An authentication bypass vulnerability exists in the httpd nvram.cgi functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | 2023-10-11 | 9.8 | CVE-2023-24479 MISC |
yifanwireless — yf325_firmware | A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | 2023-10-11 | 9.8 | CVE-2023-31272 MISC |
yifanwireless — yf325_firmware | A command execution vulnerability exists in the validate.so diag_ping_start functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | 2023-10-11 | 9.8 | CVE-2023-32632 MISC |
yifanwireless — yf325_firmware | A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability. | 2023-10-11 | 9.8 | CVE-2023-32645 MISC |
yifanwireless — yf325_firmware | A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability. | 2023-10-11 | 9.8 | CVE-2023-34346 MISC |
yifanwireless — yf325_firmware | A stack-based buffer overflow vulnerability exists in the libutils.so nvram_restore functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a buffer overflow. An attacker can send a network request to trigger this vulnerability. | 2023-10-11 | 9.8 | CVE-2023-34365 MISC |
yifanwireless — yf325_firmware | A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability. | 2023-10-11 | 9.8 | CVE-2023-34426 MISC |
yifanwireless — yf325_firmware | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function. | 2023-10-11 | 9.8 | CVE-2023-35055 MISC |
yifanwireless — yf325_firmware | A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function. | 2023-10-11 | 9.8 | CVE-2023-35056 MISC |
yifanwireless — yf325_firmware | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as argument for the malloc function. | 2023-10-11 | 9.8 | CVE-2023-35965 MISC |
yifanwireless — yf325_firmware | Two heap-based buffer overflow vulnerabilities exist in the httpd manage_post functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as argument for the realloc function. | 2023-10-11 | 9.8 | CVE-2023-35966 MISC |
yifanwireless — yf325_firmware | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as argument for the malloc function. | 2023-10-11 | 9.8 | CVE-2023-35967 MISC |
yifanwireless — yf325_firmware | Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities. This integer overflow result is used as argument for the realloc function. | 2023-10-11 | 9.8 | CVE-2023-35968 MISC |
zephyrproject — zephyr | Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem | 2023-10-06 | 9.8 | CVE-2023-3725 MISC |
Medium Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acronis — agent | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119. | 2023-10-06 | 5.5 | CVE-2023-45245 MISC |
adobe — bridge | Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-10-11 | 5.5 | CVE-2023-38216 MISC |
adobe — bridge | Adobe Bridge versions 12.0.4 (and earlier) and 13.0.3 (and earlier) are affected by an Out-of-bounds Read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-10-11 | 5.5 | CVE-2023-38217 MISC |
adobe — commerce | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privileged authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction, scope is changed due to the fact that an attacker can enforce file read outside the application’s path boundary. | 2023-10-13 | 6.8 | CVE-2023-26366 MISC |
adobe — commerce | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | 2023-10-13 | 6.6 | CVE-2023-38221 MISC |
adobe — commerce | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | 2023-10-13 | 6.6 | CVE-2023-38249 MISC |
adobe — commerce | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability that could lead in arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction and attack complexity is high as it requires knowledge of tooling beyond just using the UI. | 2023-10-13 | 6.6 | CVE-2023-38250 MISC |
adobe — commerce | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that could lead in minor application denial-of-service. Exploitation of this issue does not require user interaction. | 2023-10-13 | 5.3 | CVE-2023-38251 MISC |
adobe — commerce | Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction. | 2023-10-13 | 4.9 | CVE-2023-26367 MISC |
antisamy — antisamy | AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy’s sanitized output. This issue has been patched in AntiSamy 1.7.4 and later. | 2023-10-09 | 6.1 | CVE-2023-43643 MISC MISC |
atx — ucrypt | The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF. | 2023-10-09 | 6.5 | CVE-2023-39854 MISC |
canonical — subiquity | Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege. | 2023-10-07 | 5.5 | CVE-2023-5182 MISC MISC |
chiefonboarding — chiefonboarding | Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47. | 2023-10-10 | 4.3 | CVE-2023-5498 MISC MISC |
concretecms — concrete_cms | Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail” file upload, which allows Cross-Site Scripting (XSS). | 2023-10-10 | 5.4 | CVE-2023-44763 MISC |
consensys — gnark | gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods. | 2023-10-09 | 5.5 | CVE-2023-44378 MISC MISC MISC |
delta_electronics — wplsoft | A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-09 | 5.9 | CVE-2023-5461 MISC MISC MISC |
delta_electronics — wplsoft | A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-09 | 5.7 | CVE-2023-5460 MISC MISC MISC |
discourse — discourse_jira | Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. | 2023-10-06 | 4.1 | CVE-2023-44384 MISC MISC MISC |
easycorp — zentao | Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | 2023-10-10 | 5.4 | CVE-2023-44826 MISC |
f5 — big-ip | When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 5.5 | CVE-2023-41253 MISC |
f5 — big-ip | When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 5.5 | CVE-2023-43485 MISC |
f5 — big-ip | When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 4.4 | CVE-2023-39447 MISC |
f5 — big-ip | Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 4.4 | CVE-2023-45219 MISC |
f5 — big-ip | The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-10-10 | 4.3 | CVE-2023-41964 MISC |
fortinet — fortianalyzer | A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | 2023-10-10 | 6.5 | CVE-2023-42787 MISC |
fortinet — fortianalyzer | An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | 2023-10-10 | 6.5 | CVE-2023-44249 MISC |
fortinet — fortianalyzer | A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | 2023-10-10 | 5.3 | CVE-2023-42782 MISC |
fortinet — fortiguest | An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. | 2023-10-10 | 5.5 | CVE-2023-25604 MISC |
fortinet — fortimail | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail’s calendar via input fields. | 2023-10-10 | 5.4 | CVE-2023-36637 MISC |
fortinet — fortios | An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 – 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. | 2023-10-10 | 5.4 | CVE-2023-36555 MISC |
fortinet — fortios | An improper access control vulnerability in Fortinet FortiOS 7.2.0 – 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from an untrusted host. | 2023-10-10 | 4.3 | CVE-2023-33301 MISC |
fortinet — fortiproxy | A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | 2023-10-10 | 5.3 | CVE-2023-41675 MISC |
gdidees — gdidees_cms | GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. | 2023-10-06 | 5.4 | CVE-2023-44758 MISC |
google — android | In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 2023-10-06 | 6.7 | CVE-2023-21244 MISC MISC MISC MISC |
google — android | In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | 6.7 | CVE-2023-35654 MISC |
google — android | In CanConvertPadV2Op of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | 6.7 | CVE-2023-35655 MISC |
google — android | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | 2023-10-08 | 6.7 | CVE-2023-40653 MISC |
google — android | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | 2023-10-08 | 6.7 | CVE-2023-40654 MISC |
google — android | In tbd of tbd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | 6.4 | CVE-2023-35645 MISC |
google — android | In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-06 | 5.5 | CVE-2023-21252 MISC MISC MISC |
google — android | In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-06 | 5.5 | CVE-2023-21253 MISC MISC MISC MISC |
google — android | In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | 2023-10-06 | 5.5 | CVE-2023-21291 MISC MISC |
google — android | In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40633 MISC |
google — android | In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 2023-10-08 | 5.5 | CVE-2023-40637 MISC |
google — android | In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 2023-10-08 | 5.5 | CVE-2023-40639 MISC |
google — android | In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | 2023-10-08 | 5.5 | CVE-2023-40640 MISC |
google — android | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40641 MISC |
google — android | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40642 MISC |
google — android | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40643 MISC |
google — android | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40644 MISC |
google — android | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40645 MISC |
google — android | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40646 MISC |
google — android | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40647 MISC |
google — android | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40648 MISC |
google — android | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40649 MISC |
google — android | In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | 2023-10-08 | 5.5 | CVE-2023-40650 MISC |
google — android | In TBD of TBD, there is a possible way to access location information due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | 4.4 | CVE-2023-35653 MISC |
google — android | In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed | 2023-10-08 | 4.4 | CVE-2023-40631 MISC |
google — android | In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed | 2023-10-08 | 4.4 | CVE-2023-40636 MISC |
google — android | In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed | 2023-10-08 | 4.4 | CVE-2023-40638 MISC |
google — android | In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | 2023-10-08 | 4.4 | CVE-2023-40651 MISC |
google — android | In jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed | 2023-10-08 | 4.4 | CVE-2023-40652 MISC |
google — chrome | Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) | 2023-10-11 | 6.5 | CVE-2023-5475 MISC MISC MISC MISC |
google — chrome | Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) | 2023-10-11 | 6.5 | CVE-2023-5479 MISC MISC MISC |
google — chrome | Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-10-11 | 6.5 | CVE-2023-5481 MISC MISC MISC |
google — chrome | Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | 2023-10-11 | 6.5 | CVE-2023-5483 MISC MISC MISC |
google — chrome | Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-10-11 | 6.5 | CVE-2023-5484 MISC MISC MISC MISC |
google — chrome | Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | 2023-10-11 | 6.5 | CVE-2023-5487 MISC MISC MISC MISC |
google — chrome | Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | 2023-10-11 | 6.3 | CVE-2023-5473 MISC MISC MISC |
google — chrome | Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) | 2023-10-11 | 4.3 | CVE-2023-5477 MISC MISC MISC |
google — chrome | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | 2023-10-11 | 4.3 | CVE-2023-5478 MISC MISC MISC |
google — chrome | Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | 2023-10-11 | 4.3 | CVE-2023-5485 MISC MISC MISC |
google — chrome | Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | 2023-10-11 | 4.3 | CVE-2023-5486 MISC MISC MISC |
gradle — gradle | Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities. | 2023-10-06 | 5.3 | CVE-2023-42445 MISC MISC MISC |
hpe — msa_1060_storage_firmware | HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. | 2023-10-09 | 5.4 | CVE-2023-30910 MISC |
huawei — harmonyos | Out-of-bounds access vulnerability in the audio module. Successful exploitation of this vulnerability may affect availability. | 2023-10-11 | 4.3 | CVE-2023-44110 MISC MISC MISC |
ibm — collaborative_lifecycle_management | IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498. | 2023-10-06 | 5.5 | CVE-2022-34355 MISC MISC |
janusintl — noke_standard_smart_padlock_firmware | Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app. | 2023-10-09 | 6.5 | CVE-2022-36228 MISC |
lenovo — thinkpad_t14s_gen_3_firmware | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | 2023-10-09 | 6.8 | CVE-2022-3728 MISC |
lenovo — thinkpad_t14s_gen_3_firmware | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | 2023-10-09 | 6.8 | CVE-2022-48182 MISC |
lenovo — thinkpad_t14s_gen_3_firmware | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | 2023-10-09 | 6.8 | CVE-2022-48183 MISC |
libx11 — libx11 | A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. | 2023-10-10 | 5.5 | CVE-2023-43785 MISC MISC |
libx11 — libx11 | A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial-of-service condition. | 2023-10-10 | 5.5 | CVE-2023-43786 MISC MISC |
libxpm — libxpm | A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system. | 2023-10-10 | 5.5 | CVE-2023-43788 MISC MISC MISC |
linux — kernel | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | 2023-10-09 | 6 | CVE-2023-39189 MISC MISC |
linux — kernel | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. | 2023-10-09 | 6 | CVE-2023-39192 MISC MISC MISC |
linux — kernel | A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | 2023-10-09 | 6 | CVE-2023-39193 MISC MISC MISC |
linux — kernel | A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. | 2023-10-09 | 4.4 | CVE-2023-39194 MISC MISC MISC |
mattermost — mattermost | Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. | 2023-10-09 | 5.3 | CVE-2023-5331 MISC |
mattermost — mattermost | Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs. | 2023-10-09 | 6.5 | CVE-2023-5333 MISC |
mediawiki — mediawiki | An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service. | 2023-10-09 | 6.5 | CVE-2023-45367 MISC |
mediawiki — mediawiki | An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators. | 2023-10-09 | 6.1 | CVE-2023-45373 MISC MISC |
mediawiki — mediawiki | An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information. | 2023-10-09 | 5.3 | CVE-2023-45364 MISC DEBIAN |
mediawiki — mediawiki | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams. | 2023-10-09 | 5.3 | CVE-2023-45370 MISC MISC |
mediawiki — mediawiki | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter). | 2023-10-09 | 5.3 | CVE-2023-45372 MISC MISC |
mediawiki — mediawiki | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams. | 2023-10-09 | 5.3 | CVE-2023-45374 MISC MISC |
mediawiki — mediawiki | An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed. | 2023-10-09 | 4.3 | CVE-2023-45369 MISC MISC |
microsoft — common_data_model_sdk | Microsoft Common Data Model SDK Denial of Service Vulnerability | 2023-10-10 | 6.5 | CVE-2023-36566 MISC |
microsoft — dynamics_365 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 2023-10-10 | 6.5 | CVE-2023-36429 MISC |
microsoft — dynamics_365 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 2023-10-10 | 6.5 | CVE-2023-36433 MISC |
microsoft — dynamics_365 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 2023-10-10 | 6.1 | CVE-2023-36416 MISC |
microsoft — edge | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2023-10-13 | 4.2 | CVE-2023-36559 MISC |
microsoft — skype_for_business_server | Skype for Business Elevation of Privilege Vulnerability | 2023-10-10 | 5.3 | CVE-2023-41763 MISC |
microsoft — sql_server | Microsoft SQL Server Denial of Service Vulnerability | 2023-10-10 | 5.5 | CVE-2023-36728 MISC |
microsoft — windows_server_2008 | Microsoft WordPad Information Disclosure Vulnerability | 2023-10-10 | 6.5 | CVE-2023-36563 MISC |
microsoft — windows_server_2008 | Windows Search Security Feature Bypass Vulnerability | 2023-10-10 | 6.5 | CVE-2023-36564 MISC |
microsoft — windows_server_2008 | Windows Deployment Services Information Disclosure Vulnerability | 2023-10-10 | 6.5 | CVE-2023-36706 MISC |
microsoft — windows_server_2008 | Windows Power Management Service Information Disclosure Vulnerability | 2023-10-10 | 5.5 | CVE-2023-36724 MISC |
microsoft — windows_server_2008 | Windows Mark of the Web Security Feature Bypass Vulnerability | 2023-10-10 | 5.4 | CVE-2023-36584 MISC |
microsoft — windows_server_2008 | Active Directory Domain Services Information Disclosure Vulnerability | 2023-10-10 | 4.4 | CVE-2023-36722 MISC |
microsoft — windows_server_2012 | Windows Common Log File System Driver Information Disclosure Vulnerability | 2023-10-10 | 5.5 | CVE-2023-36713 MISC |
microsoft — windows_server_2016 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 2023-10-10 | 6.5 | CVE-2023-36717 MISC |
microsoft — windows_server_2016 | Windows Kernel Information Disclosure Vulnerability | 2023-10-10 | 5.5 | CVE-2023-36576 MISC |
microsoft — windows_server_2019 | Windows Kernel Security Feature Bypass Vulnerability | 2023-10-10 | 4.4 | CVE-2023-36698 MISC |
moosocial — moosocial | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. | 2023-10-09 | 6.1 | CVE-2023-44812 MISC |
moosocial — moosocial | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. | 2023-10-09 | 6.1 | CVE-2023-44813 MISC |
objectcomputing — micronaut_security | Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1. | 2023-10-09 | 6.5 | CVE-2023-36820 MISC MISC |
octoprint — octoprint | OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties. | 2023-10-09 | 6.5 | CVE-2023-41047 MISC MISC MISC |
openvswitch — openvswitch | A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. | 2023-10-06 | 5.5 | CVE-2023-5366 MISC MISC |
oro_inc — orocommerce | OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a note for it. Versions 5.0.11 and 5.1.1 contain a fix for this issue. | 2023-10-09 | 4.8 | CVE-2022-35950 MISC |
phpjabbers — appointment_scheduler | There is a Cross Site Scripting (XSS) vulnerability in the “theme” parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | 2023-10-10 | 6.1 | CVE-2023-36126 MISC |
piwigo — piwigo | Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS code into the HTML page, which could then be executed by admin users when they visit the URL with the payload. The vulnerability is caused by the insecure injection of the `plugin_id` value from the URL into the HTML page. An attacker can exploit this vulnerability by crafting a malicious URL that contains a specially crafted `plugin_id` value. When a victim who is logged in as an administrator visits this URL, the malicious code will be injected into the HTML page and executed. This vulnerability can be exploited by any attacker who has access to a malicious URL. However, only users who are logged in as administrators are affected. This is because the vulnerability is only present on the `/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page, which is only accessible to administrators. Version 14.0.0.beta4 contains a patch for this issue. | 2023-10-09 | 6.1 | CVE-2023-44393 MISC MISC |
qnap — music_station | A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | 2023-10-06 | 6.5 | CVE-2023-23365 MISC |
qnap — music_station | A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | 2023-10-06 | 6.5 | CVE-2023-23366 MISC |
qnap — qvpn | An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later | 2023-10-06 | 4.4 | CVE-2023-23370 MISC |
qnap — qvpn | A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later | 2023-10-06 | 4.4 | CVE-2023-23371 MISC |
qnap — video_station | A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | 2023-10-13 | 5.4 | CVE-2023-34977 MISC |
reportportal — reportportal | ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable `ltree` field type indexing limit (path length>=120, approximately recursive nesting of the nested steps). REINDEX INDEX path_gist_idx and path_idx aren’t helped. The problem was fixed in `com.epam.reportportal:service-api` module version 5.10.0 (product release 23.2), where the maximum number of nested elements were programmatically limited. A workaround is available. After deletion of the data with long paths, and reindexing both indexes (path_gist_idx and path_idx), the database becomes stable and ReportPortal works properly. | 2023-10-09 | 6.5 | CVE-2023-25822 MISC MISC MISC |
sangfor — next-gen_application_firewall | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803. | 2023-10-10 | 6.5 | CVE-2023-30804 MISC MISC MISC |
sangfor — next-gen_application_firewall | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field. | 2023-10-10 | 5.3 | CVE-2023-30802 MISC MISC MISC |
sap — business_one | SAP Business One (B1i) – version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability. | 2023-10-10 | 4.3 | CVE-2023-41365 MISC MISC |
sap — businessobjects_web_intelligence | SAP BusinessObjects Web Intelligence – version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information. | 2023-10-10 | 5.4 | CVE-2023-42474 MISC MISC |
sap — s/4hana | S/4HANA Manage (Withholding Tax Items) – version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application. | 2023-10-10 | 5.4 | CVE-2023-42473 MISC MISC |
sap — s/4hana | The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. | 2023-10-10 | 4.3 | CVE-2023-42475 MISC MISC |
sick — apu0200_firmware | Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. | 2023-10-09 | 6.5 | CVE-2023-43697 MISC MISC MISC |
sick — apu0200_firmware | Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | 2023-10-09 | 6.5 | CVE-2023-5100 MISC MISC MISC |
sick — apu0200_firmware | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the client’s browser via injecting code into the website. | 2023-10-09 | 6.1 | CVE-2023-43698 MISC MISC MISC |
sick — apu0200_firmware | Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. | 2023-10-09 | 5.3 | CVE-2023-5101 MISC MISC MISC |
sick — apu0200_firmware | Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | 2023-10-09 | 5.3 | CVE-2023-5102 MISC MISC MISC |
sick — apu0200_firmware | Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. | 2023-10-09 | 4.3 | CVE-2023-5103 MISC MISC MISC |
siemens — mendix_forgot_password | A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users. | 2023-10-10 | 5.3 | CVE-2023-43623 MISC |
siemens — sicam_pas/pqs | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process. | 2023-10-10 | 4.4 | CVE-2023-38640 MISC |
siemens — simatic_cp | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions. | 2023-10-10 | 6.7 | CVE-2023-37194 MISC |
siemens — simatic_cp | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial-of-service situation on the host. A physical power cycle is required to get the system working again. | 2023-10-10 | 4.4 | CVE-2023-37195 MISC |
siemens — sinec_nms | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users. | 2023-10-10 | 5.4 | CVE-2023-44315 MISC |
snipeitapp — snipe-it | Cross-site Scripting (XSS) – Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | 2023-10-06 | 5.4 | CVE-2023-5452 MISC MISC |
wordpress — wordpress | The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-10 | 5.4 | CVE-2023-5467 MISC MISC MISC |
wordpress — wordpress | The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘dcscf-link’ shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-10 | 5.4 | CVE-2023-5468 MISC MISC |
wordpress — wordpress | The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘etsy-shop’ shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-12 | 5.4 | CVE-2023-5470 MISC MISC MISC MISC |
wordpress — wordpress | The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields. | 2023-10-06 | 5.3 | CVE-2023-4469 MISC MISC |
wordpress — wordpress | The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘calendly’ shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-10-13 | 6.4 | CVE-2023-4995 MISC MISC |
wordpress — wordpress | The Hotjar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the hotjar_site_id in versions up to, and including, 1.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-10-14 | 4.4 | CVE-2023-1259 MISC MISC |
wordpress — wordpress | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image lightboxes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-10-12 | 4.3 | CVE-2023-5531 MISC MISC MISC |
Low Vulnerabilities
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
fortinet — forticlient | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. | 2023-10-10 | 3.3 | CVE-2023-37939 MISC |
Severity Not Yet Assigned
Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
1e — 1e_platform | Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23173 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently – please contact 1E to arrange this | 2023-10-13 | not yet calculated | CVE-2023-45162 MISC |
70mai — a500s | Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. | 2023-10-09 | not yet calculated | CVE-2023-43271 MISC MISC |
babel — babel | Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any “polyfill provider” plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/[email protected]` and `@babel/[email protected]`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3. | 2023-10-12 | not yet calculated | CVE-2023-45133 MISC MISC MISC MISC MISC |
beyondtrust — privileged_remote_access | BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret. | 2023-10-12 | not yet calculated | CVE-2023-23632 MISC |
broadcom — lsi_pci-sv92ex | An issue was discovered in Broadcom LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns. | 2023-10-10 | not yet calculated | CVE-2023-31096 MISC MISC |
cachethq — cachet | Cachet, the open-source status page system. Prior to the 2.4 branch, a template functionality which allows users to create templates allows them to execute any code on the server during the bad filtration and old twig version. Commit 6fb043e109d2a262ce3974e863c54e9e5f5e0587 of the 2.4 branch contains a patch for this issue. | 2023-10-11 | not yet calculated | CVE-2023-43661 MISC MISC |
citrix — netscaler_adc/gateway | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | 2023-10-10 | not yet calculated | CVE-2023-4966 MISC |
d-link — dap-x1860 | A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service. | 2023-10-10 | not yet calculated | CVE-2023-45208 MISC |
dell — dell_openmanage_server_administrator | Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to execute arbitrary code in order to elevate privileges on the system. Exploitation may lead to a complete system compromise. | 2023-10-13 | not yet calculated | CVE-2023-43079 MISC |
delta_electronics — dvp32es2_plc | A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. VDB-241582 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-09 | not yet calculated | CVE-2023-5459 MISC MISC MISC |
devolutions — server | Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it via a GET request. | 2023-10-13 | not yet calculated | CVE-2023-5240 MISC |
digital_agency — e-gov_client_application_for_windows | e-Gov Client Application (Windows version) versions prior to 2.1.1.0 and e-Gov Client Application (macOS version) versions prior to 1.1.1.0 are vulnerable to improper authorization in handler for custom URL scheme. A crafted URL may direct the product to access an arbitrary website. As a result, the user may become a victim of a phishing attack. | 2023-10-11 | not yet calculated | CVE-2023-44689 MISC MISC |
eclipse — jetty | Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | 2023-10-10 | not yet calculated | CVE-2023-36478 MISC MISC MISC MISC MISC |
election_services_co. — internet_election_service | Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12. | 2023-10-10 | not yet calculated | CVE-2023-4309 MISC MISC MISC |
elenos — etg150 | An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in Elenos ETG150 FM transmitter running on version 3.12. | 2023-10-11 | not yet calculated | CVE-2023-45396 MISC |
erlang — erlang | In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability. | 2023-10-10 | not yet calculated | CVE-2023-45312 MISC |
ethernut — nut/os | An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528. | 2023-10-10 | not yet calculated | CVE-2020-27213 MISC MISC MISC MISC |
farmbot — farmbot-web-app | Farmbot-Web-App is a web control interface for the Farmbot farm automation platform. An SQL injection vulnerability was found in FarmBot’s web app that allows authenticated attackers to extract arbitrary data from its database (including the user table). This issue may lead to Information Disclosure. This issue has been patched in version 15.8.4. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-10-14 | not yet calculated | CVE-2023-45674 MISC |
fortinet — fortiedr | A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request | 2023-10-13 | not yet calculated | CVE-2023-33303 MISC |
fortinet — fortisandbox | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 2023-10-13 | not yet calculated | CVE-2023-41680 MISC |
fortinet — fortisandbox | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.0 through 3.0.7 and 2.5.0 through 2.5.2 and 2.4.1 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 2023-10-13 | not yet calculated | CVE-2023-41681 MISC |
fortinet — fortisandbox | A improper limitation of a pathname to a restricted directory (‘path traversal’) in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 and 3.2.0 through 3.2.4 and 2.5.0 through 2.5.2 and 2.4.1 and 2.4.0 allows attacker to denial of service via crafted http requests. | 2023-10-13 | not yet calculated | CVE-2023-41682 MISC |
fortinet — fortisandbox | An improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.0 and 4.2.0 through 4.2.4, and 4.0.0 through 4.0.4 and 3.2.0 through 3.2.4 and 3.1.0 through 3.1.5 and 3.0.4 through 3.0.7 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 2023-10-13 | not yet calculated | CVE-2023-41836 MISC |
fortinet — fortisandbox | A improper neutralization of input during web page generation (‘cross-site scripting’) in Fortinet FortiSandbox version 4.4.1 and 4.4.0 and 4.2.0 through 4.2.5 and 4.0.0 through 4.0.3 allows attacker to execute unauthorized code or commands via crafted HTTP requests. | 2023-10-13 | not yet calculated | CVE-2023-41843 MISC |
frappe_lms — frappe_lms | Cross-site Scripting (XSS) – Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. | 2023-10-12 | not yet calculated | CVE-2023-5555 MISC MISC |
frappe_lms — frappe_lms | Cross-site Scripting (XSS) – Reflected in GitHub repository structurizr/onpremises prior to 3194. | 2023-10-12 | not yet calculated | CVE-2023-5556 MISC MISC |
froxlor — froxlor | Cross-site Scripting (XSS) – Stored in GitHub repository froxlor/froxlor prior to 2.0.22. | 2023-10-13 | not yet calculated | CVE-2023-4829 MISC MISC |
froxlor — froxlor | Cross-site Scripting (XSS) – Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1. | 2023-10-13 | not yet calculated | CVE-2023-5564 MISC MISC |
garden-io — garden | Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the Kubernetes `ConfigMap` resources prefixed with `test-result` and `run-result` to cache Garden test and run results. These `ConfigMaps` are stored either in the `garden-system` namespace or the configured user namespace. When a user invokes the command `garden test` or `garden run` objects stored in the `ConfigMap` are retrieved and deserialized. This can be used by an attacker with access to the Kubernetes cluster to store malicious objects in the `ConfigMap`, which can trigger a remote code execution on the users machine when cryo deserializes the object. In order to exploit this vulnerability, an attacker must have access to the Kubernetes cluster used to deploy garden remote environments. Further, a user must actively invoke either a `garden test` or `garden run` which has previously cached results. The issue has been patched in Garden versions `0.13.17` (Bonsai) and `0.12.65` (Acorn). Only Garden versions prior to these are vulnerable. No known workarounds are available. | 2023-10-09 | not yet calculated | CVE-2023-44392 MISC MISC |
go_standard_library — net/http | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. | 2023-10-11 | not yet calculated | CVE-2023-39325 MISC MISC MISC MISC MISC |
google — android | In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | not yet calculated | CVE-2023-35649 MISC |
google — android | In lwis_transaction_client_cleanup of lwis_transaction.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | not yet calculated | CVE-2023-35660 MISC |
google — android | In ProfSixDecomTcpSACKoption of RohcPacketCommon.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | not yet calculated | CVE-2023-35661 MISC |
google — android | There is a possible out of bounds write due to buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | not yet calculated | CVE-2023-35662 MISC |
google — android | There is a possible use-after-free write due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | not yet calculated | CVE-2023-3781 MISC |
google — android | In temp_residency_name_store of thermal_metrics.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | not yet calculated | CVE-2023-40141 MISC |
google — android | In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2023-10-11 | not yet calculated | CVE-2023-40142 MISC |
gpac — gpac | An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. | 2023-10-12 | not yet calculated | CVE-2023-42298 MISC |
granding_utime_master — granding_utime_master | A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter. | 2023-10-13 | not yet calculated | CVE-2023-45391 MISC |
granding_utime_master — granding_utime_master | An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. | 2023-10-13 | not yet calculated | CVE-2023-45393 MISC |
hcl_software — bigfix_insights_for_vulnerability_remediation | BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc. | 2023-10-11 | not yet calculated | CVE-2022-44757 MISC |
hcl_software — bigfix_insights_for_vulnerability_remediation | BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized. | 2023-10-11 | not yet calculated | CVE-2022-44758 MISC |
hcl_software — bigfix_patch_management | Certain credentials within the BigFix Patch Management Download Plug-ins are stored insecurely and could be exposed to a local privileged user. | 2023-10-11 | not yet calculated | CVE-2022-42451 MISC |
hcl_software — bigfix_platform | An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. | 2023-10-11 | not yet calculated | CVE-2023-37536 MISC |
hcl_software — digital_experience | HCL Digital Experience is susceptible to cross site scripting (XSS). One subcomponent is vulnerable to reflected XSS. In reflected XSS, an attacker must induce a victim to click on a crafted URL from some delivery mechanism (email, other web site). | 2023-10-11 | not yet calculated | CVE-2023-37538 MISC |
hestiacp — hestiacp | Cross-site Scripting (XSS) – Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. | 2023-10-13 | not yet calculated | CVE-2023-4517 MISC MISC |
hp_inc. — hp_displays | A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated. | 2023-10-13 | not yet calculated | CVE-2023-5449 MISC |
hp_inc. — hp_life_android_mobile | HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system firmware using a publicly disclosed private key. HP is providing recommended guidance for customers to reduce exposure to the potential vulnerability. | 2023-10-13 | not yet calculated | CVE-2023-5409 MISC |
hp_inc. — hp_thinupdate | A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. HP is releasing mitigation for the potential vulnerability. | 2023-10-13 | not yet calculated | CVE-2023-4499 MISC |
huawei — harmonyos | Parameter verification vulnerability in the window module.Successful exploitation of this vulnerability may cause the size of an app window to be adjusted to that of a floating window. | 2023-10-11 | not yet calculated | CVE-2023-41304 MISC MISC |
huawei — harmonyos | Vulnerability of package names’ public keys not being verified in the security module.Successful exploitation of this vulnerability may affect service confidentiality. | 2023-10-11 | not yet calculated | CVE-2023-44093 MISC MISC |
huawei — harmonyos | Type confusion vulnerability in the distributed file module.Successful exploitation of this vulnerability may cause the device to restart. | 2023-10-11 | not yet calculated | CVE-2023-44094 MISC MISC |
huawei — harmonyos | Use-After-Free (UAF) vulnerability in the surfaceflinger module.Successful exploitation of this vulnerability can cause system crash. | 2023-10-11 | not yet calculated | CVE-2023-44095 MISC MISC |
huawei — harmonyos | Vulnerability of brute-force attacks on the device authentication module.Successful exploitation of this vulnerability may affect service confidentiality. | 2023-10-11 | not yet calculated | CVE-2023-44096 MISC MISC |
huawei — harmonyos | Vulnerability of the permission to access device SNs being improperly managed.Successful exploitation of this vulnerability may affect service confidentiality. | 2023-10-11 | not yet calculated | CVE-2023-44097 MISC MISC |
huawei — harmonyos | Broadcast permission control vulnerability in the Bluetooth module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-10-11 | not yet calculated | CVE-2023-44100 MISC MISC |
huawei — harmonyos | The Bluetooth module has a vulnerability in permission control for broadcast notifications.Successful exploitation of this vulnerability may affect confidentiality. | 2023-10-11 | not yet calculated | CVE-2023-44101 MISC |
huawei — harmonyos | Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability can cause the Bluetooth function to be unavailable. | 2023-10-11 | not yet calculated | CVE-2023-44102 MISC MISC |
huawei — harmonyos | Out-of-bounds read vulnerability in the Bluetooth module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-10-11 | not yet calculated | CVE-2023-44103 MISC MISC |
huawei — harmonyos | Broadcast permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may affect service confidentiality. | 2023-10-11 | not yet calculated | CVE-2023-44104 MISC MISC |
huawei — harmonyos | Clone vulnerability in the huks ta module.Successful exploitation of this vulnerability may affect service confidentiality. | 2023-10-11 | not yet calculated | CVE-2023-44109 MISC MISC |
huawei — harmonyos | Vulnerability of brute-force attacks on the device authentication module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-10-11 | not yet calculated | CVE-2023-44111 MISC MISC |
ibm — app_connect_enterprise | IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. IBM X-Force ID: 263833. | 2023-10-13 | not yet calculated | CVE-2023-40682 MISC MISC |
ibm — app_connect_enterprise | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.23, 12.0.1.0 through 12.0.10.0 and IBM Integration Bus 10.1 through 10.1.0.1 are vulnerable to a denial of service for integration nodes on Windows. IBM X-Force ID: 247998. | 2023-10-14 | not yet calculated | CVE-2023-45176 MISC MISC |
ibm — cloud_pak_for_business_automation | IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349. | 2023-10-14 | not yet calculated | CVE-2023-35024 MISC MISC |
ibm — qradar_siem | IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138 | 2023-10-14 | not yet calculated | CVE-2023-30994 MISC MISC |
ibm — qradar_siem | IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376. | 2023-10-14 | not yet calculated | CVE-2023-40367 MISC MISC |
ibm — security_directory_server | IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505. | 2023-10-14 | not yet calculated | CVE-2022-32755 MISC MISC |
ibm — security_directory_server | IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. X-Force ID: 228569. | 2023-10-14 | not yet calculated | CVE-2022-33161 MISC MISC MISC |
ibm — security_directory_server | IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 228582. | 2023-10-14 | not yet calculated | CVE-2022-33165 MISC MISC MISC |
ibm — security_verify_access | IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921. | 2023-10-14 | not yet calculated | CVE-2022-43740 MISC MISC |
ibm — security_verify_access | IBM Security Verify Access OIDC Provider could disclose directory information that could aid attackers in further attacks against the system. IBM X-Force ID: 239445. | 2023-10-14 | not yet calculated | CVE-2022-43868 MISC MISC |
icecms — icecms | An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. | 2023-10-12 | not yet calculated | CVE-2023-40833 MISC |
inspect_element_ltd. — echo.ac | An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echo_driver.sys component. NOTE: the vendor’s position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was “deactivated by Microsoft itself.” | 2023-10-11 | not yet calculated | CVE-2023-38817 MISC |
json-java — json-java | Denial of Service in JSON-Java versions up to and including 20230618. A bug in the parser means that an input string of modest size can lead to indefinite amounts of memory being used. | 2023-10-12 | not yet calculated | CVE-2023-5072 MISC MISC |
juniper_networks — junos_os | A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command “show chassis fpc”. The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed. expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware expr_dfw_base_hw_add:52 Failed to add h/w sfm data. expr_dfw_base_hw_create:114 Failed to add h/w data. expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__ expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0 expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0! expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure expr_dfw_bp_topo_handler:1102 Failed to program fnum. expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__. This issue affects Juniper Networks Junos OS: on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S2, 21.4R3; * 22.1 versions prior to 22.1R1-S2, 22.1R2. on PTX3000, PTX5000, QFX10000: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3 * 22.2 versions prior to 22.2R3-S1 * 22.3 versions prior to 22.3R2-S2, 22.3R3 * 22.4 versions prior to 22.4R2. | 2023-10-12 | not yet calculated | CVE-2023-22392 MISC |
juniper_networks — junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to cause an infinite loop, resulting in a Denial of Service (DoS). An attacker who sends malformed TCP traffic via an interface configured with PPPoE, causes an infinite loop on the respective PFE. This results in consuming all resources and a manual restart is needed to recover. This issue affects interfaces with PPPoE configured and tcp-mss enabled. This issue affects Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2. | 2023-10-12 | not yet calculated | CVE-2023-36841 MISC |
juniper_networks — junos_os | An Improper Handling of Inconsistent Special Elements vulnerability in the Junos Services Framework (jsf) module of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a crash in the Packet Forwarding Engine (pfe) and thereby resulting in a Denial of Service (DoS). Upon receiving malformed SSL traffic, the PFE crashes. A manual restart will be needed to recover the device. This issue only affects devices with Juniper Networks Advanced Threat Prevention (ATP) Cloud enabled with Encrypted Traffic Insights (configured via ‘security-metadata-streaming policy’). This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8, 20.4R3-S9; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; | 2023-10-12 | not yet calculated | CVE-2023-36843 MISC |
juniper_networks — junos_os | A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. | 2023-10-13 | not yet calculated | CVE-2023-44176 MISC |
juniper_networks — junos_os | A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1; * 23.2 versions prior to 23.2R2. | 2023-10-13 | not yet calculated | CVE-2023-44178 MISC |
juniper_networks — junos_os | An Improperly Implemented Security Check for Standard vulnerability in storm control of Juniper Networks Junos OS QFX5k devices allows packets to be punted to ARP queue causing a l2 loop resulting in a DDOS violations and DDOS syslog. This issue is triggered when Storm control is enabled and ICMPv6 packets are present on device. This issue affects Juniper Networks: Junos OS * All versions prior to 20.2R3-S6 on QFX5k; * 20.3 versions prior to 20.3R3-S5 on QFX5k; * 20.4 versions prior to 20.4R3-S5 on QFX5k; * 21.1 versions prior to 21.1R3-S4 on QFX5k; * 21.2 versions prior to 21.2R3-S3 on QFX5k; * 21.3 versions prior to 21.3R3-S2 on QFX5k; * 21.4 versions prior to 21.4R3 on QFX5k; * 22.1 versions prior to 22.1R3 on QFX5k; * 22.2 versions prior to 22.2R2 on QFX5k. | 2023-10-13 | not yet calculated | CVE-2023-44181 MISC MISC |
juniper_networks — junos_os | An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent attacker, sending two or more genuine packets in the same VxLAN topology to possibly cause a DMA memory leak to occur under various specific operational conditions. The scenario described here is the worst-case scenario. There are other scenarios that require operator action to occur. An indicator of compromise may be seen when multiple devices indicate that FPC0 has gone missing when issuing a show chassis fpc command for about 10 to 20 minutes, and a number of interfaces have also gone missing. Use the following command to determine if FPC0 has gone missing from the device. show chassis fpc detail This issue affects: Juniper Networks Junos OS on QFX5000 Series, EX4600 Series: * 18.4 version 18.4R2 and later versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. | 2023-10-13 | not yet calculated | CVE-2023-44183 MISC MISC MISC |
juniper_networks — junos_os | A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in telemetry processing of Juniper Networks Junos OS allows a network-based authenticated attacker to flood the system with multiple telemetry requests, causing the Junos Kernel Debugging Streaming Daemon (jkdsd) process to crash, leading to a Denial of Service (DoS). Continued receipt and processing of telemetry requests will repeatedly crash the jkdsd process and sustain the Denial of Service (DoS) condition. This issue is seen on all Junos platforms. The crash is triggered when multiple telemetry requests come from different collectors. As the load increases, the Dynamic Rendering Daemon (drend) decides to defer processing and continue later, which results in a timing issue accessing stale memory, causing the jkdsd process to crash and restart. This issue affects: Juniper Networks Junos OS: * 20.4 versions prior to 20.4R3-S9; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S1, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S2, 22.4R3; * 23.1 versions prior to 23.1R2; * 23.2 versions prior to 23.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1. | 2023-10-11 | not yet calculated | CVE-2023-44188 MISC |
juniper_networks — junos_os | An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS QFX5000 Series and EX4000 Series platforms, when a high number of VLANs are configured, a specific DHCP packet will cause PFE hogging which will lead to dropping of socket connections. This issue affects: Juniper Networks Junos OS on QFX5000 Series and EX4000 Series * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1 | 2023-10-13 | not yet calculated | CVE-2023-44191 MISC |
juniper_networks — junos_os | An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of Service (DoS). On all Junos OS QFX5000 Series platforms, when pseudo-VTEP (Virtual Tunnel End Point) is configured under EVPN-VXLAN scenario, and specific DHCP packets are transmitted, DMA memory leak is observed. Continuous receipt of these specific DHCP packets will cause memory leak to reach 99% and then cause the protocols to stop working and traffic is impacted, leading to Denial of Service (DoS) condition. A manual reboot of the system recovers from the memory leak. To confirm the memory leak, monitor for “sheaf:possible leak” and “vtep not found” messages in the logs. This issue affects: Juniper Networks Junos OS QFX5000 Series: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. | 2023-10-13 | not yet calculated | CVE-2023-44192 MISC |
juniper_networks — junos_os | An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC crash, leading to Denial of Service (DoS). On all Junos MX Series with MPC1 – MPC9, LC480, LC2101, MX10003, and MX80, when Connectivity-Fault-Management (CFM) is enabled in a VPLS scenario, and a specific LDP related command is run, an FPC will crash and reboot. Continued execution of this specific LDP command can lead to sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S1; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. | 2023-10-13 | not yet calculated | CVE-2023-44193 MISC |
juniper_networks — junos_os | An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. The issue is caused by improper directory permissions on a certain system directory, allowing an attacker with access to this directory to create a backdoor with root privileges. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S1. | 2023-10-13 | not yet calculated | CVE-2023-44194 MISC |
juniper_networks — junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause an integrity impact in connected networks. If the SIP ALG is configured and a device receives a specifically malformed SIP packet, the device prevents this packet from being forwarded, but any subsequently received retransmissions of the same packet are forwarded as if they were valid. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: * 20.4 versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. This issue doesn’t not affected releases prior to 20.4R1. | 2023-10-13 | not yet calculated | CVE-2023-44198 MISC |
juniper_networks — junos_os | An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On Junos MX Series platforms with Precision Time Protocol (PTP) configured, a prolonged routing protocol churn can lead to an FPC crash and restart. This issue affects Juniper Networks Junos OS on MX Series: * All versions prior to 20.4R3-S4; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R1-S1, 22.2R2. | 2023-10-13 | not yet calculated | CVE-2023-44199 MISC |
juniper_networks — junos_os | An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600 allows a adjacent attacker to send specific traffic, which leads to packet flooding, resulting in a Denial of Service (DoS). When a specific IGMP packet is received in an isolated VLAN, it is duplicated to all other ports under the primary VLAN, which causes a flood. This issue affects QFX5000 series, EX2300, EX3400, EX4100, EX4400 and EX4600 platforms only. This issue affects Juniper Junos OS on on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S3; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S2; * 22.1 versions prior to 22.1R3; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2. | 2023-10-13 | not yet calculated | CVE-2023-44203 MISC |
juniper_networks — junos_os/junos_evo | A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Repeated actions by the attacker will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions prior to 19.1R3-S10; * 19.2 versions prior to 19.2R3-S7; * 19.3 versions prior to 19.3R3-S8; * 19.4 versions prior to 19.4R3-S12; * 20.2 versions prior to 20.2R3-S8; * 20.4 versions prior to 20.4R3-S8; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S1; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R2. Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S1-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. | 2023-10-13 | not yet calculated | CVE-2023-44177 MISC |
juniper_networks — junos_os/os_evolved | An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker who sends specific LLDP packets to cause a Denial of Service (DoS). This issue occurs when specific LLDP packets are received, and telemetry polling is being done on the device. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S2; * 22.4 versions prior to 22.4R2; Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 version 21.1R1-EVO and later versions; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S3-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R1-S1-EVO; | 2023-10-12 | not yet calculated | CVE-2023-36839 MISC |
juniper_networks — junos_os/os_evolved | A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd to crash causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Note: This issue is not noticed when all the devices in the network are Juniper devices. This issue affects Juniper Networks: Junos OS: * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R3; * 22.4 versions prior to 22.4R3. Junos OS Evolved: * All versions prior to 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R3-EVO; * 23.2-EVO versions prior to 23.2R1-EVO. | 2023-10-12 | not yet calculated | CVE-2023-44175 MISC |
juniper_networks — junos_os/os_evolved | An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management Protocol, the gNMI interfaces, and the J-Web User Interfaces causes unintended effects such as demotion or elevation of privileges associated with an operator’s actions to occur. Multiple scenarios may occur; for example: privilege escalation over the device or another account, access to files that should not otherwise be accessible, files not being accessible where they should be accessible, code expected to run as non-root may run as root, and so forth. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S4; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R2-S2, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S3-EVO; * 22.1-EVO version 22.1R1-EVO and later versions prior to 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO. | 2023-10-13 | not yet calculated | CVE-2023-44182 MISC MISC MISC |
juniper_networks — junos_os/os_evolved | An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device’s control plane. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command: mgd process example: user@device-re#> show system processes extensive | match “mgd|PID” | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity: While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with “client-mode ‘netconf'” For example: mgd[38121]: UI_LOGIN_EVENT: User ‘root’ login, class ‘super-user’ [38121], ssh-connection ‘10.1.1.1 201 55480 10.1.1.2 22’, client-mode ‘netconf’ | 2023-10-13 | not yet calculated | CVE-2023-44184 MISC |
juniper_networks — junos_os/os_evolved | An Improper Input Validation vulnerability in the routing protocol daemon (rpd) of Juniper Networks allows an attacker to cause a Denial of Service (DoS) to the device upon receiving and processing a specific malformed ISO VPN BGP UPDATE packet. Continued receipt of this packet will cause a sustained Denial of Service condition. This issue affects: * Juniper Networks Junos OS: * All versions prior to 20.4R3-S6; * 21.1 versions prior to 21.1R3-S5; * 21.2 versions prior to 21.2R3-S4; * 21.3 versions prior to 21.3R3-S3; * 21.4 versions prior to 21.4R3-S3; * 22.1 versions prior to 22.1R2-S2, 22.1R3; * 22.2 versions prior to 22.2R2-S1, 22.2R3; * 22.3 versions prior to 22.3R1-S2, 22.3R2. Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S6-EVO; * 21.1-EVO version 21.1R1-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO versions prior to 21.3R3-S3-EVO; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-EVO; * 22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions prior to 22.3R1-S2-EVO, 22.3R2-EVO. | 2023-10-13 | not yet calculated | CVE-2023-44185 MISC |
juniper_networks — junos_os/os_evolved | An Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition. This issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor. This issue affects: Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 versions 21.1R1 and later; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S5; * 22.1 versions prior to 22.1R3-S4; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R2. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S8-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S6-EVO; * 21.3 versions prior to 21.3R3-S5-EVO; * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions prior to 22.2R3-S2-EVO; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO. | 2023-10-11 | not yet calculated | CVE-2023-44186 MISC |
juniper_networks — junos_os/os_evolved | An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS and Junos OS Evolved devices an rpd crash and restart can occur while processing BGP route updates received over an established BGP session. This specific issue is observed for BGP routes learned via a peer which is configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes. This issue affects Juniper Networks Junos OS: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R2-S1, 21.4R3-S5. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later versions; * 21.2-EVO versions prior to 21.2R3-S2-EVO; * 21.3-EVO version 21.3R1-EVO and later versions; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO. | 2023-10-13 | not yet calculated | CVE-2023-44197 MISC |
juniper_networks — junos_os/os_evolved | An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration changes without having the permissions. When a user with the respective permissions commits a configuration change, a specific file is created. That file is readable even by users with no permissions to access the configuration. This can lead to privilege escalation as the user can read the password hash when a password change is being committed. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S4; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R2-S2, 21.3R3-S1; * 21.4 versions prior to 21.4R2-S1, 21.4R3. Juniper Networks Junos OS Evolved * All versions prior to 20.4R3-S4-EVO; * 21.1 versions prior to 21.1R3-S2-EVO; * 21.2 versions prior to 21.2R3-S2-EVO; * 21.3 versions prior to 21.3R3-S1-EVO; * 21.4 versions prior to 21.4R2-S2-EVO. | 2023-10-13 | not yet calculated | CVE-2023-44201 MISC |
juniper_networks — junos_os/os_evolved | An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO; | 2023-10-13 | not yet calculated | CVE-2023-44204 MISC |
juniper_networks — junos_os_evolved | An Exposure of Sensitive Information vulnerability in the ‘file copy’ command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S7-EVO; * 21.1 versions 21.1R1-EVO and later; * 21.2 versions prior to 21.2R3-S5-EVO; * 21.3 versions prior to 21.3R3-S4-EVO; * 21.4 versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R2-EVO. | 2023-10-11 | not yet calculated | CVE-2023-44187 MISC |
juniper_networks — junos_os_evolved | An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10003 Series allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10003 Series: * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 version 22.2R1-EVO and later versions; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO. | 2023-10-11 | not yet calculated | CVE-2023-44189 MISC |
juniper_networks — junos_os_evolved | An Origin Validation vulnerability in MAC address validation of Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016 devices allows a network-adjacent attacker to bypass MAC address checking, allowing MAC addresses not intended to reach the adjacent LAN to be forwarded to the downstream network. Due to this issue, the router will start forwarding traffic if a valid route is present in forwarding-table, causing a loop and congestion in the downstream layer-2 domain connected to the device. This issue affects Juniper Networks Junos OS Evolved on PTX10001, PTX10004, PTX10008, and PTX10016: * All versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S4-EVO; * 22.2 versions 22.2R1-EVO and later; * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; * 23.2 versions prior to 23.2R1-S1-EVO, 23.2R2-EVO. | 2023-10-11 | not yet calculated | CVE-2023-44190 MISC |
juniper_networks — junos_os_evolved | An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause limited impact to the availability of the system. If specific packets reach the Routing-Engine (RE) these will be processed normally even if firewall filters are in place which should have prevented this. This can lead to a limited, increased consumption of resources resulting in a Denial-of-Service (DoS), and unauthorized access. CVE-2023-44196 is a prerequisite for this issue. This issue affects Juniper Networks Junos OS Evolved: * 21.3-EVO versions prior to 21.3R3-S5-EVO; * 21.4-EVO versions prior to 21.4R3-S4-EVO; * 22.1-EVO version 22.1R1-EVO and later; * 22.2-EVO version 22.2R1-EVO and later; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; * 22.4-EVO versions prior to 22.4R3-EVO. This issue does not affect Junos OS Evolved versions prior to 21.3R1-EVO. | 2023-10-13 | not yet calculated | CVE-2023-44195 MISC |
juniper_networks — junos_os_evolved | An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to cause an impact to the integrity of the system. When specific transit MPLS packets are received by the PFE, these packets are internally forwarded to the RE. This issue is a prerequisite for CVE-2023-44195. This issue affects Juniper Networks Junos OS Evolved: * All versions prior to 20.4R3-S8-EVO; * 21.1-EVO version 21.1R1-EVO and later; * 21.2-EVO versions prior to 21.2R3-S6-EVO; * 21.3-EVO version 21.3R1-EVO and later; * 21.4-EVO versions prior to 21.4R3-S3-EVO; * 22.1-EVO versions prior to 22.1R3-S4-EVO; * 22.2-EVO versions prior to 22.2R3-S3-EVO; * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-EVO; * 22.4-EVO versions prior to 22.4R2-EVO. | 2023-10-13 | not yet calculated | CVE-2023-44196 MISC |
keyence_corporation — kv_studio | Out-of-bounds read vulnerability exists in KV STUDIO Ver. 11.62 and earlier and KV REPLAY VIEWER Ver. 2.62 and earlier. If this vulnerability is exploited, information may be disclosed, or arbitrary code may be executed by having a user of KV STUDIO PLAYER open a specially crafted file. | 2023-10-11 | not yet calculated | CVE-2023-42138 MISC MISC |
knime — knime_analytics_platform | An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. When KNIME Analytics Platform is used as an executor for either KNIME Server or KNIME Business Hub several JavaScript-based view nodes do not sanitize the data that is displayed by default. If the data to be displayed contains JavaScript this code is executed in the browser and can perform any operations that the current user is allowed to perform silently. KNIME Analytics Platform already has configuration options with which sanitization of data can be actived, see https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal https://docs.knime.com/latest/webportal_admin_guide/index.html#html-sanitization-webportal . However, these are off by default which allows for cross-site scripting attacks. KNIME Analytics Platform 5.2.0 will enable sanitization by default. For all previous releases we recommend users to add the corresponding settings to the executor’s knime.ini. | 2023-10-12 | not yet calculated | CVE-2023-5562 MISC |
koha_library_software — koha_library_software | SQL Injection vulnerability in Koha Library Software 23.0.5.04 and before allows a remote attacker to obtain sensitive information via the intranet/cgi bin/cataloging/ysearch.pl. component. | 2023-10-11 | not yet calculated | CVE-2023-44961 MISC |
koha_library_software — koha_library_software | File Upload vulnerability in Koha Library Software 23.05.04 and before allows a remote attacker to read arbitrary files via the upload-cover-image.pl component. | 2023-10-11 | not yet calculated | CVE-2023-44962 MISC |
kubernetes — kops | Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. | 2023-10-12 | not yet calculated | CVE-2023-1943 MISC MISC |
libcue — libcue | libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0. | 2023-10-09 | not yet calculated | CVE-2023-43641 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
libxpm — libxpm | A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. | 2023-10-12 | not yet calculated | CVE-2023-43789 MISC MISC |
line_corporation — line_client_for_ios | Lack of TLS certificate verification in log transmission of a financial module within LINE Client for iOS prior to 13.16.0. | 2023-10-12 | not yet calculated | CVE-2023-5554 MISC |
linux — kernel | An integer overflow flaw was found in the Linux kernel. This issue leads to the kernel allocating `skb_shared_info` in the userspace, which is exploitable in systems without SMAP protection since `skb_shared_info` contains references to function pointers. | 2023-10-13 | not yet calculated | CVE-2023-42752 MISC MISC MISC MISC |
linux — kernel | An issue was discovered in drivers/usb/storage/ene_ub6250.c for the ENE UB6250 reader driver in the Linux kernel before 6.2.5. An object could potentially extend beyond the end of an allocation. | 2023-10-14 | not yet calculated | CVE-2023-45862 MISC MISC |
linux — kernel | An issue was discovered in lib/kobject.c in the Linux kernel before 6.2.3. With root access, an attacker can trigger a race condition that results in a fill_kobj_path out-of-bounds write. | 2023-10-14 | not yet calculated | CVE-2023-45863 MISC MISC |
macrium — reflect | A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. | 2023-10-10 | not yet calculated | CVE-2023-43896 MISC MISC |
matter — multiple_products | Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. | 2023-10-10 | not yet calculated | CVE-2023-42189 MISC MISC MISC |
mcl_technologies — mcl-net | Directory traversal vulnerability in MCL-Net versions prior to 4.6 Update Package (P01) may allow attackers to read arbitrary files. | 2023-10-11 | not yet calculated | CVE-2023-4990 MISC |
micro_research_ltd. — mr-gm2 | Use of default credentials vulnerability in MR-GM2 firmware Ver. 3.00.03 and earlier, and MR-GM3 (-D/-K/-S/-DK/-DKS/-M/-W) firmware Ver. 1.03.45 and earlier allows a network-adjacent unauthenticated attacker to intercept wireless LAN communication, when the affected product performs the communication without changing the pre-shared key from the factory-default configuration. | 2023-10-11 | not yet calculated | CVE-2023-45194 MISC MISC |
mitsubishi_electric_corporation — melsec-f_series | Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write malicious sequence programs or improper data in the product without authentication by sending illegitimate messages. | 2023-10-13 | not yet calculated | CVE-2023-4562 MISC MISC MISC |
netapp — ontap_9 | ONTAP 9 versions prior to 9.8P19, 9.9.1P16, 9.10.1P12, 9.11.1P8, 9.12.1P2 and 9.13.1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to cause a crash of the HTTP service. | 2023-10-12 | not yet calculated | CVE-2023-27314 MISC |
netapp — snapcenter | SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. | 2023-10-12 | not yet calculated | CVE-2023-27313 MISC |
netapp — snapcenter | SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | 2023-10-12 | not yet calculated | CVE-2023-27316 MISC MISC |
netapp — snapcenter_plugin_for_vmware_vsphere | SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface. | 2023-10-12 | not yet calculated | CVE-2023-27312 MISC |
netapp — snapgathers | SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials | 2023-10-12 | not yet calculated | CVE-2023-27315 MISC |
netis_systems — n3m | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 2023-10-13 | not yet calculated | CVE-2023-45463 MISC |
netis_systems — n3m | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 2023-10-13 | not yet calculated | CVE-2023-45464 MISC |
netis_systems — n3m | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | 2023-10-13 | not yet calculated | CVE-2023-45465 MISC |
netis_systems — n3m | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | 2023-10-13 | not yet calculated | CVE-2023-45466 MISC |
netis_systems — n3m | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. | 2023-10-13 | not yet calculated | CVE-2023-45467 MISC |
netis_systems — n3m | Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 2023-10-13 | not yet calculated | CVE-2023-45468 MISC |
nextcloud — nextcloud_server | Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available. | 2023-10-13 | not yet calculated | CVE-2023-39960 MISC MISC MISC |
node-qpdf — node-qpdf | All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt() fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the input pdf file path. | 2023-10-14 | not yet calculated | CVE-2023-26155 MISC MISC |
nodejs — undici | Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici’s implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds. | 2023-10-12 | not yet calculated | CVE-2023-45143 MISC MISC MISC MISC MISC |
opart — opartmultihtmlblock | Multiple Stored Cross Site Scripting (XSS) vulnerabilities in Opart opartmultihtmlblock before version 2.0.12 and Opart multihtmlblock* version 1.0.0, allows remote authenticated users to inject arbitrary web script or HTML via the body_text or body_text_rude field in /sourcefiles/BlockhtmlClass.php and /sourcefiles/blockhtml.php. | 2023-10-14 | not yet calculated | CVE-2023-30148 MISC |
opentelemetry-go — opentelemetry-go | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server’s potential memory exhaustion when many malicious requests are sent to it. HTTP header User-Agent or HTTP method for requests can be easily set by an attacker to be random and long. The library internally uses `httpconv.ServerRequest` that records every value for HTTP `method` and `User-Agent`. In order to be affected, a program has to use the `otelhttp.NewHandler` wrapper and not filter any unknown HTTP methods or User agents on the level of CDN, LB, previous middleware, etc. Version 0.44.0 fixed this issue when the values collected for attribute `http.request.method` were changed to be restricted to a set of well-known values and other high cardinality attributes were removed. As a workaround to stop being affected, `otelhttp.WithFilter()` can be used, but it requires manual careful configuration to not log certain requests entirely. For convenience and safe usage of this library, it should by default mark with the label `unknown` non-standard HTTP methods and User agents to show that such requests were made but do not increase cardinality. In case someone wants to stay with the current behavior, library API should allow to enable it. | 2023-10-12 | not yet calculated | CVE-2023-45142 MISC MISC MISC MISC MISC MISC MISC MISC |
oracle — apache_airflow | Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. | 2023-10-14 | not yet calculated | CVE-2023-42663 MISC MISC |
oracle — apache_airflow | Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. | 2023-10-14 | not yet calculated | CVE-2023-42780 MISC MISC |
oracle — apache_airflow | Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn’t. Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. | 2023-10-14 | not yet calculated | CVE-2023-42792 MISC MISC |
oracle — apache_airflow | Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the “expose_config” option is set to “non-sensitive-only”. The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected. | 2023-10-14 | not yet calculated | CVE-2023-45348 MISC MISC |
oracle — apache_tomcat | Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. | 2023-10-10 | not yet calculated | CVE-2023-42794 MISC MISC |
oracle — apache_tomcat | Incomplete Cleanup vulnerability in Apache Tomcat. When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. | 2023-10-10 | not yet calculated | CVE-2023-42795 MISC MISC MISC MISC MISC |
oracle — apache_zookeeper | Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it’s missing, like ‘[email protected]’, the authorization check will be skipped. As a result, an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration. | 2023-10-11 | not yet calculated | CVE-2023-44981 MISC MISC |
oracle — apache_tomcat | Improper Input Validation vulnerability in Apache Tomcat. Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. | 2023-10-10 | not yet calculated | CVE-2023-45648 MISC MISC MISC MISC MISC |
paritytech — frontier | Frontier is Substrate’s Ethereum compatibility layer. Prior to commit aea528198b3b226e0d20cce878551fd4c0e3d5d0, at the end of a contract execution, when opcode SUICIDE marks a contract to be deleted, the software uses `storage::remove_prefix` (now renamed to `storage::clear_prefix`) to remove all storages associated with it. This is a single IO primitive call passing the WebAssembly boundary. For large contracts, the call (without providing a `limit` parameter) can be slow. In addition, for parachains, all storages to be deleted will be part of the PoV, which easily exceed relay chain PoV size limit. On the other hand, Frontier’s maintainers only charge a fixed cost for opcode SUICIDE. The maintainers consider the severity of this issue high, because an attacker can craft a contract with a lot of storage values on a parachain, and then call opcode SUICIDE on the contract. If the transaction makes into a parachain block, the parachain will then stall because the PoV size will exceed relay chain’s limit. This is especially an issue for XCM transactions, because they can’t be skipped. Commit aea528198b3b226e0d20cce878551fd4c0e3d5d0 contains a patch for this issue. For parachains, it’s recommended to issue an emergency runtime upgrade as soon as possible. For standalone chains, the impact is less severe because the issue mainly affects PoV sizes. It’s recommended to issue a normal runtime upgrade as soon as possible. There are no known workarounds. | 2023-10-13 | not yet calculated | CVE-2023-45130 MISC MISC MISC |
peplink — surf_soho_hw1 | An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2023-10-11 | not yet calculated | CVE-2023-27380 MISC |
peplink — surf_soho_hw1 | An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2023-10-11 | not yet calculated | CVE-2023-28381 MISC |
peplink — surf_soho_hw1 | A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user’s browser. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2023-10-11 | not yet calculated | CVE-2023-34354 MISC |
peplink — surf_soho_hw1 | An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2023-10-11 | not yet calculated | CVE-2023-34356 MISC |
peplink — surf_soho_hw1 | An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8. | 2023-10-11 | not yet calculated | CVE-2023-35193 MISC |
peplink — surf_soho_hw1 | An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`. | 2023-10-11 | not yet calculated | CVE-2023-35194 MISC |
phpjabbers — limo_booking_software | PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate URI. | 2023-10-12 | not yet calculated | CVE-2023-43147 MISC |
plixer — scrutinizer | An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results. | 2023-10-12 | not yet calculated | CVE-2023-41261 MISC |
plixer — scrutinizer | An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV is vulnerable to SQL injection through the sorting parameter, allowing an unauthenticated user to execute arbitrary SQL statements in the context of the application’s backend database server. | 2023-10-12 | not yet calculated | CVE-2023-41262 MISC |
plixer — scrutinizer | An issue was discovered in Plixer Scrutinizer before 19.3.1. It exposes debug logs to unauthenticated users at the /debug/ URL path. With knowledge of valid IP addresses and source types, an unauthenticated attacker can download debug logs containing application-related information. | 2023-10-12 | not yet calculated | CVE-2023-41263 MISC |
portábilis — i-educar | A vulnerability was found in Portábilis i-Educar up to 2.7.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file \intranet\agenda_imprimir.php of the component HTTP GET Request Handler. The manipulation of the argument cod_agenda with the input “);’> <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242143. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-14 | not yet calculated | CVE-2023-5578 MISC MISC |
prestashop — prestashop | Multiple improper neutralization of SQL parameters in module AfterMail (aftermailpresta) for PrestaShop, before version 2.2.1, allows remote attackers to perform SQL injection attacks via `id_customer`, `id_conf`, `id_product` and `token` parameters in `aftermailajax.php via the ‘id_product’ parameter in hooks DisplayRightColumnProduct and DisplayProductButtons. | 2023-10-14 | not yet calculated | CVE-2023-30154 MISC |
qbittorrent — qbittorrent_client | All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the “external program” feature in the web user interface. This was reportedly exploited in the wild in March 2023. | 2023-10-10 | not yet calculated | CVE-2023-30801 MISC MISC |
qdPM — qdPM | qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI. | 2023-10-14 | not yet calculated | CVE-2023-45855 MISC MISC |
qdPM — qdPM | qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI. | 2023-10-14 | not yet calculated | CVE-2023-45856 MISC MISC |
qdocs — smart_school | A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-10 | not yet calculated | CVE-2023-5495 MISC MISC MISC |
qnap_systems_inc. — container_station | An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Container Station 2.6.7.44 and later | 2023-10-13 | not yet calculated | CVE-2023-32976 MISC |
qnap_systems_inc. — multiple_products | A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network. QES is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2453 build 20230708 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later | 2023-10-13 | not yet calculated | CVE-2023-32970 MISC |
qnap_systems_inc. — multiple_products | A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTScloud c5.1.0.2498 and later | 2023-10-13 | not yet calculated | CVE-2023-32974 MISC |
qnap_systems_inc. — qts | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | 2023-10-13 | not yet calculated | CVE-2023-32973 MISC |
qnap_systems_inc. — video_station | A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | 2023-10-13 | not yet calculated | CVE-2023-34975 MISC |
qnap_systems_inc. — video_station | A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 ( 2023/07/27 ) and later | 2023-10-13 | not yet calculated | CVE-2023-34976 MISC |
rockwell_automation — factorytalk_linx | FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol. | 2023-10-13 | not yet calculated | CVE-2023-29464 MISC |
sandbox — sandbox | A vulnerability was found in yhz66 Sandbox 6.1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /im/user/ of the component User Data Handler. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-242144. | 2023-10-14 | not yet calculated | CVE-2023-5579 MISC MISC MISC |
sap_se — sap_netweaver_as_java | SAP NetWeaver AS Java (GRMG Heartbeat application) – version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application. | 2023-10-10 | not yet calculated | CVE-2023-42477 MISC MISC |
shenzhen_reachfar_technology_company_limited — shenzhen_reachfar_v28 | Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week’s logs stored in the ‘log2’ directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations. | 2023-10-10 | not yet calculated | CVE-2023-5499 MISC |
softether_vpn — softether_vpn | An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 2023-10-12 | not yet calculated | CVE-2023-22308 MISC |
softether_vpn — softether_vpn | A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2023-10-12 | not yet calculated | CVE-2023-22325 MISC MISC |
softether_vpn — softether_vpn | A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. | 2023-10-12 | not yet calculated | CVE-2023-23581 MISC |
softether_vpn — softether_vpn | A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | 2023-10-12 | not yet calculated | CVE-2023-25774 MISC |
softether_vpn — softether_vpn | An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2023-10-12 | not yet calculated | CVE-2023-31192 MISC MISC |
softether_vpn — softether_vpn | A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2023-10-12 | not yet calculated | CVE-2023-27395 MISC MISC |
softether_vpn — softether_vpn | An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability. | 2023-10-12 | not yet calculated | CVE-2023-27516 MISC MISC |
softether_vpn — softether_vpn | An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability. | 2023-10-12 | not yet calculated | CVE-2023-32275 MISC MISC |
softether_vpn — softether_vpn | An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability. | 2023-10-12 | not yet calculated | CVE-2023-32634 MISC MISC |
sourcecodester — library_system | A vulnerability classified as critical has been found in SourceCodester Library System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-242145 was assigned to this vulnerability. | 2023-10-14 | not yet calculated | CVE-2023-5580 MISC MISC MISC |
sourcecodester — medicine_tracker_system | A vulnerability classified as problematic was found in SourceCodester Medicine Tracker System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242146 is the identifier assigned to this vulnerability. | 2023-10-14 | not yet calculated | CVE-2023-5581 MISC MISC MISC |
spa-cart — spa-cart | SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts. | 2023-10-12 | not yet calculated | CVE-2023-43148 MISC |
spa-cart — spa-cart | SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status. | 2023-10-12 | not yet calculated | CVE-2023-43149 MISC |
synapse — synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API. | 2023-10-10 | not yet calculated | CVE-2023-45129 MISC MISC MISC |
synaptics — displaylink_usb_graphics_software_for_windows | It is possible to sideload a compromised DLL during the installation at elevated privilege. | 2023-10-11 | not yet calculated | CVE-2023-4936 MISC MISC MISC |
tencent_enterprise — wechat_privatization | There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000. | 2023-10-12 | not yet calculated | CVE-2023-40829 MISC |
tibco_software_inc. — spotfire_analyst | The Spotfire Library component of TIBCO Software Inc.’s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.’s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1. | 2023-10-10 | not yet calculated | CVE-2023-26220 MISC |
tongda — oa | A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 is the identifier assigned to this vulnerability. | 2023-10-10 | not yet calculated | CVE-2023-5497 MISC MISC MISC |
tracker-miners — tracker-miners | A flaw was found in the tracker-miners package. A weakness in the sandbox allows a maliciously-crafted file to execute code outside the sandbox if the tracker-extract process has first been compromised by a separate vulnerability. | 2023-10-13 | not yet calculated | CVE-2023-5557 MISC MISC |
translator — poqdev_add-on | A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-10 | not yet calculated | CVE-2023-5496 MISC MISC MISC |
tsmuxer — tsmuxer | tsMuxer version git-2539d07 was discovered to contain an alloc-dealloc-mismatch (operator new [] vs operator delete) error. | 2023-10-12 | not yet calculated | CVE-2023-45510 MISC MISC |
tsmuxer — tsmuxer | A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. | 2023-10-12 | not yet calculated | CVE-2023-45511 MISC MISC |
vantage6 — vantage6 | vantage6 is privacy preserving federated learning infrastructure. Prior to version 4.0.0, malicious users may try to get access to resources they are not allowed to see, by creating resources with integers as names. One example where this is a risk, is when users define which users are allowed to run algorithms on their node. This may be defined by username or user id. Now, for example, if user id 13 is allowed to run tasks, and an attacker creates a username with username ’13’, they would be wrongly allowed to run an algorithm. There may also be other places in the code where such a mixup of resource ID or name leads to issues. Version 4.0.0 contains a patch for this issue. The best solution is to check when resources are created or modified, that the resource name always starts with a character. | 2023-10-11 | not yet calculated | CVE-2023-28635 MISC MISC MISC |
vantage6 — vantage6 | vantage6 is privacy preserving federated learning infrastructure. When a collaboration is deleted, the linked resources (such as tasks from that collaboration) should be deleted. This is partly to manage data properly, but also to prevent a potential (but unlikely) side-effect that affects versions prior to 4.0.0, where if a collaboration with id=10 is deleted, and subsequently a new collaboration is created with id=10, the authenticated users in that collaboration could potentially see results of the deleted collaboration in some cases. Version 4.0.0 contains a patch for this issue. There are no known workarounds. | 2023-10-11 | not yet calculated | CVE-2023-41881 MISC MISC MISC |
vantage6 — vantage6 | vantage6 is privacy preserving federated learning infrastructure. The endpoint /api/collaboration/{id}/task is used to collect all tasks from a certain collaboration. To get such tasks, a user should have permission to view the collaboration and to view the tasks in it. However, prior to version 4.0.0, it is only checked if the user has permission to view the collaboration. Version 4.0.0 contains a patch. There are no known workarounds. | 2023-10-11 | not yet calculated | CVE-2023-41882 MISC MISC MISC |
viessmann_manufacturing_co._inc. — vitogate_300 | In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method. | 2023-10-14 | not yet calculated | CVE-2023-45852 MISC MISC |
vim — vim | Use After Free in GitHub repository vim/vim prior to v9.0.2010. | 2023-10-11 | not yet calculated | CVE-2023-5535 MISC MISC |
vriteio — vriteio/vrite | Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0. | 2023-10-13 | not yet calculated | CVE-2023-5571 MISC MISC |
vriteio — vriteio/vrite | Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0. | 2023-10-13 | not yet calculated | CVE-2023-5572 MISC MISC |
vriteio — vriteio/vrite | Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0. | 2023-10-13 | not yet calculated | CVE-2023-5573 MISC MISC |
wargio — naxsi | NAXSI is an open-source maintenance web application firewall (WAF) for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious `X-Forwarded-For` IP matches `IgnoreIP` `IgnoreCIDR` rules. This old code was arranged to allow older NGINX versions to also support `IgnoreIP` `IgnoreCIDR` when multiple reverse proxies were present. The issue is patched in version 1.6. As a workaround, do not set any `IgnoreIP` `IgnoreCIDR` for older versions. | 2023-10-11 | not yet calculated | CVE-2023-45132 MISC MISC MISC |
wordpress — wordpress | Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions. | 2023-10-12 | not yet calculated | CVE-2023-23737 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions. | 2023-10-12 | not yet calculated | CVE-2023-45102 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions. | 2023-10-13 | not yet calculated | CVE-2023-45109 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions. | 2023-10-12 | not yet calculated | CVE-2023-32124 MISC |
wordpress — wordpress | Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions. | 2023-10-13 | not yet calculated | CVE-2023-38000 MISC MISC MISC |
wordpress — wordpress | Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 through 5.6.11, from 5.5 through 5.5.12, from 5.4 through 5.4.13, from 5.3 through 5.3.15, from 5.2 through 5.2.18, from 5.1 through 5.1.16, from 5.0 through 5.0.19, from 4.9 through 4.9.23, from 4.8 through 4.8.22, from 4.7 through 4.7.26, from 4.6 through 4.6.26, from 4.5 through 4.5.29, from 4.4 through 4.4.30, from 4.3 through 4.3.31, from 4.2 through 4.2.35, from 4.1 through 4.1.38. | 2023-10-13 | not yet calculated | CVE-2023-39999 MISC MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions. | 2023-10-12 | not yet calculated | CVE-2023-41131 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Nitin Rathod WP Forms Puzzle Captcha plugin <= 4.1 versions. | 2023-10-11 | not yet calculated | CVE-2023-44997 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions. | 2023-10-12 | not yet calculated | CVE-2023-44998 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions. | 2023-10-12 | not yet calculated | CVE-2023-45011 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions. | 2023-10-12 | not yet calculated | CVE-2023-45048 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions. | 2023-10-12 | not yet calculated | CVE-2023-45052 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions. | 2023-10-12 | not yet calculated | CVE-2023-45058 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions. | 2023-10-12 | not yet calculated | CVE-2023-45060 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions. | 2023-10-12 | not yet calculated | CVE-2023-45063 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions. | 2023-10-12 | not yet calculated | CVE-2023-45068 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions. | 2023-10-12 | not yet calculated | CVE-2023-45103 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions. | 2023-10-12 | not yet calculated | CVE-2023-45106 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions. | 2023-10-13 | not yet calculated | CVE-2023-45107 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions. | 2023-10-13 | not yet calculated | CVE-2023-45108 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions. | 2023-10-13 | not yet calculated | CVE-2023-45267 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions. | 2023-10-13 | not yet calculated | CVE-2023-45268 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.23 versions. | 2023-10-13 | not yet calculated | CVE-2023-45269 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. | 2023-10-13 | not yet calculated | CVE-2023-45270 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions. | 2023-10-13 | not yet calculated | CVE-2023-45276 MISC |
xiaomi — xiaomi_router | Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Xiaomi Xiaomi Router allows Overflow Buffers. | 2023-10-11 | not yet calculated | CVE-2023-26318 MISC |
xiaomi — xiaomi_router | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 2023-10-11 | not yet calculated | CVE-2023-26319 MISC |
xiaomi — xiaomi_router | Improper Neutralization of Special Elements used in a Command (‘Command Injection’) vulnerability in Xiaomi Xiaomi Router allows Command Injection. | 2023-10-11 | not yet calculated | CVE-2023-26320 MISC |
xinje — xd5e-30r-e | A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-09 | not yet calculated | CVE-2023-5462 MISC MISC MISC |
xinje — xdppro | A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-10-09 | not yet calculated | CVE-2023-5463 MISC MISC MISC |
xwiki-contrib — application-changerequest | Change Request is an application allowing users to request changes on a wiki without publishing the changes directly. Starting in version 0.11 and prior to version 1.9.2, it’s possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request. This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights. The vulnerability has been fixed in Change Request 1.9.2. It’s possible to work around the issue without upgrading by editing the document `ChangeRequest.Code.ChangeRequestSheet` and by performing the same change as in the fix commit. | 2023-10-12 | not yet calculated | CVE-2023-45138 MISC MISC MISC |
zabbix — zabbix | Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g., “var a = {{.}}”), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template. Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. | 2023-10-12 | not yet calculated | CVE-2023-29453 MISC |
zabbix — zabbix | A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. | 2023-10-12 | not yet calculated | CVE-2023-32721 MISC |
zabbix — zabbix | The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. | 2023-10-12 | not yet calculated | CVE-2023-32722 MISC |
zabbix — zabbix | Request to LDAP is sent before user permissions are checked. | 2023-10-12 | not yet calculated | CVE-2023-32723 MISC |
zabbix — zabbix | Memory pointer is in a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation. | 2023-10-12 | not yet calculated | CVE-2023-32724 MISC |
zebra_technologies — ztc_zt410 | A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi ZPL printer. This vulnerability allows an attacker that is in the same network as the printer, to change the username and password for the Web Page by sending a specially crafted POST request to the setvarsResults.cgi file. For this vulnerability to be exploitable, the printers protected mode must be disabled. | 2023-10-11 | not yet calculated | CVE-2023-4957 MISC |
zephyr — zephyr | Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. | 2023-10-13 | not yet calculated | CVE-2023-4257 MISC |
zephyr — zephyr | Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver | 2023-10-13 | not yet calculated | CVE-2023-4263 MISC |
zephyr — zephyr | The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. This results in calling k_sleep() in IRQ context, causing a fatal exception. | 2023-10-13 | not yet calculated | CVE-2023-5563 MISC |
zitadel — zitadel | ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called “Ignoring unknown usernames” which helps mitigate attacks that try to guess/enumerate usernames. While this setting was properly working during the authentication process it did not work correctly on the password reset flow. This meant that even if this feature was active that an attacker could use the password reset function to verify if an account exists within ZITADEL. This bug has been patched in versions 2.37.3 and 2.38.0. No known workarounds are available. | 2023-10-10 | not yet calculated | CVE-2023-44399 MISC MISC MISC |
zlib — zlib | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. | 2023-10-14 | not yet calculated | CVE-2023-45853 MISC MISC MISC MISC MISC |
zpe_systems,_inc — nodegrid_os | An issue in ZPE Systems, Inc Nodegrid OS v.5.8.10 thru v.5.8.13 and v.5.10.3 thru v.5.10.5 allows a remote attacker to obtain sensitive information via the TACACS+ server component. | 2023-10-14 | not yet calculated | CVE-2023-44037 CONFIRM |
zzzcms — zzzcms | A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-242147. | 2023-10-14 | not yet calculated | CVE-2023-5582 MISC MISC MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.