Cvenotify

Posts

Date Content Media
2023-03-23 23:29:44
🚨 CVE-2023-0027Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information.πŸŽ–@cveNotify
2023-03-23 23:29:43
🚨 CVE-2023-23622Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.πŸŽ–@cveNotify
2023-03-23 23:29:42
🚨 CVE-2023-21459Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.πŸŽ–@cveNotify
2023-03-23 18:29:51
🚨 CVE-2023-20029A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to insufficient memory protection in the Meraki onboarding feature of an affected device. An attacker could exploit this vulnerability by modifying the Meraki registration parameters. A successful exploit could allow the attacker to elevate privileges to root.πŸŽ–@cveNotify
2023-03-23 18:29:50
🚨 CVE-2023-20035A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.πŸŽ–@cveNotify
2023-03-23 16:30:12
🚨 CVE-2023-27077Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package.πŸŽ–@cveNotify
2023-03-23 16:30:11
🚨 CVE-2023-27078A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.πŸŽ–@cveNotify
2023-03-23 16:30:10
🚨 CVE-2023-27135TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.πŸŽ–@cveNotify
2023-03-23 16:30:09
🚨 CVE-2023-28772An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.πŸŽ–@cveNotify
2023-03-23 16:30:05
🚨 CVE-2022-28493A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,πŸŽ–@cveNotify
2023-03-23 16:30:04
🚨 CVE-2023-1538Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-23 16:30:03
🚨 CVE-2023-1536Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.πŸŽ–@cveNotify
2023-03-23 16:30:02
🚨 CVE-2023-1537Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-23 16:30:01
🚨 CVE-2023-27580CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all users’ hashed passwords should be updated (saved to the database). There are no known workarounds.πŸŽ–@cveNotify
2023-03-23 15:29:35
🚨 CVE-2023-1594A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223662 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-23 13:29:39
🚨 CVE-2018-25048The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.πŸŽ–@cveNotify
2023-03-23 13:29:38
🚨 CVE-2023-1595A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223663.πŸŽ–@cveNotify
2023-03-23 13:29:37
🚨 CVE-2023-1592A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-223660.πŸŽ–@cveNotify
2023-03-23 13:29:36
🚨 CVE-2023-1593A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_class. The manipulation of the argument description leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-223661 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-23 11:29:41
🚨 CVE-2023-1589A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/approve_delete.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223654 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-23 11:29:40
🚨 CVE-2023-1590A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223655.πŸŽ–@cveNotify
2023-03-23 11:29:37
🚨 CVE-2023-1410Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.πŸŽ–@cveNotify
2023-03-23 11:29:36
🚨 CVE-2022-22512Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.πŸŽ–@cveNotify
2023-03-23 11:29:35
🚨 CVE-2023-26114Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.πŸŽ–@cveNotify
2023-03-23 06:29:49
🚨 CVE-2023-28119The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.πŸŽ–@cveNotify
2023-03-23 06:29:45
🚨 CVE-2023-28117Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule.πŸŽ–@cveNotify
2023-03-23 06:29:44
🚨 CVE-2022-45003Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.πŸŽ–@cveNotify
2023-03-23 06:29:43
🚨 CVE-2022-45004Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.πŸŽ–@cveNotify
2023-03-23 06:29:42
🚨 CVE-2023-0870A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.πŸŽ–@cveNotify
2023-03-23 06:29:38
🚨 CVE-2023-28114`cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,`cilium-cli`, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the `etcd` store used to mirror local cluster information to remote clusters. Users who have set up cluster meshes using the Cilium Helm chart are not affected by this issue. Due to an incorrect mount point specification, the settings specified by the `initContainer` that configures `etcd` users and their permissions are overwritten when using `cilium-cli` to configure a cluster mesh. An attacker who has already gained access to a valid key and certificate for an `etcd` cluster compromised in this manner could then modify state in that `etcd` cluster. This issue is patched in `cilium-cli` 0.13.2. As a workaround, one may use Cilium's Helm charts to create their cluster.πŸŽ–@cveNotify
2023-03-23 06:29:37
🚨 CVE-2022-43863IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.πŸŽ–@cveNotify
2023-03-23 06:29:36
🚨 CVE-2023-27054A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.πŸŽ–@cveNotify
2023-03-23 06:29:35
🚨 CVE-2023-27060LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.πŸŽ–@cveNotify
2023-03-23 01:29:43
🚨 CVE-2023-27100Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.πŸŽ–@cveNotify
2023-03-23 01:29:42
🚨 CVE-2022-43863IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.πŸŽ–@cveNotify
2023-03-23 01:29:41
🚨 CVE-2023-27054A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.πŸŽ–@cveNotify
2023-03-23 01:29:40
🚨 CVE-2023-27060LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.πŸŽ–@cveNotify
2023-03-22 23:29:47
🚨 CVE-2023-1431The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location (/wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/). This makes it possible for unauthenticated attackers to view information that should be limited to administrators only and can include data like first name, last name, email, address, IP Address, and more.πŸŽ–@cveNotify
2023-03-22 23:29:46
🚨 CVE-2023-28119The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.πŸŽ–@cveNotify
2023-03-22 23:29:43
🚨 CVE-2023-27224An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.πŸŽ–@cveNotify
2023-03-22 23:29:42
🚨 CVE-2023-28117Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule.πŸŽ–@cveNotify
2023-03-22 23:29:39
🚨 CVE-2023-27069A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field.πŸŽ–@cveNotify
2023-03-22 23:29:38
🚨 CVE-2023-25615Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.πŸŽ–@cveNotify
2023-03-22 23:29:37
🚨 CVE-2023-24279A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.πŸŽ–@cveNotify
2023-03-22 23:29:36
🚨 CVE-2023-24769Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.πŸŽ–@cveNotify
2023-03-22 22:30:01
🚨 CVE-2023-24579McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.πŸŽ–@cveNotify
2023-03-22 22:30:00
🚨 CVE-2023-27041School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php.πŸŽ–@cveNotify
2023-03-22 22:29:59
🚨 CVE-2023-28106Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.πŸŽ–@cveNotify
2023-03-22 22:29:58
🚨 CVE-2023-28108Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.πŸŽ–@cveNotify
2023-03-22 22:29:54
🚨 CVE-2021-31402The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.πŸŽ–@cveNotify
2023-03-22 22:29:53
🚨 CVE-2023-28104`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.πŸŽ–@cveNotify
2023-03-22 22:29:52
🚨 CVE-2023-27010Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.πŸŽ–@cveNotify
2023-03-22 22:29:51
🚨 CVE-2023-25617SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.πŸŽ–@cveNotify
2023-03-22 22:29:50
🚨 CVE-2023-22256Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 22:29:46
🚨 CVE-2023-22265Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 22:29:45
🚨 CVE-2023-0464A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.πŸŽ–@cveNotify
2023-03-22 22:29:44
🚨 CVE-2023-21615Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.πŸŽ–@cveNotify
2023-03-22 22:29:43
🚨 CVE-2023-21616Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.πŸŽ–@cveNotify
2023-03-22 22:29:39
🚨 CVE-2023-22253Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.πŸŽ–@cveNotify
2023-03-22 22:29:38
🚨 CVE-2023-22257Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 22:29:37
🚨 CVE-2023-22258Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 22:29:36
🚨 CVE-2023-22260Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 18:30:01
🚨 CVE-2023-22265Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 18:30:00
🚨 CVE-2023-1578SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.πŸŽ–@cveNotify
2023-03-22 18:29:59
🚨 CVE-2023-0464A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.πŸŽ–@cveNotify
2023-03-22 18:29:58
🚨 CVE-2023-21616Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.πŸŽ–@cveNotify
2023-03-22 18:29:54
🚨 CVE-2023-22253Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.πŸŽ–@cveNotify
2023-03-22 18:29:53
🚨 CVE-2023-22254Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.πŸŽ–@cveNotify
2023-03-22 18:29:52
🚨 CVE-2023-22257Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 18:29:51
🚨 CVE-2023-22258Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 18:29:50
🚨 CVE-2023-22260Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 18:29:46
🚨 CVE-2023-22261Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 18:29:45
🚨 CVE-2023-22263Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 18:29:44
🚨 CVE-2023-22264Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 18:29:43
🚨 CVE-2023-22266Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.πŸŽ–@cveNotify
2023-03-22 18:29:39
🚨 CVE-2023-22269Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.πŸŽ–@cveNotify
2023-03-22 18:29:38
🚨 CVE-2023-25859Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-03-22 18:29:37
🚨 CVE-2023-25861Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-03-22 17:29:58
🚨 CVE-2023-1563A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/assign/assign.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223555.πŸŽ–@cveNotify
2023-03-22 17:29:54
🚨 CVE-2023-1564A vulnerability was found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/transactions/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223556.πŸŽ–@cveNotify
2023-03-22 17:29:53
🚨 CVE-2023-1572A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223564.πŸŽ–@cveNotify
2023-03-22 17:29:52
🚨 CVE-2023-27637An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.πŸŽ–@cveNotify
2023-03-22 17:29:51
🚨 CVE-2023-27638An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.πŸŽ–@cveNotify
2023-03-22 17:29:47
🚨 CVE-2022-34420Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.πŸŽ–@cveNotify
2023-03-22 17:29:46
🚨 CVE-2022-34419Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.πŸŽ–@cveNotify
2023-03-22 17:29:45
🚨 CVE-2022-34418Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.πŸŽ–@cveNotify
2023-03-22 17:29:44
🚨 CVE-2022-34417Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.πŸŽ–@cveNotify
2023-03-22 17:29:40
🚨 CVE-2022-34422Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.πŸŽ–@cveNotify
2023-03-22 17:29:39
🚨 CVE-2022-34409Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.πŸŽ–@cveNotify
2023-03-22 17:29:38
🚨 CVE-2023-26460Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identityπŸŽ–@cveNotify
2023-03-22 17:29:37
🚨 CVE-2023-28486Sudo before 1.9.13 does not escape control characters in log messages.πŸŽ–@cveNotify
2023-03-22 15:29:57
🚨 CVE-2023-27638An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.πŸŽ–@cveNotify
2023-03-22 15:29:56
🚨 CVE-2023-24892Microsoft Edge (Chromium-based) Webview2 Spoofing VulnerabilityπŸŽ–@cveNotify
2023-03-22 15:29:55
🚨 CVE-2023-25589A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise.πŸŽ–@cveNotify
2023-03-22 15:29:54
🚨 CVE-2022-37940Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later.πŸŽ–@cveNotify
2023-03-22 15:29:50
🚨 CVE-2023-1436An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.πŸŽ–@cveNotify
2023-03-22 15:29:49
🚨 CVE-2023-25069TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability.πŸŽ–@cveNotify
2023-03-22 15:29:48
🚨 CVE-2023-27855In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.πŸŽ–@cveNotify
2023-03-22 15:29:44
🚨 CVE-2023-27856In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.πŸŽ–@cveNotify
2023-03-22 15:29:43
🚨 CVE-2022-45634An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account informationπŸŽ–@cveNotify
2023-03-22 15:29:42
🚨 CVE-2022-41696Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 15:29:38
🚨 CVE-2022-43512Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 15:29:37
🚨 CVE-2022-45468Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 15:29:36
🚨 CVE-2022-46286Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 15:29:35
🚨 CVE-2022-46300Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 06:29:39
🚨 CVE-2021-31637An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, 3.0.1, 3.0.2 allows a remote attacker to execute arbitrary code via a crafted DLL.πŸŽ–@cveNotify
2023-03-22 06:29:38
🚨 CVE-2020-19947Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage.πŸŽ–@cveNotify
2023-03-22 06:29:37
🚨 CVE-2023-28725General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.πŸŽ–@cveNotify
2023-03-22 06:29:36
🚨 CVE-2022-41418An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.πŸŽ–@cveNotify
2023-03-22 01:29:51
🚨 CVE-2022-41696Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 01:29:49
🚨 CVE-2022-43512Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 01:29:48
🚨 CVE-2022-45121Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 01:29:47
🚨 CVE-2022-46286Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 01:29:42
🚨 CVE-2022-46300Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.πŸŽ–@cveNotify
2023-03-22 01:29:41
🚨 CVE-2023-24709An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.πŸŽ–@cveNotify
2023-03-22 01:29:40
🚨 CVE-2023-27250Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php.πŸŽ–@cveNotify
2023-03-22 01:29:39
🚨 CVE-2023-26497An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute.πŸŽ–@cveNotify
2023-03-22 01:29:38
🚨 CVE-2023-0391MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.πŸŽ–@cveNotify
2023-03-21 23:30:08
🚨 CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-21 23:30:07
🚨 CVE-2023-1530Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-21 23:30:06
🚨 CVE-2023-1531Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-21 23:30:04
🚨 CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-21 23:30:03
🚨 CVE-2023-1533Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-21 23:30:02
🚨 CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-21 23:30:01
🚨 CVE-2022-45155An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.πŸŽ–@cveNotify
2023-03-21 23:30:00
🚨 CVE-2023-0391MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.πŸŽ–@cveNotify
2023-03-21 23:29:59
🚨 CVE-2022-36429A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.πŸŽ–@cveNotify
2023-03-21 23:29:58
🚨 CVE-2022-37337A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.πŸŽ–@cveNotify
2023-03-21 23:29:57
🚨 CVE-2022-38452A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.πŸŽ–@cveNotify
2023-03-21 23:29:56
🚨 CVE-2022-38458A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.πŸŽ–@cveNotify
2023-03-21 23:29:55
🚨 CVE-2022-45636An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.πŸŽ–@cveNotify
2023-03-21 23:29:54
🚨 CVE-2018-25082A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.πŸŽ–@cveNotify
2023-03-21 23:29:53
🚨 CVE-2023-25134McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.πŸŽ–@cveNotify
2023-03-21 23:29:52
🚨 CVE-2023-27087Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.πŸŽ–@cveNotify
2023-03-21 23:29:51
🚨 CVE-2023-1304An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.πŸŽ–@cveNotify
2023-03-21 23:29:50
🚨 CVE-2023-1305An authenticated attacker can leverage an exposed β€œbox” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.πŸŽ–@cveNotify
2023-03-21 23:29:49
🚨 CVE-2023-1306An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.πŸŽ–@cveNotify
2023-03-21 23:29:48
🚨 CVE-2023-25684IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597.πŸŽ–@cveNotify
2023-03-21 20:29:52
🚨 CVE-2023-24760An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.πŸŽ–@cveNotify
2023-03-21 20:29:51
🚨 CVE-2023-27095Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.πŸŽ–@cveNotify
2023-03-21 20:29:48
🚨 CVE-2022-36429A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.πŸŽ–@cveNotify
2023-03-21 20:29:47
🚨 CVE-2022-38452A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.πŸŽ–@cveNotify
2023-03-21 20:29:46
🚨 CVE-2022-45636An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.πŸŽ–@cveNotify
2023-03-21 20:29:42
🚨 CVE-2023-25134McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.πŸŽ–@cveNotify
2023-03-21 20:29:41
🚨 CVE-2023-23419Windows Resilient File System (ReFS) Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-21 20:29:40
🚨 CVE-2023-24863Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityπŸŽ–@cveNotify
2023-03-20 23:29:55
🚨 CVE-2023-23398Microsoft Excel Spoofing VulnerabilityπŸŽ–@cveNotify
2023-03-20 23:29:54
🚨 CVE-2023-23396Microsoft Excel Denial of Service VulnerabilityπŸŽ–@cveNotify
2023-03-20 23:29:53
🚨 CVE-2023-23395Microsoft SharePoint Server Spoofing VulnerabilityπŸŽ–@cveNotify
2023-03-20 23:29:49
🚨 CVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-20 23:29:48
🚨 CVE-2022-45124An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability.πŸŽ–@cveNotify
2023-03-20 23:29:47
🚨 CVE-2023-23402Windows Media Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-20 23:29:44
🚨 CVE-2023-1418A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file cashconfirm.php of the component POST Parameter Handler. The manipulation of the argument transactioncode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223129 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-20 23:29:43
🚨 CVE-2023-1416A vulnerability classified as critical has been found in Simple Art Gallery 1.0. Affected is an unknown function of the file adminHome.php. The manipulation of the argument social_facebook leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223128.πŸŽ–@cveNotify
2023-03-20 23:29:42
🚨 CVE-2021-3293emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.πŸŽ–@cveNotify
2023-03-20 23:29:41
🚨 CVE-2023-27102Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.πŸŽ–@cveNotify
2023-03-20 23:29:37
🚨 CVE-2023-0681Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the β€˜page’ parameter of the β€˜data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.πŸŽ–@cveNotify
2023-03-20 23:29:36
🚨 CVE-2023-28425Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.πŸŽ–@cveNotify
2023-03-20 23:29:35
🚨 CVE-2023-26262An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.πŸŽ–@cveNotify
2023-03-20 21:29:46
🚨 CVE-2023-28144KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.πŸŽ–@cveNotify
2023-03-20 21:29:45
🚨 CVE-2023-27234A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.πŸŽ–@cveNotify
2023-03-20 21:29:41
🚨 CVE-2019-0881An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.πŸŽ–@cveNotify
2023-03-20 21:29:40
🚨 CVE-2019-0863An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.πŸŽ–@cveNotify
2023-03-20 21:29:39
🚨 CVE-2018-7084A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1πŸŽ–@cveNotify
2023-03-20 21:29:38
🚨 CVE-2019-0841An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.πŸŽ–@cveNotify
2023-03-20 20:29:57
🚨 CVE-2019-0810A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.πŸŽ–@cveNotify
2023-03-20 20:29:56
🚨 CVE-2023-23404Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-20 20:29:55
🚨 CVE-2023-23405Remote Procedure Call Runtime Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-20 20:29:51
🚨 CVE-2022-4148The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.πŸŽ–@cveNotify
2023-03-20 20:29:50
🚨 CVE-2023-0145The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-20 20:29:49
🚨 CVE-2023-0175The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-20 20:29:45
🚨 CVE-2023-0340The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.πŸŽ–@cveNotify
2023-03-20 20:29:44
🚨 CVE-2023-0365The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-20 20:29:43
🚨 CVE-2023-0369The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-20 20:29:39
🚨 CVE-2023-0630The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.πŸŽ–@cveNotify
2023-03-20 20:29:38
🚨 CVE-2023-0865The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.πŸŽ–@cveNotify
2023-03-20 20:29:37
🚨 CVE-2023-0875The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.πŸŽ–@cveNotify
2023-03-20 11:30:26
🚨 CVE-2023-1248Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.πŸŽ–@cveNotify
2023-03-20 11:30:25
🚨 CVE-2023-1502A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-223406 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-20 11:30:24
🚨 CVE-2023-1503A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of the argument username/password with the input admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223407.πŸŽ–@cveNotify
2023-03-20 11:30:20
🚨 CVE-2023-1504A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223408.πŸŽ–@cveNotify
2023-03-20 11:30:19
🚨 CVE-2023-1505A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223409 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-20 11:30:18
🚨 CVE-2015-10096A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383.πŸŽ–@cveNotify
2023-03-20 11:30:17
🚨 CVE-2022-4933A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The name of the patch is ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-20 06:30:36
🚨 CVE-2023-1264NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.πŸŽ–@cveNotify
2023-03-20 06:30:35
🚨 CVE-2023-1175Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.πŸŽ–@cveNotify
2023-03-20 06:30:34
🚨 CVE-2023-1170Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.πŸŽ–@cveNotify
2023-03-20 06:30:33
🚨 CVE-2023-23421Windows Kernel Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-20 06:30:32
🚨 CVE-2023-23423Windows Kernel Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-20 06:30:31
🚨 CVE-2023-23420Windows Kernel Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-20 06:30:27
🚨 CVE-2023-23422Windows Kernel Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-20 06:30:26
🚨 CVE-2023-24856Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityπŸŽ–@cveNotify
2023-03-20 06:30:25
🚨 CVE-2023-24857Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityπŸŽ–@cveNotify
2023-03-20 06:30:24
🚨 CVE-2023-24858Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure VulnerabilityπŸŽ–@cveNotify
2023-03-20 06:30:23
🚨 CVE-2023-24859Windows Internet Key Exchange (IKE) Extension Denial of Service VulnerabilityπŸŽ–@cveNotify
2023-03-19 23:29:39
🚨 CVE-2023-1498A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223398 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-19 23:29:38
🚨 CVE-2023-1499A vulnerability classified as critical was found in code-projects Simple Art Gallery 1.0. Affected by this vulnerability is an unknown functionality of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223399.πŸŽ–@cveNotify
2023-03-19 23:29:37
🚨 CVE-2023-1500A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400.πŸŽ–@cveNotify
2023-03-19 23:29:36
🚨 CVE-2023-1501A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223401 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-19 21:29:42
🚨 CVE-2023-1489A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is an unknown functionality in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375.πŸŽ–@cveNotify
2023-03-19 21:29:41
🚨 CVE-2023-1491A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects an unknown part in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-19 21:29:37
🚨 CVE-2023-1493A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been rated as problematic. This issue affects some unknown processing in the library MaxProctetor64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223379.πŸŽ–@cveNotify
2023-03-19 21:29:36
🚨 CVE-2023-1487A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects some unknown processing in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223373 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-19 21:29:35
🚨 CVE-2023-1488A vulnerability, which was classified as problematic, was found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. Affected is an unknown function in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-223374 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-19 18:29:36
🚨 CVE-2023-1496Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.πŸŽ–@cveNotify
2023-03-19 06:30:02
🚨 CVE-2023-22591IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.πŸŽ–@cveNotify
2023-03-19 06:30:01
🚨 CVE-2023-24229DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the mainfunction.cgi component.πŸŽ–@cveNotify
2023-03-19 06:29:59
🚨 CVE-2022-39216Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.πŸŽ–@cveNotify
2023-03-19 06:29:57
🚨 CVE-2023-25680IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.πŸŽ–@cveNotify
2023-03-19 06:29:56
🚨 CVE-2020-4927A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.πŸŽ–@cveNotify
2023-03-19 06:29:54
🚨 CVE-2023-26284IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417.πŸŽ–@cveNotify
2023-03-19 06:29:53
🚨 CVE-2022-46774IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.πŸŽ–@cveNotify
2023-03-19 06:29:52
🚨 CVE-2020-27507The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.πŸŽ–@cveNotify
2023-03-19 06:29:50
🚨 CVE-2023-22876IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364.πŸŽ–@cveNotify
2023-03-19 06:29:49
🚨 CVE-2022-46773IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.πŸŽ–@cveNotify
2023-03-19 06:29:48
🚨 CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2πŸŽ–@cveNotify
2023-03-19 06:29:47
🚨 CVE-2022-48423In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.πŸŽ–@cveNotify
2023-03-19 06:29:45
🚨 CVE-2022-48424In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.πŸŽ–@cveNotify
2023-03-19 06:29:44
🚨 CVE-2022-48425In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.πŸŽ–@cveNotify
2023-03-19 06:29:43
🚨 CVE-2023-28617org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.πŸŽ–@cveNotify
2023-03-19 06:29:42
🚨 CVE-2022-48422ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.πŸŽ–@cveNotify
2023-03-19 06:29:41
🚨 CVE-2023-26805Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.πŸŽ–@cveNotify
2023-03-19 06:29:39
🚨 CVE-2023-26806Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,πŸŽ–@cveNotify
2023-03-19 06:29:38
🚨 CVE-2023-26905An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id.πŸŽ–@cveNotify
2023-03-19 06:29:37
🚨 CVE-2023-1495A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-19 01:29:43
🚨 CVE-2023-1492A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been declared as problematic. This vulnerability affects unknown code in the library MaxProc64.sys of the component IoControlCode Handler. The manipulation of the argument SystemBuffer leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223378 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-19 01:29:42
🚨 CVE-2023-1493A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been rated as problematic. This issue affects some unknown processing in the library MaxProctetor64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223379.πŸŽ–@cveNotify
2023-03-19 01:29:41
🚨 CVE-2023-1494A vulnerability classified as critical has been found in IBOS 4.5.5. Affected is an unknown function of the file ApiController.php. The manipulation of the argument emailids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223380.πŸŽ–@cveNotify
2023-03-19 01:29:40
🚨 CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.πŸŽ–@cveNotify
2023-03-19 01:29:39
🚨 CVE-2023-1489A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is an unknown functionality in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375.πŸŽ–@cveNotify
2023-03-19 01:29:38
🚨 CVE-2023-1490A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is some unknown functionality in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376.πŸŽ–@cveNotify
2023-03-19 01:29:36
🚨 CVE-2023-1491A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects an unknown part in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-18 23:29:39
🚨 CVE-2023-1486A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects unknown code in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223372.πŸŽ–@cveNotify
2023-03-18 23:29:38
🚨 CVE-2023-1487A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects some unknown processing in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223373 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-18 23:29:37
🚨 CVE-2023-28609api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication.πŸŽ–@cveNotify
2023-03-18 20:29:38
🚨 CVE-2023-28606js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.πŸŽ–@cveNotify
2023-03-18 20:29:37
🚨 CVE-2023-28607js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.πŸŽ–@cveNotify
2023-03-18 13:29:36
🚨 CVE-2023-1483A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. The attack can be initiated remotely. VDB-223366 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-18 13:29:35
🚨 CVE-2023-1484A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.πŸŽ–@cveNotify
2023-03-18 11:29:37
🚨 CVE-2023-0361A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.πŸŽ–@cveNotify
2023-03-18 11:29:36
🚨 CVE-2023-26113Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js.πŸŽ–@cveNotify
2023-03-18 06:29:41
🚨 CVE-2023-25282A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.πŸŽ–@cveNotify
2023-03-18 06:29:37
🚨 CVE-2022-39214Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.πŸŽ–@cveNotify
2023-03-18 06:29:36
🚨 CVE-2023-26912Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.πŸŽ–@cveNotify
2023-03-18 06:29:35
🚨 CVE-2023-25345Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.πŸŽ–@cveNotify
2023-03-18 01:29:36
🚨 CVE-2023-27595Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall). This vulnerability is fixed in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x, and earlier are not affected. There are no known workarounds.πŸŽ–@cveNotify
2023-03-18 01:29:35
🚨 CVE-2023-28116Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually.πŸŽ–@cveNotify
2023-03-17 22:29:36
🚨 CVE-2023-27594Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing.πŸŽ–@cveNotify
2023-03-17 20:29:38
🚨 CVE-2023-27235An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.πŸŽ–@cveNotify
2023-03-17 20:29:37
🚨 CVE-2023-24726Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page.πŸŽ–@cveNotify
2023-03-17 20:29:36
🚨 CVE-2019-10790taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.πŸŽ–@cveNotify
2023-03-17 19:29:36
🚨 CVE-2023-27483crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate.πŸŽ–@cveNotify
2023-03-17 19:29:35
🚨 CVE-2023-27581github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. This can be used to execute code on the GitHub runners and to exfiltrate any secrets one uses in the CI pipeline. A patched action is available in version 4.4.1. No workaround is available.πŸŽ–@cveNotify
2023-03-17 17:30:01
🚨 CVE-2023-1471The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with minimal permissions, such as a subscrber, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.πŸŽ–@cveNotify
2023-03-17 17:30:00
🚨 CVE-2023-1472The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Actions include resetting the API key, accessing or deleting log files, and deleting cache among others.πŸŽ–@cveNotify
2023-03-17 17:29:55
🚨 CVE-2023-1474A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file users/question_papers/manage_question_paper.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223336.πŸŽ–@cveNotify
2023-03-17 17:29:54
🚨 CVE-2023-1475A vulnerability, which was classified as critical, has been found in SourceCodester Canteen Management System 1.0. This issue affects the function query of the file createuser.php. The manipulation of the argument uemail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223337 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-17 17:29:53
🚨 CVE-2023-23622Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.πŸŽ–@cveNotify
2023-03-17 17:29:52
🚨 CVE-2023-26040Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds.πŸŽ–@cveNotify
2023-03-17 17:29:51
🚨 CVE-2023-1172The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2023-03-17 17:29:47
🚨 CVE-2023-1469The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.πŸŽ–@cveNotify
2023-03-17 17:29:46
🚨 CVE-2016-15028A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847.πŸŽ–@cveNotify
2023-03-17 17:29:45
🚨 CVE-2023-24975IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030.πŸŽ–@cveNotify
2023-03-17 17:29:44
🚨 CVE-2021-21938A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.πŸŽ–@cveNotify
2023-03-17 17:29:39
🚨 CVE-2023-27484crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround.πŸŽ–@cveNotify
2023-03-17 17:29:38
🚨 CVE-2023-1369A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects some unknown processing in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875.πŸŽ–@cveNotify
2023-03-17 17:29:37
🚨 CVE-2020-36670The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.πŸŽ–@cveNotify
2023-03-17 17:29:36
🚨 CVE-2020-36669The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-17 15:29:56
🚨 CVE-2020-36668The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.πŸŽ–@cveNotify
2023-03-17 15:29:55
🚨 CVE-2020-36667The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.πŸŽ–@cveNotify
2023-03-17 15:29:51
🚨 CVE-2023-24033The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.πŸŽ–@cveNotify
2023-03-17 15:29:50
🚨 CVE-2023-26956onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.πŸŽ–@cveNotify
2023-03-17 15:29:49
🚨 CVE-2023-1172The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2023-03-17 15:29:48
🚨 CVE-2023-1469The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the β€˜pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.πŸŽ–@cveNotify
2023-03-17 15:29:44
🚨 CVE-2023-1463Improper Authorization in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.πŸŽ–@cveNotify
2023-03-17 15:29:43
🚨 CVE-2023-1464A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file Users.php?f=save_user. The manipulation of the argument firstname/middlename/lastname/username/password leads to improper authentication. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223311.πŸŽ–@cveNotify
2023-03-17 15:29:42
🚨 CVE-2023-1467A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223326 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-17 15:29:41
🚨 CVE-2023-1468A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipulation of the argument date_from/date_to leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-223327.πŸŽ–@cveNotify
2023-03-17 15:29:37
🚨 CVE-2023-1439A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracker System 1.0. This issue affects some unknown processing of the file medicines/view_details.php of the component GET Parameter Handler. The manipulation of the argument GET leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223283.πŸŽ–@cveNotify
2023-03-17 15:29:36
🚨 CVE-2023-1441A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/courses/view_course.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223285 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-17 15:29:35
🚨 CVE-2023-1442A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287.πŸŽ–@cveNotify
2023-03-17 13:29:41
🚨 CVE-2023-1443A vulnerability was found in Filseclab Twister Antivirus 8. It has been declared as problematic. This vulnerability affects unknown code in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223288.πŸŽ–@cveNotify
2023-03-17 13:29:40
🚨 CVE-2023-1444A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects some unknown processing in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223289 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-17 13:29:39
🚨 CVE-2023-1445A vulnerability classified as problematic has been found in Filseclab Twister Antivirus 8. Affected is an unknown function in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-223290 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-17 13:29:38
🚨 CVE-2023-1446A vulnerability classified as problematic was found in Watchdog Anti-Virus 1.4.214.0. Affected by this vulnerability is an unknown functionality in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223291.πŸŽ–@cveNotify
2023-03-17 13:29:37
🚨 CVE-2023-1453A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-17 10:29:47
🚨 CVE-2023-1448A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-17 10:29:45
🚨 CVE-2023-1450A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295.πŸŽ–@cveNotify
2023-03-17 10:29:44
🚨 CVE-2023-1451A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223296.πŸŽ–@cveNotify
2023-03-17 10:29:40
🚨 CVE-2023-1452A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-17 10:29:39
🚨 CVE-2023-1453A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-17 10:29:37
🚨 CVE-2023-1455A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223300.πŸŽ–@cveNotify
2023-03-17 10:29:36
🚨 CVE-2021-21548Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.πŸŽ–@cveNotify
2023-03-17 06:29:40
🚨 CVE-2023-28531ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.πŸŽ–@cveNotify
2023-03-17 06:29:37
🚨 CVE-2023-26073An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the extended emergency number list.πŸŽ–@cveNotify
2023-03-17 06:29:36
🚨 CVE-2023-26072An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Emergency number list.πŸŽ–@cveNotify
2023-03-17 06:29:35
🚨 CVE-2023-26075An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.πŸŽ–@cveNotify
2023-03-17 00:29:35
🚨 CVE-2023-27059A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.πŸŽ–@cveNotify
2023-03-16 21:29:47
🚨 CVE-2023-0349The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image and video. This could allow an attacker to view and record image and video from the camera.πŸŽ–@cveNotify
2023-03-16 21:29:46
🚨 CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.πŸŽ–@cveNotify
2023-03-16 21:29:43
🚨 CVE-2023-0811Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.πŸŽ–@cveNotify
2023-03-16 21:29:42
🚨 CVE-2023-28100Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.πŸŽ–@cveNotify
2023-03-16 21:29:41
🚨 CVE-2023-28104`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.πŸŽ–@cveNotify
2023-03-16 21:29:37
🚨 CVE-2023-28105go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds.πŸŽ–@cveNotify
2023-03-16 21:29:36
🚨 CVE-2023-28108Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.πŸŽ–@cveNotify
2023-03-16 21:29:35
🚨 CVE-2023-28109Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-with-docker.com`. The domain would echo in response header, which successfully bypassed the CORS policy and retrieved basic user information. This issue has been fixed in commit ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a. There are no known workarounds.πŸŽ–@cveNotify
2023-03-16 19:29:40
🚨 CVE-2022-40531Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.πŸŽ–@cveNotify
2023-03-16 17:30:03
🚨 CVE-2023-0219The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML.πŸŽ–@cveNotify
2023-03-16 17:30:02
🚨 CVE-2023-0477The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation.πŸŽ–@cveNotify
2023-03-16 17:30:01
🚨 CVE-2023-0538The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-03-16 17:30:00
🚨 CVE-2022-47484In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-16 17:29:59
🚨 CVE-2023-0073The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-16 17:29:58
🚨 CVE-2023-0172The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-03-16 17:29:56
🚨 CVE-2022-4661The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-03-16 17:29:55
🚨 CVE-2023-0037The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injectionπŸŽ–@cveNotify
2023-03-16 17:29:54
🚨 CVE-2023-0066The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-16 17:29:53
🚨 CVE-2023-27900Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.πŸŽ–@cveNotify
2023-03-16 17:29:52
🚨 CVE-2022-47454In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.πŸŽ–@cveNotify
2023-03-16 17:29:51
🚨 CVE-2023-27899Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.πŸŽ–@cveNotify
2023-03-16 17:29:50
🚨 CVE-2023-27898Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.πŸŽ–@cveNotify
2023-03-16 17:29:49
🚨 CVE-2023-27577flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.πŸŽ–@cveNotify
2023-03-16 17:29:48
🚨 CVE-2023-1391A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-16 17:29:44
🚨 CVE-2023-1392A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function save_menu. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222979.πŸŽ–@cveNotify
2023-03-16 17:29:43
🚨 CVE-2023-1394A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been classified as critical. This affects the function mysqli_query of the file bsitemp.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222981 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-16 17:29:41
🚨 CVE-2023-25148A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.πŸŽ–@cveNotify
2023-03-16 17:29:40
🚨 CVE-2023-1396A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.πŸŽ–@cveNotify
2023-03-16 15:30:01
🚨 CVE-2023-1433A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223215.πŸŽ–@cveNotify
2023-03-16 15:30:00
🚨 CVE-2023-27875IBM Aspera Faspex 5.0.4 could allow an authenticated user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.πŸŽ–@cveNotify
2023-03-16 15:29:59
🚨 CVE-2022-34376Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.πŸŽ–@cveNotify
2023-03-16 15:29:58
🚨 CVE-2022-34377Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.πŸŽ–@cveNotify
2023-03-16 15:29:54
🚨 CVE-2023-25267An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.πŸŽ–@cveNotify
2023-03-16 15:29:53
🚨 CVE-2023-27601OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`): By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.πŸŽ–@cveNotify
2023-03-16 15:29:52
🚨 CVE-2023-28095OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in `msg_translator.c:2628` which might lead to a server crash. This issue was found while fuzzing the function `build_res_buf_from_sip_req` but could not be reproduced against a running instance of OpenSIPS. This issue could not be exploited against a running instance of OpenSIPS since no public function was found to make use of this vulnerable code. Even in the case of exploitation through unknown vectors, it is highly unlikely that this issue would lead to anything other than Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.πŸŽ–@cveNotify
2023-03-16 15:29:51
🚨 CVE-2023-28096OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `{"jsonrpc": "2.0","method": "log_le`. This malformed message was tested against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption over time. To abuse this memory leak, attackers need to reach the management interface (MI) which typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying system’s availability. No authentication is typically required to reproduce this issue. On the other hand, memory leaks may occur in other areas of OpenSIPS where the cJSON library is used for parsing JSON objects. The issue has been fixed in versions 3.1.8 and 3.2.5.πŸŽ–@cveNotify
2023-03-16 15:29:47
🚨 CVE-2022-4313A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.πŸŽ–@cveNotify
2023-03-16 15:29:46
🚨 CVE-2023-1421A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.πŸŽ–@cveNotify
2023-03-16 15:29:45
🚨 CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2πŸŽ–@cveNotify
2023-03-16 15:29:44
🚨 CVE-2023-28097OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.πŸŽ–@cveNotify
2023-03-16 15:29:40
🚨 CVE-2023-28098OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www_authorize()` . Versions 3.1.7 and 3.2.4 contain a fix.πŸŽ–@cveNotify
2023-03-16 15:29:39
🚨 CVE-2023-28099OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds.πŸŽ–@cveNotify
2023-03-16 15:29:38
🚨 CVE-2023-28337When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden β€œforceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.πŸŽ–@cveNotify
2023-03-16 15:29:37
🚨 CVE-2022-46773IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.πŸŽ–@cveNotify
2023-03-16 12:29:36
🚨 CVE-2023-24571Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.πŸŽ–@cveNotify
2023-03-16 10:29:38
🚨 CVE-2022-1586An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.πŸŽ–@cveNotify
2023-03-16 10:29:37
🚨 CVE-2022-1587An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.πŸŽ–@cveNotify
2023-03-16 10:29:36
🚨 CVE-2019-20454An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.πŸŽ–@cveNotify
2023-03-16 06:29:47
🚨 CVE-2023-27084Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.πŸŽ–@cveNotify
2023-03-16 06:29:46
🚨 CVE-2023-27095Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.πŸŽ–@cveNotify
2023-03-16 06:29:44
🚨 CVE-2023-25280OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.πŸŽ–@cveNotify
2023-03-16 06:29:40
🚨 CVE-2023-25281A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.πŸŽ–@cveNotify
2023-03-16 06:29:39
🚨 CVE-2023-28486Sudo before 1.9.13 does not escape control characters in log messages.πŸŽ–@cveNotify
2023-03-16 06:29:38
🚨 CVE-2023-28487Sudo before 1.9.13 does not escape control characters in sudoreplay output.πŸŽ–@cveNotify
2023-03-16 06:29:37
🚨 CVE-2023-28466do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).πŸŽ–@cveNotify
2023-03-16 00:29:58
🚨 CVE-2022-4313A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.πŸŽ–@cveNotify
2023-03-16 00:29:54
🚨 CVE-2023-1389TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.πŸŽ–@cveNotify
2023-03-16 00:29:53
🚨 CVE-2023-1421A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.πŸŽ–@cveNotify
2023-03-16 00:29:52
🚨 CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2πŸŽ–@cveNotify
2023-03-16 00:29:51
🚨 CVE-2023-28097OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.πŸŽ–@cveNotify
2023-03-16 00:29:50
🚨 CVE-2023-28098OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www_authorize()` . Versions 3.1.7 and 3.2.4 contain a fix.πŸŽ–@cveNotify
2023-03-16 00:29:46
🚨 CVE-2023-28337When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden β€œforceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.πŸŽ–@cveNotify
2023-03-16 00:29:45
🚨 CVE-2023-28338Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a β€œContent-Type” of β€œmultipartboundary=” will result in the request body being written to β€œ/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted.πŸŽ–@cveNotify
2023-03-16 00:29:44
🚨 CVE-2023-28460A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.πŸŽ–@cveNotify
2023-03-16 00:29:43
🚨 CVE-2023-28461Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."πŸŽ–@cveNotify
2023-03-16 00:29:39
🚨 CVE-2023-25267An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.πŸŽ–@cveNotify
2023-03-16 00:29:38
🚨 CVE-2023-27600OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`). By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue is patched in versions 3.1.7 and 3.2.4.πŸŽ–@cveNotify
2023-03-16 00:29:37
🚨 CVE-2023-27601OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`): By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.πŸŽ–@cveNotify
2023-03-16 00:29:36
🚨 CVE-2023-28096OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `{"jsonrpc": "2.0","method": "log_le`. This malformed message was tested against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption over time. To abuse this memory leak, attackers need to reach the management interface (MI) which typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying system’s availability. No authentication is typically required to reproduce this issue. On the other hand, memory leaks may occur in other areas of OpenSIPS where the cJSON library is used for parsing JSON objects. The issue has been fixed in versions 3.1.8 and 3.2.5.πŸŽ–@cveNotify
2023-03-15 23:29:58
🚨 CVE-2023-22591IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.πŸŽ–@cveNotify
2023-03-15 23:29:57
🚨 CVE-2023-26484KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the `virt-handler` service account to modify the spec of a node.πŸŽ–@cveNotify
2023-03-15 23:29:56
🚨 CVE-2023-27596OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the `stream_process` function. This issue was discovered during coverage guided fuzzing of the function `codec_delete_except_re`. By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. This issue has been fixed in version 3.1.8 and 3.2.5.πŸŽ–@cveNotify
2023-03-15 23:29:55
🚨 CVE-2023-27597OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function `setport`. This issue has been fixed in version 3.1.8 and 3.2.5.πŸŽ–@cveNotify
2023-03-15 23:29:52
🚨 CVE-2023-27598OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.πŸŽ–@cveNotify
2023-03-15 23:29:51
🚨 CVE-2023-27599OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. This issue has been fixed in versions 3.1.7 and 3.2.4.πŸŽ–@cveNotify
2023-03-15 23:29:50
🚨 CVE-2023-28450An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.πŸŽ–@cveNotify
2023-03-15 23:29:49
🚨 CVE-2023-1355NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.πŸŽ–@cveNotify
2023-03-15 23:29:45
🚨 CVE-2023-1353A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852.πŸŽ–@cveNotify
2023-03-15 23:29:44
🚨 CVE-2022-33244Transient DOS due to reachable assertion in modem during MIB reception and SIB timeoutπŸŽ–@cveNotify
2023-03-15 23:29:43
🚨 CVE-2020-27507The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.πŸŽ–@cveNotify
2023-03-15 23:29:42
🚨 CVE-2022-46773IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.πŸŽ–@cveNotify
2023-03-15 23:29:39
🚨 CVE-2023-25344An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.πŸŽ–@cveNotify
2023-03-15 23:29:38
🚨 CVE-2023-25345Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.πŸŽ–@cveNotify
2023-03-15 23:29:37
🚨 CVE-2023-26912Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.πŸŽ–@cveNotify
2023-03-15 23:29:36
🚨 CVE-2023-27903Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.πŸŽ–@cveNotify
2023-03-15 21:29:57
🚨 CVE-2022-43874IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963.πŸŽ–@cveNotify
2023-03-15 19:30:00
🚨 CVE-2022-33272Transient DOS in modem due to reachable assertion.πŸŽ–@cveNotify
2023-03-15 19:29:59
🚨 CVE-2023-1352A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851.πŸŽ–@cveNotify
2023-03-15 19:29:58
🚨 CVE-2023-1351A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-15 19:29:57
🚨 CVE-2023-1349A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-15 19:29:56
🚨 CVE-2023-1350A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.πŸŽ–@cveNotify
2023-03-15 19:29:55
🚨 CVE-2022-33278Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.πŸŽ–@cveNotify
2023-03-15 19:29:53
🚨 CVE-2022-33309Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.πŸŽ–@cveNotify
2023-03-15 19:29:52
🚨 CVE-2021-2173Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).πŸŽ–@cveNotify
2023-03-15 19:29:51
🚨 CVE-2022-33242Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.πŸŽ–@cveNotify
2023-03-15 19:29:50
🚨 CVE-2022-25655Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.πŸŽ–@cveNotify
2023-03-15 19:29:49
🚨 CVE-2022-25694Memory corruption in Modem due to usage of Out-of-range pointer offset in UIMπŸŽ–@cveNotify
2023-03-15 19:29:48
🚨 CVE-2022-22075Information Disclosure in Graphics during GPU context switch.πŸŽ–@cveNotify
2023-03-15 19:29:47
🚨 CVE-2022-25705Memory corruption in modem due to integer overflow to buffer overflow while handling APDU responseπŸŽ–@cveNotify
2023-03-15 19:29:46
🚨 CVE-2022-25709Memory corruption in modem due to use of out of range pointer offset while processing qmi msgπŸŽ–@cveNotify
2023-03-15 19:29:45
🚨 CVE-2022-33213Memory corruption in modem due to buffer overflow while processing a PPP packetπŸŽ–@cveNotify
2023-03-15 19:29:44
🚨 CVE-2022-47474In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-15 19:29:43
🚨 CVE-2022-47475In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-15 19:29:41
🚨 CVE-2022-47476In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-15 19:29:40
🚨 CVE-2022-47478In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-15 17:30:09
🚨 CVE-2023-0100In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.πŸŽ–@cveNotify
2023-03-15 17:30:07
🚨 CVE-2023-27102Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.πŸŽ–@cveNotify
2023-03-15 17:30:06
🚨 CVE-2023-27103Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.πŸŽ–@cveNotify
2023-03-15 17:30:04
🚨 CVE-2023-27781jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c.πŸŽ–@cveNotify
2023-03-15 17:30:02
🚨 CVE-2022-45155An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.πŸŽ–@cveNotify
2023-03-15 17:30:01
🚨 CVE-2023-1072An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.πŸŽ–@cveNotify
2023-03-15 17:29:59
🚨 CVE-2023-0050An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.πŸŽ–@cveNotify
2023-03-15 17:29:58
🚨 CVE-2023-26110All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.πŸŽ–@cveNotify
2023-03-15 17:29:56
🚨 CVE-2022-4331An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.πŸŽ–@cveNotify
2023-03-15 17:29:55
🚨 CVE-2023-26109All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.πŸŽ–@cveNotify
2023-03-15 17:29:53
🚨 CVE-2023-26957onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.πŸŽ–@cveNotify
2023-03-15 17:29:52
🚨 CVE-2023-0839Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.πŸŽ–@cveNotify
2023-03-15 17:29:50
🚨 CVE-2022-4289An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.πŸŽ–@cveNotify
2023-03-15 17:29:49
🚨 CVE-2023-1084An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.πŸŽ–@cveNotify
2023-03-15 17:29:47
🚨 CVE-2023-0223An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.πŸŽ–@cveNotify
2023-03-15 17:29:46
🚨 CVE-2023-27475Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.πŸŽ–@cveNotify
2023-03-15 17:29:44
🚨 CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.πŸŽ–@cveNotify
2023-03-15 17:29:42
🚨 CVE-2023-27486xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.πŸŽ–@cveNotify
2023-03-15 17:29:41
🚨 CVE-2023-26948onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.πŸŽ–@cveNotify
2023-03-15 14:29:58
🚨 CVE-2022-48111A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.πŸŽ–@cveNotify
2023-03-15 14:29:57
🚨 CVE-2023-27986emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.πŸŽ–@cveNotify
2023-03-15 14:29:56
🚨 CVE-2021-33360An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).πŸŽ–@cveNotify
2023-03-15 14:29:53
🚨 CVE-2023-27985emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.πŸŽ–@cveNotify
2023-03-15 14:29:52
🚨 CVE-2023-0090The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.πŸŽ–@cveNotify
2023-03-15 14:29:51
🚨 CVE-2023-0845Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.πŸŽ–@cveNotify
2023-03-15 14:29:50
🚨 CVE-2023-0746The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting.πŸŽ–@cveNotify
2023-03-15 14:29:49
🚨 CVE-2023-26261In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15.πŸŽ–@cveNotify
2023-03-15 14:29:45
🚨 CVE-2023-1291A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-15 14:29:44
🚨 CVE-2023-1292A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function delete_client of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222646 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-15 14:29:43
🚨 CVE-2023-1286Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.πŸŽ–@cveNotify
2023-03-15 14:29:39
🚨 CVE-2022-45155An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim.This issue affects:SUSE openSUSE Factoryobs-service-go_modules versions prior to 0.6.1.πŸŽ–@cveNotify
2023-03-15 14:29:38
🚨 CVE-2023-0089The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.πŸŽ–@cveNotify
2023-03-15 14:29:37
🚨 CVE-2023-27476OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.πŸŽ–@cveNotify
2023-03-15 14:29:36
🚨 CVE-2023-25695Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.πŸŽ–@cveNotify
2023-03-15 13:29:47
🚨 CVE-2023-25695Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.πŸŽ–@cveNotify
2023-03-15 11:29:49
🚨 CVE-2023-27239Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.πŸŽ–@cveNotify
2023-03-15 11:29:48
🚨 CVE-2023-27234A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.πŸŽ–@cveNotify
2023-03-15 11:29:47
🚨 CVE-2023-27235An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.πŸŽ–@cveNotify
2023-03-15 06:30:31
🚨 CVE-2023-28371In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.πŸŽ–@cveNotify
2023-03-15 06:30:30
🚨 CVE-2023-27757An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.πŸŽ–@cveNotify
2023-03-15 06:30:27
🚨 CVE-2023-1338The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.πŸŽ–@cveNotify
2023-03-15 06:30:25
🚨 CVE-2023-1339The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.πŸŽ–@cveNotify
2023-03-15 06:30:23
🚨 CVE-2023-1335The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.πŸŽ–@cveNotify
2023-03-15 06:30:21
🚨 CVE-2023-1336The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.πŸŽ–@cveNotify
2023-03-15 06:30:19
🚨 CVE-2023-1337The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.πŸŽ–@cveNotify
2023-03-15 06:30:17
🚨 CVE-2023-1333The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.πŸŽ–@cveNotify
2023-03-15 06:30:13
🚨 CVE-2023-1334The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.πŸŽ–@cveNotify
2023-03-15 06:30:12
🚨 CVE-2023-1127Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.πŸŽ–@cveNotify
2023-03-15 06:30:10
🚨 CVE-2023-27320Sudo before 1.9.13p2 has a double free in the per-command chroot feature.πŸŽ–@cveNotify
2023-03-15 06:30:09
🚨 CVE-2018-2844Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).πŸŽ–@cveNotify
2023-03-15 06:30:06
🚨 CVE-2020-14394An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.πŸŽ–@cveNotify
2023-03-15 06:30:04
🚨 CVE-2022-1050A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.πŸŽ–@cveNotify
2023-03-15 06:30:01
🚨 CVE-2021-3592An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.πŸŽ–@cveNotify
2023-03-15 06:29:58
🚨 CVE-2021-3593An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.πŸŽ–@cveNotify
2023-03-15 06:29:54
🚨 CVE-2021-3594An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.πŸŽ–@cveNotify
2023-03-15 06:29:52
🚨 CVE-2021-3595An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.πŸŽ–@cveNotify
2023-03-15 06:29:51
🚨 CVE-2020-29130slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.πŸŽ–@cveNotify
2023-03-15 01:29:51
🚨 CVE-2023-1327Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.πŸŽ–@cveNotify
2023-03-14 23:30:13
🚨 CVE-2023-26262An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.πŸŽ–@cveNotify
2023-03-14 23:30:12
🚨 CVE-2023-26511A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system.πŸŽ–@cveNotify
2023-03-14 23:30:11
🚨 CVE-2023-27590Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.πŸŽ–@cveNotify
2023-03-14 23:30:10
🚨 CVE-2023-27587ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.πŸŽ–@cveNotify
2023-03-14 23:30:09
🚨 CVE-2022-48111A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.πŸŽ–@cveNotify
2023-03-14 23:30:06
🚨 CVE-2022-4315An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.πŸŽ–@cveNotify
2023-03-14 23:30:05
🚨 CVE-2023-22890SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.πŸŽ–@cveNotify
2023-03-14 23:30:04
🚨 CVE-2023-23760A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.πŸŽ–@cveNotify
2023-03-14 23:30:03
🚨 CVE-2021-4331The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).πŸŽ–@cveNotify
2023-03-14 23:29:59
🚨 CVE-2021-4333The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-14 23:29:58
🚨 CVE-2023-24282An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.πŸŽ–@cveNotify
2023-03-14 23:29:57
🚨 CVE-2023-28343OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.πŸŽ–@cveNotify
2023-03-14 23:29:53
🚨 CVE-2021-33351Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.πŸŽ–@cveNotify
2023-03-14 23:29:52
🚨 CVE-2021-33353Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.πŸŽ–@cveNotify
2023-03-14 23:29:51
🚨 CVE-2023-24781Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.πŸŽ–@cveNotify
2023-03-14 23:29:50
🚨 CVE-2022-4931The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.πŸŽ–@cveNotify
2023-03-14 21:29:51
🚨 CVE-2023-25230loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF).πŸŽ–@cveNotify
2023-03-14 21:29:50
🚨 CVE-2023-25605A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.πŸŽ–@cveNotify
2023-03-14 18:30:01
🚨 CVE-2023-22847Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.πŸŽ–@cveNotify
2023-03-14 18:30:00
🚨 CVE-2023-25363A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.πŸŽ–@cveNotify
2023-03-14 18:29:59
🚨 CVE-2023-1278A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.πŸŽ–@cveNotify
2023-03-14 18:29:58
🚨 CVE-2023-23388Windows Bluetooth Driver Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:54
🚨 CVE-2023-23389Microsoft Defender Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:53
🚨 CVE-2023-23383Service Fabric Explorer Spoofing VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:52
🚨 CVE-2023-21708Remote Procedure Call Runtime Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:51
🚨 CVE-2023-23394Client Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:50
🚨 CVE-2023-23385Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:46
🚨 CVE-2023-23392HTTP Protocol Stack Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:45
🚨 CVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:44
🚨 CVE-2023-23397Microsoft Outlook Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:40
🚨 CVE-2023-23407Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:39
🚨 CVE-2023-23396Microsoft Excel Denial of Service VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:38
🚨 CVE-2023-23408Azure Apache AmbariΒ Spoofing VulnerabilityπŸŽ–@cveNotify
2023-03-14 18:29:37
🚨 CVE-2023-23409Client Server Run-Time Subsystem (CSRSS) Information Disclosure VulnerabilityπŸŽ–@cveNotify
2023-03-14 17:29:55
🚨 CVE-2022-41939knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.πŸŽ–@cveNotify
2023-03-14 17:29:54
🚨 CVE-2020-10749A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.πŸŽ–@cveNotify
2023-03-14 17:29:53
🚨 CVE-2022-2837A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.πŸŽ–@cveNotify
2023-03-14 17:29:52
🚨 CVE-2023-27088feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.πŸŽ–@cveNotify
2023-03-14 17:29:49
🚨 CVE-2022-40676A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.πŸŽ–@cveNotify
2023-03-14 17:29:48
🚨 CVE-2022-41328A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.πŸŽ–@cveNotify
2023-03-14 17:29:47
🚨 CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.πŸŽ–@cveNotify
2023-03-14 17:29:43
🚨 CVE-2023-1296HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1.πŸŽ–@cveNotify
2023-03-14 17:29:42
🚨 CVE-2023-1391A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-14 17:29:41
🚨 CVE-2023-1394A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been classified as critical. This affects the function mysqli_query of the file bsitemp.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222981 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-14 17:29:37
🚨 CVE-2023-1396A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.πŸŽ–@cveNotify
2023-03-14 17:29:36
🚨 CVE-2023-1398A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-14 17:29:35
🚨 CVE-2023-27073A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.πŸŽ–@cveNotify
2023-03-14 12:29:45
🚨 CVE-2022-4557Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01.πŸŽ–@cveNotify
2023-03-14 12:29:40
🚨 CVE-2023-27498SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailableπŸŽ–@cveNotify
2023-03-14 12:29:39
🚨 CVE-2023-27500An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.πŸŽ–@cveNotify
2023-03-14 12:29:38
🚨 CVE-2023-27501SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrityπŸŽ–@cveNotify
2023-03-14 12:29:37
🚨 CVE-2023-27893An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.πŸŽ–@cveNotify
2023-03-13 06:29:57
🚨 CVE-2023-20626In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.πŸŽ–@cveNotify
2023-03-13 06:29:56
🚨 CVE-2023-20627In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585.πŸŽ–@cveNotify
2023-03-13 06:29:55
🚨 CVE-2023-20632In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628506; Issue ID: ALPS07628506.πŸŽ–@cveNotify
2023-03-13 06:29:54
🚨 CVE-2023-20633In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508.πŸŽ–@cveNotify
2023-03-13 06:29:50
🚨 CVE-2023-20636In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593.πŸŽ–@cveNotify
2023-03-13 06:29:49
🚨 CVE-2023-27210Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.πŸŽ–@cveNotify
2023-03-13 06:29:48
🚨 CVE-2023-27213Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.πŸŽ–@cveNotify
2023-03-13 06:29:44
🚨 CVE-2023-20637In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588.πŸŽ–@cveNotify
2023-03-13 06:29:43
🚨 CVE-2023-27203Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php.πŸŽ–@cveNotify
2023-03-13 06:29:42
🚨 CVE-2023-27204Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.πŸŽ–@cveNotify
2023-03-13 06:29:38
🚨 CVE-2023-27207Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.πŸŽ–@cveNotify
2023-03-13 06:29:37
🚨 CVE-2023-27211A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.πŸŽ–@cveNotify
2023-03-13 06:29:36
🚨 CVE-2023-27206A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.πŸŽ–@cveNotify
2023-03-12 17:29:52
🚨 CVE-2016-15028A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847.πŸŽ–@cveNotify
2023-03-12 11:29:56
🚨 CVE-2023-1360A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863.πŸŽ–@cveNotify
2023-03-12 11:29:55
🚨 CVE-2023-1357A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222860.πŸŽ–@cveNotify
2023-03-12 11:29:54
🚨 CVE-2023-1358A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-12 11:29:53
🚨 CVE-2023-1359A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-12 07:30:05
🚨 CVE-2021-46875An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.πŸŽ–@cveNotify
2023-03-12 07:30:04
🚨 CVE-2021-46876An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.πŸŽ–@cveNotify
2023-03-12 07:30:02
🚨 CVE-2022-48365An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.πŸŽ–@cveNotify
2023-03-12 07:30:00
🚨 CVE-2022-48366An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.πŸŽ–@cveNotify
2023-03-12 07:29:59
🚨 CVE-2022-48367An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.πŸŽ–@cveNotify
2023-03-12 07:29:58
🚨 CVE-2020-19824An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter.πŸŽ–@cveNotify
2023-03-12 02:30:27
🚨 CVE-2020-27754In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.πŸŽ–@cveNotify
2023-03-12 02:30:26
🚨 CVE-2020-25675In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:25
🚨 CVE-2020-27756In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:24
🚨 CVE-2020-27750A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.πŸŽ–@cveNotify
2023-03-12 02:30:20
🚨 CVE-2020-25674WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.πŸŽ–@cveNotify
2023-03-12 02:30:19
🚨 CVE-2020-25666There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:18
🚨 CVE-2020-27757A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.πŸŽ–@cveNotify
2023-03-12 02:30:17
🚨 CVE-2020-29599ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.πŸŽ–@cveNotify
2023-03-12 02:30:16
🚨 CVE-2020-27776A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:12
🚨 CVE-2020-27774A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:11
🚨 CVE-2020-27775A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:10
🚨 CVE-2020-27772A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:09
🚨 CVE-2020-27767A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:05
🚨 CVE-2020-27771In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:04
🚨 CVE-2020-27766A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.πŸŽ–@cveNotify
2023-03-12 02:30:03
🚨 CVE-2020-27765A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.πŸŽ–@cveNotify
2023-03-12 02:30:02
🚨 CVE-2020-27763A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.πŸŽ–@cveNotify
2023-03-12 00:29:38
🚨 CVE-2023-1355NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.πŸŽ–@cveNotify
2023-03-12 00:29:37
🚨 CVE-2013-10021A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739.πŸŽ–@cveNotify
2023-03-11 20:29:38
🚨 CVE-2023-1353A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852.πŸŽ–@cveNotify
2023-03-11 20:29:37
🚨 CVE-2023-1354A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-11 14:29:36
🚨 CVE-2023-1351A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-11 12:29:46
🚨 CVE-2023-1349A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-11 12:29:44
🚨 CVE-2023-1350A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.πŸŽ–@cveNotify
2023-03-11 12:29:43
🚨 CVE-2022-4645LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.πŸŽ–@cveNotify
2023-03-11 12:29:42
🚨 CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.πŸŽ–@cveNotify
2023-03-11 12:29:40
🚨 CVE-2023-22895The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.πŸŽ–@cveNotify
2023-03-11 12:29:39
🚨 CVE-2022-43272DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.πŸŽ–@cveNotify
2023-03-11 12:29:38
🚨 CVE-2022-41323In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.πŸŽ–@cveNotify
2023-03-11 12:29:37
🚨 CVE-2022-31081HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected.πŸŽ–@cveNotify
2023-03-11 06:29:59
🚨 CVE-2022-4265The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated userπŸŽ–@cveNotify
2023-03-11 06:29:58
🚨 CVE-2023-1197Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.πŸŽ–@cveNotify
2023-03-11 06:29:56
🚨 CVE-2023-1200A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388.πŸŽ–@cveNotify
2023-03-11 06:29:55
🚨 CVE-2023-24789jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.πŸŽ–@cveNotify
2023-03-11 06:29:54
🚨 CVE-2023-0328The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).πŸŽ–@cveNotify
2023-03-11 06:29:53
🚨 CVE-2023-0212The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-11 06:29:51
🚨 CVE-2023-24999HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.πŸŽ–@cveNotify
2023-03-11 06:29:50
🚨 CVE-2022-25655Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.πŸŽ–@cveNotify
2023-03-11 06:29:49
🚨 CVE-2022-40530Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.πŸŽ–@cveNotify
2023-03-11 06:29:48
🚨 CVE-2022-40539Memory corruption in Automotive Android OS due to improper validation of array index.πŸŽ–@cveNotify
2023-03-11 06:29:46
🚨 CVE-2022-47457In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.πŸŽ–@cveNotify
2023-03-11 06:29:45
🚨 CVE-2022-47459In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.πŸŽ–@cveNotify
2023-03-11 06:29:44
🚨 CVE-2022-47462In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.πŸŽ–@cveNotify
2023-03-11 06:29:43
🚨 CVE-2022-47471In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 06:29:42
🚨 CVE-2022-47474In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 06:29:40
🚨 CVE-2022-47475In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 06:29:39
🚨 CVE-2022-47476In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 06:29:38
🚨 CVE-2022-47477In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 06:29:37
🚨 CVE-2022-47478In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 06:29:36
🚨 CVE-2022-47479In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 00:29:48
🚨 CVE-2022-40530Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.πŸŽ–@cveNotify
2023-03-11 00:29:47
🚨 CVE-2022-47457In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.πŸŽ–@cveNotify
2023-03-11 00:29:43
🚨 CVE-2022-47462In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.πŸŽ–@cveNotify
2023-03-11 00:29:42
🚨 CVE-2022-47474In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 00:29:41
🚨 CVE-2022-47475In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 00:29:37
🚨 CVE-2022-47477In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 00:29:36
🚨 CVE-2022-47479In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-11 00:29:35
🚨 CVE-2022-47480In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.πŸŽ–@cveNotify
2023-03-10 21:31:30
🚨 CVE-2023-1333The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.πŸŽ–@cveNotify
2023-03-10 21:31:29
🚨 CVE-2023-1334The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.πŸŽ–@cveNotify
2023-03-10 21:31:28
🚨 CVE-2023-1335The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.πŸŽ–@cveNotify
2023-03-10 21:31:27
🚨 CVE-2023-1336The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.πŸŽ–@cveNotify
2023-03-10 21:31:26
🚨 CVE-2023-1337The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.πŸŽ–@cveNotify
2023-03-10 21:31:21
🚨 CVE-2023-1338The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.πŸŽ–@cveNotify
2023-03-10 21:31:20
🚨 CVE-2023-1339The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.πŸŽ–@cveNotify
2023-03-10 21:31:19
🚨 CVE-2023-1341The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-10 21:31:18
🚨 CVE-2023-1342The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-10 21:31:13
🚨 CVE-2023-1343The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-10 21:31:12
🚨 CVE-2023-1344The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-10 21:31:11
🚨 CVE-2023-1345The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-10 21:31:10
🚨 CVE-2023-22751There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-10 21:31:05
🚨 CVE-2023-22752There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-10 21:31:04
🚨 CVE-2023-22754There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-10 21:31:03
🚨 CVE-2023-22755There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-10 21:31:02
🚨 CVE-2023-22756There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-10 19:30:00
🚨 CVE-2023-1131A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-10 19:29:59
🚨 CVE-2022-46501Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.πŸŽ–@cveNotify
2023-03-10 19:29:58
🚨 CVE-2022-35645IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958.πŸŽ–@cveNotify
2023-03-10 19:29:57
🚨 CVE-2023-1157A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Affected is the function elf_parser::Elf_parser::get_segments of the file elf_parser.cpp. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-222222 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-10 19:29:56
🚨 CVE-2023-1130A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222105 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-10 19:29:55
🚨 CVE-2023-25221Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.πŸŽ–@cveNotify
2023-03-10 19:29:54
🚨 CVE-2023-24758libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.πŸŽ–@cveNotify
2023-03-10 19:29:53
🚨 CVE-2023-1149Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.πŸŽ–@cveNotify
2023-03-10 19:29:52
🚨 CVE-2023-24757libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.πŸŽ–@cveNotify
2023-03-10 19:29:50
🚨 CVE-2023-24756libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.πŸŽ–@cveNotify
2023-03-10 19:29:46
🚨 CVE-2023-24755libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.πŸŽ–@cveNotify
2023-03-10 19:29:45
🚨 CVE-2023-24754libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.πŸŽ–@cveNotify
2023-03-10 19:29:44
🚨 CVE-2022-41044Windows Point-to-Point Tunneling Protocol Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-10 19:29:43
🚨 CVE-2022-41045Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityπŸŽ–@cveNotify
2023-03-10 19:29:39
🚨 CVE-2022-41047Microsoft ODBC Driver Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-10 19:29:38
🚨 CVE-2022-41048Microsoft ODBC Driver Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-10 19:29:37
🚨 CVE-2022-41049Windows Mark of the Web Security Feature Bypass VulnerabilityπŸŽ–@cveNotify
2023-03-10 19:29:36
🚨 CVE-2022-41052Windows Graphics Component Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-03-10 18:29:57
🚨 CVE-2023-1322A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.πŸŽ–@cveNotify
2023-03-10 18:29:56
🚨 CVE-2023-27161Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.πŸŽ–@cveNotify
2023-03-10 18:29:55
🚨 CVE-2023-27164An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.πŸŽ–@cveNotify
2023-03-10 18:29:54
🚨 CVE-2023-20053A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.πŸŽ–@cveNotify
2023-03-10 18:29:50
🚨 CVE-2023-20014A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition.πŸŽ–@cveNotify
2023-03-10 18:29:49
🚨 CVE-2022-23240Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.πŸŽ–@cveNotify
2023-03-10 18:29:48
🚨 CVE-2023-20651In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576.πŸŽ–@cveNotify
2023-03-10 18:29:44
🚨 CVE-2023-20649In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607.πŸŽ–@cveNotify
2023-03-10 18:29:43
🚨 CVE-2023-20644In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603.πŸŽ–@cveNotify
2023-03-10 18:29:42
🚨 CVE-2023-20647In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628547; Issue ID: ALPS07628547.πŸŽ–@cveNotify
2023-03-10 18:29:38
🚨 CVE-2023-20645In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609.πŸŽ–@cveNotify
2023-03-10 18:29:37
🚨 CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".πŸŽ–@cveNotify
2023-03-10 18:29:36
🚨 CVE-2022-48111A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.πŸŽ–@cveNotify
2023-03-10 12:29:47
🚨 CVE-2023-1308A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/adminlog.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222696.πŸŽ–@cveNotify
2023-03-10 12:29:46
🚨 CVE-2023-1310A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222698 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-10 12:29:45
🚨 CVE-2023-1311A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699.πŸŽ–@cveNotify
2023-03-10 07:30:11
🚨 CVE-2023-1155The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.πŸŽ–@cveNotify
2023-03-10 07:30:10
🚨 CVE-2021-3854Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.πŸŽ–@cveNotify
2023-03-10 07:30:09
🚨 CVE-2023-26053Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.πŸŽ–@cveNotify
2023-03-10 07:30:08
🚨 CVE-2023-0053SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.πŸŽ–@cveNotify
2023-03-10 07:30:04
🚨 CVE-2023-25806OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.πŸŽ–@cveNotify
2023-03-10 07:30:03
🚨 CVE-2023-20085A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script in the context of the affected interface or access sensitive, browser-based information.πŸŽ–@cveNotify
2023-03-10 07:30:02
🚨 CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.πŸŽ–@cveNotify
2023-03-10 07:29:58
🚨 CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).πŸŽ–@cveNotify
2023-03-10 07:29:57
🚨 CVE-2023-0461There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307cπŸŽ–@cveNotify
2023-03-10 07:29:56
🚨 CVE-2022-29718Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.πŸŽ–@cveNotify
2023-03-10 07:29:55
🚨 CVE-2020-5001IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953.πŸŽ–@cveNotify
2023-03-10 07:29:52
🚨 CVE-2020-5026IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662.πŸŽ–@cveNotify
2023-03-10 07:29:51
🚨 CVE-2023-25544Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.πŸŽ–@cveNotify
2023-03-10 07:29:50
🚨 CVE-2023-26281IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.πŸŽ–@cveNotify
2023-03-10 02:29:42
🚨 CVE-2022-41727An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.πŸŽ–@cveNotify
2023-03-10 02:29:41
🚨 CVE-2023-27294Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge.πŸŽ–@cveNotify
2023-03-10 02:29:38
🚨 CVE-2023-27293Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other users’ cookies and force users to make actions without their knowledge.πŸŽ–@cveNotify
2023-03-10 02:29:37
🚨 CVE-2021-34125An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.πŸŽ–@cveNotify
2023-03-10 02:29:36
🚨 CVE-2022-3767Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.πŸŽ–@cveNotify
2023-03-09 23:29:57
🚨 CVE-2023-20049A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.πŸŽ–@cveNotify
2023-03-09 23:29:56
🚨 CVE-2022-3381An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sitesπŸŽ–@cveNotify
2023-03-09 23:29:55
🚨 CVE-2022-4289An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.πŸŽ–@cveNotify
2023-03-09 23:29:54
🚨 CVE-2023-0223An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.πŸŽ–@cveNotify
2023-03-09 23:29:50
🚨 CVE-2023-27202Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php.πŸŽ–@cveNotify
2023-03-09 23:29:49
🚨 CVE-2023-27204Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.πŸŽ–@cveNotify
2023-03-09 23:29:48
🚨 CVE-2023-27205Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php.πŸŽ–@cveNotify
2023-03-09 23:29:44
🚨 CVE-2023-27206A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.πŸŽ–@cveNotify
2023-03-09 23:29:43
🚨 CVE-2023-27208A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.πŸŽ–@cveNotify
2023-03-09 23:29:42
🚨 CVE-2023-27210Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.πŸŽ–@cveNotify
2023-03-09 23:29:41
🚨 CVE-2023-27211A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.πŸŽ–@cveNotify
2023-03-09 23:29:37
🚨 CVE-2023-27213Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.πŸŽ–@cveNotify
2023-03-09 23:29:36
🚨 CVE-2023-27483crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate.πŸŽ–@cveNotify
2023-03-09 23:29:35
🚨 CVE-2023-27484crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround.πŸŽ–@cveNotify
2023-03-09 21:29:53
🚨 CVE-2023-1180A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.πŸŽ–@cveNotify
2023-03-09 21:29:52
🚨 CVE-2023-26486Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.πŸŽ–@cveNotify
2023-03-09 21:29:51
🚨 CVE-2022-4317An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects.πŸŽ–@cveNotify
2023-03-09 21:29:47
🚨 CVE-2023-0483An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site.πŸŽ–@cveNotify
2023-03-09 21:29:46
🚨 CVE-2023-1287An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.πŸŽ–@cveNotify
2023-03-09 21:29:42
🚨 CVE-2023-1288An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions.πŸŽ–@cveNotify
2023-03-09 21:29:41
🚨 CVE-2022-29056A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.πŸŽ–@cveNotify
2023-03-09 21:29:40
🚨 CVE-2023-1290A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Affected by this issue is some unknown functionality of the file admin/clients/view_client.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222644.πŸŽ–@cveNotify
2023-03-09 21:29:37
🚨 CVE-2023-1291A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-09 21:29:36
🚨 CVE-2023-1293A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647.πŸŽ–@cveNotify
2023-03-09 21:29:35
🚨 CVE-2023-26208A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.πŸŽ–@cveNotify
2023-03-09 20:29:37
🚨 CVE-2023-1287An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.πŸŽ–@cveNotify
2023-03-09 20:29:36
🚨 CVE-2023-25573metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-03-09 14:29:52
🚨 CVE-2023-1286Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.πŸŽ–@cveNotify
2023-03-09 11:29:57
🚨 CVE-2023-27985emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.πŸŽ–@cveNotify
2023-03-09 11:29:56
🚨 CVE-2023-27986emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.πŸŽ–@cveNotify
2023-03-09 11:29:55
🚨 CVE-2023-1251Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.πŸŽ–@cveNotify
2023-03-09 07:29:59
🚨 CVE-2023-26110All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.πŸŽ–@cveNotify
2023-03-09 07:29:58
🚨 CVE-2023-26948onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.πŸŽ–@cveNotify
2023-03-09 07:29:55
🚨 CVE-2023-0507Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.πŸŽ–@cveNotify
2023-03-09 07:29:54
🚨 CVE-2022-45608An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).πŸŽ–@cveNotify
2023-03-09 07:29:53
🚨 CVE-2023-23000In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.πŸŽ–@cveNotify
2023-03-09 01:30:07
🚨 CVE-2022-3162Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.πŸŽ–@cveNotify
2023-03-09 01:30:06
🚨 CVE-2023-0460The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app’s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store.πŸŽ–@cveNotify
2023-03-09 01:30:05
🚨 CVE-2023-0594Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.πŸŽ–@cveNotify
2023-03-09 01:30:01
🚨 CVE-2023-25931Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.πŸŽ–@cveNotify
2023-03-09 01:30:00
🚨 CVE-2018-25081** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.πŸŽ–@cveNotify
2023-03-09 01:29:59
🚨 CVE-2023-23501The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory..πŸŽ–@cveNotify
2023-03-09 01:29:55
🚨 CVE-2023-23496The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.πŸŽ–@cveNotify
2023-03-09 01:29:54
🚨 CVE-2023-23497A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. An app may be able to gain root privileges.πŸŽ–@cveNotify
2023-03-09 01:29:53
🚨 CVE-2022-4007A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.πŸŽ–@cveNotify
2023-03-09 01:29:49
🚨 CVE-2023-0030A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.πŸŽ–@cveNotify
2023-03-09 01:29:48
🚨 CVE-2023-23498A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account.πŸŽ–@cveNotify
2023-03-09 01:29:47
🚨 CVE-2023-23499This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2023-03-08 23:29:50
🚨 CVE-2021-33351Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.πŸŽ–@cveNotify
2023-03-08 23:29:49
🚨 CVE-2021-33352An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.πŸŽ–@cveNotify
2023-03-08 23:29:46
🚨 CVE-2021-33353Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.πŸŽ–@cveNotify
2023-03-08 23:29:45
🚨 CVE-2023-24777Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.πŸŽ–@cveNotify
2023-03-08 23:29:44
🚨 CVE-2023-22889SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.πŸŽ–@cveNotify
2023-03-08 23:29:43
🚨 CVE-2023-22890SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.πŸŽ–@cveNotify
2023-03-08 23:29:39
🚨 CVE-2023-22892There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.πŸŽ–@cveNotify
2023-03-08 23:29:38
🚨 CVE-2023-24782Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.πŸŽ–@cveNotify
2023-03-08 23:29:37
🚨 CVE-2023-27477wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.πŸŽ–@cveNotify
2023-03-08 22:29:52
🚨 CVE-2023-1276A vulnerability, which was classified as critical, has been found in SUL1SS_shop. This issue affects some unknown processing of the file application\merch\controller\Order.php. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222599.πŸŽ–@cveNotify
2023-03-08 22:29:48
🚨 CVE-2023-1277A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600.πŸŽ–@cveNotify
2023-03-08 22:29:47
🚨 CVE-2023-1278A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.πŸŽ–@cveNotify
2023-03-08 22:29:46
🚨 CVE-2023-23760A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.πŸŽ–@cveNotify
2023-03-08 22:29:45
🚨 CVE-2023-26956onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.πŸŽ–@cveNotify
2023-03-08 22:29:44
🚨 CVE-2023-27486xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.πŸŽ–@cveNotify
2023-03-08 22:29:40
🚨 CVE-2023-1275A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-08 22:29:39
🚨 CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.πŸŽ–@cveNotify
2023-03-08 22:29:38
🚨 CVE-2023-24773Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.πŸŽ–@cveNotify
2023-03-08 20:30:04
🚨 CVE-2022-3884Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.πŸŽ–@cveNotify
2023-03-08 20:30:03
🚨 CVE-2023-22995In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.πŸŽ–@cveNotify
2023-03-08 20:30:02
🚨 CVE-2023-1275A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-08 20:29:59
🚨 CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.πŸŽ–@cveNotify
2023-03-08 20:29:58
🚨 CVE-2022-43945The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HπŸŽ–@cveNotify
2023-03-08 20:29:57
🚨 CVE-2023-1080The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-08 20:29:53
🚨 CVE-2022-46712A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges.πŸŽ–@cveNotify
2023-03-08 20:29:52
🚨 CVE-2023-25768A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.πŸŽ–@cveNotify
2023-03-08 20:29:51
🚨 CVE-2023-1055A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.πŸŽ–@cveNotify
2023-03-08 20:29:48
🚨 CVE-2015-10086A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.πŸŽ–@cveNotify
2023-03-08 20:29:47
🚨 CVE-2023-24830Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.πŸŽ–@cveNotify
2023-03-08 20:29:46
🚨 CVE-2023-26041Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.πŸŽ–@cveNotify
2023-03-08 18:29:50
🚨 CVE-2023-23524A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service.πŸŽ–@cveNotify
2023-03-08 18:29:43
🚨 CVE-2022-3792Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection.This issue affects GullsEye terminal operating system: from unspecified before 5.0.13.πŸŽ–@cveNotify
2023-03-08 18:29:42
🚨 CVE-2022-22668A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.πŸŽ–@cveNotify
2023-03-08 16:29:56
🚨 CVE-2023-1214Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-08 16:29:55
🚨 CVE-2023-1215Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-08 16:29:54
🚨 CVE-2023-1217Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-08 16:29:53
🚨 CVE-2023-1218Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-08 16:29:50
🚨 CVE-2023-1219Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-03-08 16:29:49
🚨 CVE-2023-1221Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)πŸŽ–@cveNotify
2023-03-08 16:29:48
🚨 CVE-2023-1223Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2023-03-08 16:29:44
🚨 CVE-2023-1224Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2023-03-08 16:29:43
🚨 CVE-2023-1225Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2023-03-08 16:29:42
🚨 CVE-2023-1228Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2023-03-08 16:29:38
🚨 CVE-2023-1230Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)πŸŽ–@cveNotify
2023-03-08 16:29:37
🚨 CVE-2023-1232Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)πŸŽ–@cveNotify
2023-03-08 16:29:36
🚨 CVE-2023-1233Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low)πŸŽ–@cveNotify
2023-03-07 22:29:49
🚨 CVE-2023-27480XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually.πŸŽ–@cveNotify
2023-03-07 22:29:48
🚨 CVE-2023-27485thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.πŸŽ–@cveNotify
2023-03-07 22:29:44
🚨 CVE-2020-9846A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.πŸŽ–@cveNotify
2023-03-07 22:29:43
🚨 CVE-2023-24249An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.πŸŽ–@cveNotify
2023-03-07 22:29:42
🚨 CVE-2023-1048A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.πŸŽ–@cveNotify
2023-03-07 22:29:38
🚨 CVE-2022-48284A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.πŸŽ–@cveNotify
2023-03-07 22:29:37
🚨 CVE-2022-48283A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.πŸŽ–@cveNotify
2023-03-07 22:29:36
🚨 CVE-2023-26091The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.πŸŽ–@cveNotify
2023-03-07 20:29:36
🚨 CVE-2023-25605A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.πŸŽ–@cveNotify
2023-03-07 18:29:55
🚨 CVE-2023-26039ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.πŸŽ–@cveNotify
2023-03-07 18:29:54
🚨 CVE-2023-25816Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available.πŸŽ–@cveNotify
2023-03-07 18:29:53
🚨 CVE-2021-4332The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.πŸŽ–@cveNotify
2023-03-07 18:29:49
🚨 CVE-2021-4333The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-07 18:29:48
🚨 CVE-2022-4932The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.πŸŽ–@cveNotify
2023-03-07 18:29:47
🚨 CVE-2023-1254A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484.πŸŽ–@cveNotify
2023-03-07 18:29:43
🚨 CVE-2023-26953onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.πŸŽ–@cveNotify
2023-03-07 18:29:42
🚨 CVE-2023-25690Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.πŸŽ–@cveNotify
2023-03-07 18:29:41
🚨 CVE-2023-27522HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.πŸŽ–@cveNotify
2023-03-07 18:29:37
🚨 CVE-2023-26780CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.πŸŽ–@cveNotify
2023-03-07 18:29:36
🚨 CVE-2016-15024A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-07 15:30:03
🚨 CVE-2021-3329Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stackπŸŽ–@cveNotify
2023-03-07 15:29:59
🚨 CVE-2020-36667The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.πŸŽ–@cveNotify
2023-03-07 15:29:58
🚨 CVE-2020-36668The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.πŸŽ–@cveNotify
2023-03-07 15:29:57
🚨 CVE-2020-36669The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-07 15:29:56
🚨 CVE-2021-44197Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.πŸŽ–@cveNotify
2023-03-07 15:29:51
🚨 CVE-2021-4330The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download.πŸŽ–@cveNotify
2023-03-07 15:29:50
🚨 CVE-2023-23109In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.πŸŽ–@cveNotify
2023-03-07 15:29:49
🚨 CVE-2023-26955onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.πŸŽ–@cveNotify
2023-03-07 15:29:48
🚨 CVE-2023-1237Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 15:29:47
🚨 CVE-2023-1238Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 15:29:46
🚨 CVE-2023-1239Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 15:29:45
🚨 CVE-2023-1240Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 15:29:44
🚨 CVE-2023-1241Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 15:29:42
🚨 CVE-2023-1242Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 15:29:41
🚨 CVE-2023-1243Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 15:29:39
🚨 CVE-2023-1244Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 15:29:37
🚨 CVE-2023-1245Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 15:29:36
🚨 CVE-2022-3760Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.πŸŽ–@cveNotify
2023-03-07 12:29:52
🚨 CVE-2023-1247Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.πŸŽ–@cveNotify
2023-03-07 12:29:49
🚨 CVE-2022-3760Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.πŸŽ–@cveNotify
2023-03-07 12:29:48
🚨 CVE-2023-1237Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 12:29:47
🚨 CVE-2023-1239Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 12:29:46
🚨 CVE-2023-1240Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 12:29:43
🚨 CVE-2023-1241Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 12:29:42
🚨 CVE-2023-1242Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 12:29:41
🚨 CVE-2023-1244Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 12:29:40
🚨 CVE-2023-1245Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.πŸŽ–@cveNotify
2023-03-07 07:29:54
🚨 CVE-2023-22895The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.πŸŽ–@cveNotify
2023-03-07 07:29:53
🚨 CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.πŸŽ–@cveNotify
2023-03-07 07:29:51
🚨 CVE-2021-35370An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.πŸŽ–@cveNotify
2023-03-07 07:29:50
🚨 CVE-2023-26103Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server.πŸŽ–@cveNotify
2023-03-07 07:29:49
🚨 CVE-2022-40237IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727.πŸŽ–@cveNotify
2023-03-07 07:29:48
🚨 CVE-2023-22860IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.πŸŽ–@cveNotify
2023-03-07 07:29:47
🚨 CVE-2022-44310In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.πŸŽ–@cveNotify
2023-03-07 07:29:45
🚨 CVE-2023-23205An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.πŸŽ–@cveNotify
2023-03-07 07:29:44
🚨 CVE-2023-26104All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.πŸŽ–@cveNotify
2023-03-07 07:29:43
🚨 CVE-2023-25821Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.πŸŽ–@cveNotify
2023-03-07 07:29:42
🚨 CVE-2023-1033Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.πŸŽ–@cveNotify
2023-03-07 07:29:41
🚨 CVE-2021-35290File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.πŸŽ–@cveNotify
2023-03-07 07:29:40
🚨 CVE-2023-0481In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.πŸŽ–@cveNotify
2023-03-07 07:29:39
🚨 CVE-2023-22847Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.πŸŽ–@cveNotify
2023-03-07 07:29:38
🚨 CVE-2023-23554Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.πŸŽ–@cveNotify
2023-03-07 02:30:51
🚨 CVE-2017-20181A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.πŸŽ–@cveNotify
2023-03-07 02:30:49
🚨 CVE-2023-1211SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.πŸŽ–@cveNotify
2023-03-07 02:30:48
🚨 CVE-2023-1212Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.πŸŽ–@cveNotify
2023-03-07 02:30:46
🚨 CVE-2022-36369Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-07 02:30:45
🚨 CVE-2008-10004A vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-07 02:30:44
🚨 CVE-2019-8720A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.πŸŽ–@cveNotify
2023-03-07 02:30:42
🚨 CVE-2021-20251A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.πŸŽ–@cveNotify
2023-03-07 02:30:41
🚨 CVE-2021-36402In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.πŸŽ–@cveNotify
2023-03-07 02:30:39
🚨 CVE-2021-36403In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.πŸŽ–@cveNotify
2023-03-07 02:30:38
🚨 CVE-2022-3277An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.πŸŽ–@cveNotify
2023-03-07 02:30:33
🚨 CVE-2022-3424A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.πŸŽ–@cveNotify
2023-03-07 02:30:31
🚨 CVE-2022-3707A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.πŸŽ–@cveNotify
2023-03-07 02:30:30
🚨 CVE-2022-3854A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.πŸŽ–@cveNotify
2023-03-07 02:30:27
🚨 CVE-2022-3857A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.πŸŽ–@cveNotify
2023-03-07 02:30:26
🚨 CVE-2022-45141Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).πŸŽ–@cveNotify
2023-03-07 02:30:24
🚨 CVE-2022-45142The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.πŸŽ–@cveNotify
2023-03-07 02:30:22
🚨 CVE-2022-4134A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.πŸŽ–@cveNotify
2023-03-07 02:30:20
🚨 CVE-2022-4904A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.πŸŽ–@cveNotify
2023-03-07 02:30:15
🚨 CVE-2023-0330A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.πŸŽ–@cveNotify
2023-03-07 02:30:11
🚨 CVE-2023-27891rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.πŸŽ–@cveNotify
2023-03-06 22:30:02
🚨 CVE-2023-23939Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue.πŸŽ–@cveNotify
2023-03-06 22:30:00
🚨 CVE-2023-26054BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`.πŸŽ–@cveNotify
2023-03-06 22:29:59
🚨 CVE-2023-27472quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-03-06 22:29:58
🚨 CVE-2023-1026The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by category as long as those posts are published. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.πŸŽ–@cveNotify
2023-03-06 22:29:57
🚨 CVE-2023-1027The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.πŸŽ–@cveNotify
2023-03-06 22:29:56
🚨 CVE-2022-32570Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 22:29:54
🚨 CVE-2022-36348Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 22:29:53
🚨 CVE-2022-36794Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.πŸŽ–@cveNotify
2023-03-06 22:29:52
🚨 CVE-2023-1028The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-03-06 22:29:51
🚨 CVE-2023-25431An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.πŸŽ–@cveNotify
2023-03-06 22:29:48
🚨 CVE-2022-37329Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 22:29:47
🚨 CVE-2023-25432An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.πŸŽ–@cveNotify
2023-03-06 22:29:46
🚨 CVE-2022-21163Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 22:29:44
🚨 CVE-2022-27808Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 22:29:43
🚨 CVE-2023-20932In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018πŸŽ–@cveNotify
2023-03-06 22:29:42
🚨 CVE-2022-36397Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 22:29:40
🚨 CVE-2022-33972Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.πŸŽ–@cveNotify
2023-03-06 22:29:39
🚨 CVE-2023-20933In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753πŸŽ–@cveNotify
2023-03-06 22:29:38
🚨 CVE-2023-20934In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042πŸŽ–@cveNotify
2023-03-06 22:29:37
🚨 CVE-2023-20939In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981πŸŽ–@cveNotify
2023-03-06 20:30:03
🚨 CVE-2021-33224File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.πŸŽ–@cveNotify
2023-03-06 20:30:02
🚨 CVE-2023-25692Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.πŸŽ–@cveNotify
2023-03-06 20:30:01
🚨 CVE-2022-34157Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 20:30:00
🚨 CVE-2023-25691Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.πŸŽ–@cveNotify
2023-03-06 20:29:56
🚨 CVE-2023-25169discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually.πŸŽ–@cveNotify
2023-03-06 20:29:55
🚨 CVE-2023-23296Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.πŸŽ–@cveNotify
2023-03-06 20:29:54
🚨 CVE-2023-1009A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 20:29:53
🚨 CVE-2022-46440ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.πŸŽ–@cveNotify
2023-03-06 20:29:49
🚨 CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.πŸŽ–@cveNotify
2023-03-06 20:29:48
🚨 CVE-2022-45697Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory.πŸŽ–@cveNotify
2023-03-06 20:29:47
🚨 CVE-2022-30704Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 20:29:43
🚨 CVE-2022-32231Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 20:29:42
🚨 CVE-2022-34849Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.πŸŽ–@cveNotify
2023-03-06 20:29:41
🚨 CVE-2022-26888Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.πŸŽ–@cveNotify
2023-03-06 20:29:40
🚨 CVE-2021-33104Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.πŸŽ–@cveNotify
2023-03-06 17:29:43
🚨 CVE-2023-24124Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-06 17:29:42
🚨 CVE-2023-24125Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-06 17:29:41
🚨 CVE-2023-24122Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-06 17:29:40
🚨 CVE-2023-24123Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-06 15:30:08
🚨 CVE-2022-4265The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated userπŸŽ–@cveNotify
2023-03-06 15:30:07
🚨 CVE-2022-4328The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the serverπŸŽ–@cveNotify
2023-03-06 15:30:06
🚨 CVE-2023-0063The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-06 15:30:05
🚨 CVE-2023-0064The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-06 15:30:04
🚨 CVE-2023-0065The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-06 15:30:00
🚨 CVE-2023-0068The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-06 15:29:59
🚨 CVE-2023-0069The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-06 15:29:58
🚨 CVE-2023-0076The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-06 15:29:57
🚨 CVE-2023-0078The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege usersπŸŽ–@cveNotify
2023-03-06 15:29:56
🚨 CVE-2023-0165The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-06 15:29:52
🚨 CVE-2023-0212The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-06 15:29:51
🚨 CVE-2023-0328The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).πŸŽ–@cveNotify
2023-03-06 15:29:50
🚨 CVE-2022-32764Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-06 15:29:49
🚨 CVE-2023-0034The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-03-06 15:29:44
🚨 CVE-2019-14372In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.πŸŽ–@cveNotify
2023-03-06 15:29:43
🚨 CVE-2017-20180A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 15:29:42
🚨 CVE-2022-3284Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.πŸŽ–@cveNotify
2023-03-06 15:29:41
🚨 CVE-2022-4862Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.πŸŽ–@cveNotify
2023-03-06 14:29:37
🚨 CVE-2022-2178Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saysis Computer Starcities. This issue affects Starcities: before 1.1.πŸŽ–@cveNotify
2023-03-06 14:29:36
🚨 CVE-2022-3284Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.πŸŽ–@cveNotify
2023-03-06 14:29:35
🚨 CVE-2022-4862Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.πŸŽ–@cveNotify
2023-03-06 12:29:53
🚨 CVE-2023-0839Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.πŸŽ–@cveNotify
2023-03-06 12:29:52
🚨 CVE-2023-1184A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356.πŸŽ–@cveNotify
2023-03-06 12:29:51
🚨 CVE-2023-1185A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 12:29:50
🚨 CVE-2023-1186A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 12:29:49
🚨 CVE-2023-1187A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359.πŸŽ–@cveNotify
2023-03-06 12:29:47
🚨 CVE-2023-1188A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is an unknown function in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360.πŸŽ–@cveNotify
2023-03-06 12:29:46
🚨 CVE-2023-1189A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-222361 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 12:29:45
🚨 CVE-2023-1190A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 12:29:43
🚨 CVE-2023-1191A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363.πŸŽ–@cveNotify
2023-03-06 12:29:42
🚨 CVE-2015-10093A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 12:29:40
🚨 CVE-2023-22856A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.πŸŽ–@cveNotify
2023-03-06 12:29:39
🚨 CVE-2023-22857A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.πŸŽ–@cveNotify
2023-03-06 12:29:38
🚨 CVE-2023-22858An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.πŸŽ–@cveNotify
2023-03-06 12:29:36
🚨 CVE-2015-10092A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324.πŸŽ–@cveNotify
2023-03-06 06:29:51
🚨 CVE-2022-44875KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.πŸŽ–@cveNotify
2023-03-06 06:29:47
🚨 CVE-2023-26106All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.πŸŽ–@cveNotify
2023-03-06 06:29:46
🚨 CVE-2023-26107All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.πŸŽ–@cveNotify
2023-03-06 06:29:45
🚨 CVE-2023-26108Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.πŸŽ–@cveNotify
2023-03-06 06:29:44
🚨 CVE-2023-23313Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.πŸŽ–@cveNotify
2023-03-06 06:29:40
🚨 CVE-2023-27560Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.πŸŽ–@cveNotify
2023-03-06 06:29:39
🚨 CVE-2021-32852Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.πŸŽ–@cveNotify
2023-03-06 06:29:38
🚨 CVE-2022-4928A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The name of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 06:29:37
🚨 CVE-2022-4929A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The name of the patch is fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 06:29:36
🚨 CVE-2015-10091A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 02:29:46
🚨 CVE-2015-10090A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320.πŸŽ–@cveNotify
2023-03-06 02:29:42
🚨 CVE-2023-22336Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.πŸŽ–@cveNotify
2023-03-06 02:29:41
🚨 CVE-2023-22419Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.πŸŽ–@cveNotify
2023-03-06 02:29:40
🚨 CVE-2023-22421Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.πŸŽ–@cveNotify
2023-03-06 02:29:37
🚨 CVE-2023-22424Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.πŸŽ–@cveNotify
2023-03-06 02:29:36
🚨 CVE-2023-22438Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.πŸŽ–@cveNotify
2023-03-06 02:29:35
🚨 CVE-2023-25077Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.πŸŽ–@cveNotify
2023-03-06 00:29:41
🚨 CVE-2023-26510Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.πŸŽ–@cveNotify
2023-03-06 00:29:40
🚨 CVE-2023-27635debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.)πŸŽ–@cveNotify
2023-03-06 00:29:39
🚨 CVE-2023-27641The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.πŸŽ–@cveNotify
2023-03-06 00:29:38
🚨 CVE-2006-10001A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-06 00:29:37
🚨 CVE-2014-125092A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The name of the patch is e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323.πŸŽ–@cveNotify
2023-03-06 00:29:36
🚨 CVE-2023-0734Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.πŸŽ–@cveNotify
2023-03-05 22:29:38
🚨 CVE-2022-4927A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.πŸŽ–@cveNotify
2023-03-05 22:29:37
🚨 CVE-2023-25719ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations).πŸŽ–@cveNotify
2023-03-05 22:29:36
🚨 CVE-2021-40241xfig 3.2.7 is vulnerable to Buffer Overflow.πŸŽ–@cveNotify
2023-03-05 19:29:35
🚨 CVE-2023-1181Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7.πŸŽ–@cveNotify
2023-03-05 16:29:37
🚨 CVE-2015-10089A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291.πŸŽ–@cveNotify
2023-03-05 12:29:37
🚨 CVE-2023-1179A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-05 12:29:36
🚨 CVE-2023-1180A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.πŸŽ–@cveNotify
2023-03-05 06:29:40
🚨 CVE-2015-10088A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267.πŸŽ–@cveNotify
2023-03-05 06:29:39
🚨 CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.πŸŽ–@cveNotify
2023-03-05 06:29:38
🚨 CVE-2022-41323In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.πŸŽ–@cveNotify
2023-03-05 06:29:37
🚨 CVE-2008-10002A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The name of the patch is 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-05 06:29:36
🚨 CVE-2008-10003A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288.πŸŽ–@cveNotify
2023-03-05 00:29:40
🚨 CVE-2014-125091A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268.πŸŽ–@cveNotify
2023-03-04 21:29:46
🚨 CVE-2023-24751libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.πŸŽ–@cveNotify
2023-03-04 21:29:45
🚨 CVE-2023-24754libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.πŸŽ–@cveNotify
2023-03-04 21:29:44
🚨 CVE-2023-24755libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.πŸŽ–@cveNotify
2023-03-04 21:29:41
🚨 CVE-2023-24756libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.πŸŽ–@cveNotify
2023-03-04 21:29:40
🚨 CVE-2023-25221Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.πŸŽ–@cveNotify
2023-03-04 21:29:39
🚨 CVE-2020-36665A vulnerability was found in ArtesΓ£os SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-04 19:29:41
🚨 CVE-2020-36664A vulnerability has been found in ArtesΓ£os SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232.πŸŽ–@cveNotify
2023-03-04 18:29:43
🚨 CVE-2023-1175Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.πŸŽ–@cveNotify
2023-03-04 12:29:41
🚨 CVE-2020-36663A vulnerability, which was classified as problematic, was found in ArtesΓ£os SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231.πŸŽ–@cveNotify
2023-03-04 07:30:16
🚨 CVE-2023-0230The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-03-04 07:30:14
🚨 CVE-2023-25233Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.πŸŽ–@cveNotify
2023-03-04 07:30:13
🚨 CVE-2023-22998In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).πŸŽ–@cveNotify
2023-03-04 07:30:12
🚨 CVE-2023-27292An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.πŸŽ–@cveNotify
2023-03-04 07:30:11
🚨 CVE-2023-27295Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.πŸŽ–@cveNotify
2023-03-04 07:30:10
🚨 CVE-2023-25234Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.πŸŽ–@cveNotify
2023-03-04 07:30:09
🚨 CVE-2023-25231Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.πŸŽ–@cveNotify
2023-03-04 07:30:05
🚨 CVE-2023-24128Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-04 07:30:04
🚨 CVE-2023-24129Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-04 07:30:03
🚨 CVE-2023-24130Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-04 07:30:02
🚨 CVE-2023-24131Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-04 07:30:01
🚨 CVE-2023-24133Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-04 07:29:57
🚨 CVE-2023-22767Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-04 07:29:56
🚨 CVE-2023-22768Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-04 07:29:55
🚨 CVE-2023-22763Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-04 07:29:54
🚨 CVE-2023-22764Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-04 07:29:53
🚨 CVE-2023-22765Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-04 07:29:48
🚨 CVE-2023-22762Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.πŸŽ–@cveNotify
2023-03-04 07:29:43
🚨 CVE-2023-0331The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.πŸŽ–@cveNotify
2023-03-03 23:29:57
🚨 CVE-2023-23313Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.πŸŽ–@cveNotify
2023-03-03 23:29:56
🚨 CVE-2023-26488OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.πŸŽ–@cveNotify
2023-03-03 23:29:55
🚨 CVE-2023-26492Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.πŸŽ–@cveNotify
2023-03-03 23:29:51
🚨 CVE-2022-46560D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan2Settings module.πŸŽ–@cveNotify
2023-03-03 23:29:50
🚨 CVE-2022-46562D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module.πŸŽ–@cveNotify
2023-03-03 23:29:46
🚨 CVE-2022-46566D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module.πŸŽ–@cveNotify
2023-03-03 23:29:45
🚨 CVE-2022-46569D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module.πŸŽ–@cveNotify
2023-03-03 23:29:44
🚨 CVE-2022-46570D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module.πŸŽ–@cveNotify
2023-03-03 23:29:41
🚨 CVE-2022-37130In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerabilityπŸŽ–@cveNotify
2023-03-03 23:29:40
🚨 CVE-2018-20177rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.πŸŽ–@cveNotify
2023-03-03 23:29:39
🚨 CVE-2018-11516The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.πŸŽ–@cveNotify
2023-03-03 21:29:43
🚨 CVE-2019-13513In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application.πŸŽ–@cveNotify
2023-03-03 21:29:42
🚨 CVE-2018-2028IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.πŸŽ–@cveNotify
2023-03-03 20:30:13
🚨 CVE-2022-36537ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.πŸŽ–@cveNotify
2023-03-03 20:30:12
🚨 CVE-2022-0480A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.πŸŽ–@cveNotify
2023-03-03 20:30:11
🚨 CVE-2022-41322In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.πŸŽ–@cveNotify
2023-03-03 20:30:10
🚨 CVE-2009-1956Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.πŸŽ–@cveNotify
2023-03-03 20:30:09
🚨 CVE-2020-18693Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'.πŸŽ–@cveNotify
2023-03-03 20:30:05
🚨 CVE-2019-13111A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.πŸŽ–@cveNotify
2023-03-03 20:30:04
🚨 CVE-2019-14347Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.πŸŽ–@cveNotify
2023-03-03 20:30:03
🚨 CVE-2020-27784A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().πŸŽ–@cveNotify
2023-03-03 20:30:02
🚨 CVE-2019-14529OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.πŸŽ–@cveNotify
2023-03-03 20:30:01
🚨 CVE-2019-14524An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.πŸŽ–@cveNotify
2023-03-03 20:29:57
🚨 CVE-2015-7559It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.πŸŽ–@cveNotify
2023-03-03 20:29:56
🚨 CVE-2019-14459nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).πŸŽ–@cveNotify
2023-03-03 20:29:55
🚨 CVE-2019-15141WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.πŸŽ–@cveNotify
2023-03-03 20:29:54
🚨 CVE-2019-13512Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device.πŸŽ–@cveNotify
2023-03-03 20:29:53
🚨 CVE-2019-15108An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.πŸŽ–@cveNotify
2023-03-03 20:29:49
🚨 CVE-2019-3417All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.πŸŽ–@cveNotify
2023-03-03 20:29:48
🚨 CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.πŸŽ–@cveNotify
2023-03-03 20:29:47
🚨 CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.πŸŽ–@cveNotify
2023-03-03 20:29:46
🚨 CVE-2022-48285loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.πŸŽ–@cveNotify
2023-03-03 18:29:53
🚨 CVE-2022-2837A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.πŸŽ–@cveNotify
2023-03-03 18:29:49
🚨 CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.πŸŽ–@cveNotify
2023-03-03 18:29:48
🚨 CVE-2022-4645LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.πŸŽ–@cveNotify
2023-03-03 18:29:47
🚨 CVE-2023-20061Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. πŸŽ–@cveNotify
2023-03-03 18:29:46
🚨 CVE-2023-20062Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. πŸŽ–@cveNotify
2023-03-03 18:29:45
🚨 CVE-2023-20069 A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. πŸŽ–@cveNotify
2023-03-03 18:29:41
🚨 CVE-2023-20078Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. πŸŽ–@cveNotify
2023-03-03 18:29:40
🚨 CVE-2023-20079Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. πŸŽ–@cveNotify
2023-03-03 18:29:39
🚨 CVE-2023-20088 A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition. πŸŽ–@cveNotify
2023-03-03 18:29:38
🚨 CVE-2023-20104 A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending an arbitrary file to a user and persuading that user to browse to a specific URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. πŸŽ–@cveNotify
2023-03-03 18:29:37
🚨 CVE-2023-26604systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.πŸŽ–@cveNotify
2023-03-03 16:30:16
🚨 CVE-2020-11077In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.πŸŽ–@cveNotify
2023-03-03 16:30:15
🚨 CVE-2023-24081Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page.πŸŽ–@cveNotify
2023-03-03 16:30:14
🚨 CVE-2020-13388An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.πŸŽ–@cveNotify
2023-03-03 16:30:12
🚨 CVE-2022-24697Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of β€œ-- conf=” to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.πŸŽ–@cveNotify
2023-03-03 16:30:10
🚨 CVE-2020-28367Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.πŸŽ–@cveNotify
2023-03-03 16:30:09
🚨 CVE-2019-16255Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.πŸŽ–@cveNotify
2023-03-03 16:30:07
🚨 CVE-2019-14246In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.πŸŽ–@cveNotify
2023-03-03 16:30:06
🚨 CVE-2019-14245In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.πŸŽ–@cveNotify
2023-03-03 16:30:05
🚨 CVE-2019-18676An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.πŸŽ–@cveNotify
2023-03-03 16:30:03
🚨 CVE-2019-14513Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.πŸŽ–@cveNotify
2023-03-03 16:30:01
🚨 CVE-2021-4325A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-03 16:30:00
🚨 CVE-2022-38779An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.πŸŽ–@cveNotify
2023-03-03 16:29:59
🚨 CVE-2023-20855VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.πŸŽ–@cveNotify
2023-03-03 16:29:58
🚨 CVE-2023-20858VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.πŸŽ–@cveNotify
2023-03-03 16:29:57
🚨 CVE-2020-35137** DISPUTED ** The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. NOTE: Vendor states that this is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, they do not plan change to make any changes to this feature.πŸŽ–@cveNotify
2023-03-03 16:29:53
🚨 CVE-2022-45551An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint.πŸŽ–@cveNotify
2023-03-03 16:29:52
🚨 CVE-2022-45552An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.πŸŽ–@cveNotify
2023-03-03 16:29:51
🚨 CVE-2022-45553An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.πŸŽ–@cveNotify
2023-03-03 16:29:50
🚨 CVE-2023-27560Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop with composite primefields.πŸŽ–@cveNotify
2023-03-03 16:29:49
🚨 CVE-2023-0577Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.πŸŽ–@cveNotify
2023-03-03 11:29:54
🚨 CVE-2023-1165A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-03 11:29:53
🚨 CVE-2023-0577Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.πŸŽ–@cveNotify
2023-03-03 11:29:49
🚨 CVE-2023-0578Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05.πŸŽ–@cveNotify
2023-03-03 11:29:48
🚨 CVE-2023-1162A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-03 11:29:47
🚨 CVE-2023-1163A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259.πŸŽ–@cveNotify
2023-03-03 11:29:46
🚨 CVE-2023-27560Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop with composite primefields.πŸŽ–@cveNotify
2023-03-03 07:29:59
🚨 CVE-2019-14443An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.πŸŽ–@cveNotify
2023-03-03 07:29:57
🚨 CVE-2019-14442In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.πŸŽ–@cveNotify
2023-03-03 07:29:56
🚨 CVE-2020-12000The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.πŸŽ–@cveNotify
2023-03-03 07:29:54
🚨 CVE-2019-14431In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.πŸŽ–@cveNotify
2023-03-03 07:29:52
🚨 CVE-2020-13964An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.πŸŽ–@cveNotify
2023-03-03 07:29:51
🚨 CVE-2020-13428A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.πŸŽ–@cveNotify
2023-03-03 07:29:49
🚨 CVE-2020-0202In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525πŸŽ–@cveNotify
2023-03-03 07:29:48
🚨 CVE-2020-0215In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248πŸŽ–@cveNotify
2023-03-03 01:29:53
🚨 CVE-2022-26841Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.πŸŽ–@cveNotify
2023-03-03 01:29:52
🚨 CVE-2022-26843Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.πŸŽ–@cveNotify
2023-03-03 01:29:48
🚨 CVE-2023-26242afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.πŸŽ–@cveNotify
2023-03-03 01:29:47
🚨 CVE-2014-125089A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-03 01:29:46
🚨 CVE-2022-40633A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks.πŸŽ–@cveNotify
2023-03-03 01:29:44
🚨 CVE-2023-26265The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.πŸŽ–@cveNotify
2023-03-03 01:29:43
🚨 CVE-2015-10082A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.πŸŽ–@cveNotify
2023-03-03 01:29:42
🚨 CVE-2023-26266In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.πŸŽ–@cveNotify
2023-03-03 01:29:41
🚨 CVE-2015-10085A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-02 23:29:54
🚨 CVE-2023-25158GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.πŸŽ–@cveNotify
2023-03-02 23:29:53
🚨 CVE-2023-25657Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being β€œdjango” for the Django built-in template engine, and the second being β€œjinja” for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict β€œchange” (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.*πŸŽ–@cveNotify
2023-03-02 23:29:52
🚨 CVE-2023-0656A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.πŸŽ–@cveNotify
2023-03-02 23:29:51
🚨 CVE-2023-1101SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.πŸŽ–@cveNotify
2023-03-02 23:29:47
🚨 CVE-2022-41073Windows Print Spooler Elevation of Privilege Vulnerability.πŸŽ–@cveNotify
2023-03-02 23:29:46
🚨 CVE-2022-41091Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.πŸŽ–@cveNotify
2023-03-02 23:29:45
🚨 CVE-2022-41128Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.πŸŽ–@cveNotify
2023-03-02 23:29:43
🚨 CVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability.πŸŽ–@cveNotify
2023-03-02 23:29:39
🚨 CVE-2022-41082Microsoft Exchange Server Remote Code Execution Vulnerability.πŸŽ–@cveNotify
2023-03-02 23:29:38
🚨 CVE-2023-25810Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-03-02 23:29:37
🚨 CVE-2022-46501Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.πŸŽ–@cveNotify
2023-03-02 23:29:36
🚨 CVE-2023-22381A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.πŸŽ–@cveNotify
2023-03-02 22:30:24
🚨 CVE-2023-26471XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`.πŸŽ–@cveNotify
2023-03-02 22:30:19
🚨 CVE-2023-26472XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having edit right. The issue has been patched in XWiki 14.9, 14.4.6, and 13.10.10. An available workaround is to fix the bug in the page `IconThemesCode.IconThemeSheet` by applying a modification from commit 48caf7491595238af2b531026a614221d5d61f38.πŸŽ–@cveNotify
2023-03-02 22:30:13
🚨 CVE-2023-26473XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.πŸŽ–@cveNotify
2023-03-02 22:30:09
🚨 CVE-2023-26474XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.πŸŽ–@cveNotify
2023-03-02 22:30:05
🚨 CVE-2023-26475XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade.πŸŽ–@cveNotify
2023-03-02 22:30:01
🚨 CVE-2023-26476XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`.πŸŽ–@cveNotify
2023-03-02 22:29:58
🚨 CVE-2023-0949Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.πŸŽ–@cveNotify
2023-03-02 22:29:57
🚨 CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.πŸŽ–@cveNotify
2023-03-02 22:29:55
🚨 CVE-2023-24108MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.πŸŽ–@cveNotify
2023-03-02 22:29:53
🚨 CVE-2023-24107hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.πŸŽ–@cveNotify
2023-03-02 22:29:52
🚨 CVE-2023-0947Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.πŸŽ–@cveNotify
2023-03-02 22:29:51
🚨 CVE-2022-44216Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.πŸŽ–@cveNotify
2023-03-02 22:29:44
🚨 CVE-2021-32851Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1πŸŽ–@cveNotify
2023-03-02 22:29:41
🚨 CVE-2021-32850jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6.πŸŽ–@cveNotify
2023-03-02 20:29:49
🚨 CVE-2021-42521There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.πŸŽ–@cveNotify
2023-03-02 20:29:48
🚨 CVE-2019-3418All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.πŸŽ–@cveNotify
2023-03-02 20:29:47
🚨 CVE-2019-15081OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.πŸŽ–@cveNotify
2023-03-02 20:29:45
🚨 CVE-2018-17790Prospecta Master Data Online (MDO) 2.0 has Stored XSS.πŸŽ–@cveNotify
2023-03-02 20:29:44
🚨 CVE-2019-14934An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.πŸŽ–@cveNotify
2023-03-02 20:29:43
🚨 CVE-2019-14980In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.πŸŽ–@cveNotify
2023-03-02 20:29:41
🚨 CVE-2019-13417Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.πŸŽ–@cveNotify
2023-03-02 20:29:40
🚨 CVE-2019-13418Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.πŸŽ–@cveNotify
2023-03-02 20:29:39
🚨 CVE-2019-15052The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.πŸŽ–@cveNotify
2023-03-02 20:29:38
🚨 CVE-2019-15120The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.πŸŽ–@cveNotify
2023-03-02 18:29:38
🚨 CVE-2023-22920A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.πŸŽ–@cveNotify
2023-03-02 18:29:37
🚨 CVE-2023-22984A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.πŸŽ–@cveNotify
2023-03-02 16:29:50
🚨 CVE-2022-34843Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-02 16:29:48
🚨 CVE-2022-32575Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-02 16:29:47
🚨 CVE-2022-36398Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-02 16:29:46
🚨 CVE-2022-36278Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-02 16:29:44
🚨 CVE-2022-34153Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-02 16:29:43
🚨 CVE-2023-23315The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.πŸŽ–@cveNotify
2023-03-02 16:29:41
🚨 CVE-2023-27372SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.πŸŽ–@cveNotify
2023-03-02 16:29:40
🚨 CVE-2021-33226** DISPUTED ** Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval inputπŸŽ–@cveNotify
2023-03-02 16:29:39
🚨 CVE-2022-41973multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.πŸŽ–@cveNotify
2023-03-02 16:29:37
🚨 CVE-2022-41974multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.πŸŽ–@cveNotify
2023-03-02 16:29:36
🚨 CVE-2022-29523Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.πŸŽ–@cveNotify
2023-03-02 16:16:50
https://t.me/malwr
2023-03-02 13:29:44
🚨 CVE-2021-3854Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.πŸŽ–@cveNotify
2023-03-02 12:29:43
🚨 CVE-2021-45478Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2.πŸŽ–@cveNotify
2023-03-02 12:29:42
🚨 CVE-2021-45479Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2.πŸŽ–@cveNotify
2023-03-02 12:29:41
🚨 CVE-2023-1151A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163.πŸŽ–@cveNotify
2023-03-02 07:29:57
🚨 CVE-2023-0196NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service.πŸŽ–@cveNotify
2023-03-02 07:29:56
🚨 CVE-2023-0228Improper Authentication vulnerability in ABB Symphony Plus S+ Operations allows Man in the Middle Attack.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.πŸŽ–@cveNotify
2023-03-02 07:29:55
🚨 CVE-2023-1106Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.πŸŽ–@cveNotify
2023-03-02 07:29:54
🚨 CVE-2023-1107Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.πŸŽ–@cveNotify
2023-03-02 07:29:51
🚨 CVE-2023-0739Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4.πŸŽ–@cveNotify
2023-03-02 07:29:50
🚨 CVE-2023-0678Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.πŸŽ–@cveNotify
2023-03-02 07:29:49
🚨 CVE-2023-0566Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.πŸŽ–@cveNotify
2023-03-02 07:29:48
🚨 CVE-2023-0298Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.πŸŽ–@cveNotify
2023-03-02 07:29:44
🚨 CVE-2022-4803Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.πŸŽ–@cveNotify
2023-03-02 07:29:43
🚨 CVE-2023-0053SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.πŸŽ–@cveNotify
2023-03-02 07:29:39
🚨 CVE-2023-26046teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.πŸŽ–@cveNotify
2023-03-02 07:29:38
🚨 CVE-2022-4798Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.πŸŽ–@cveNotify
2023-03-02 07:29:37
🚨 CVE-2022-4811Incorrect Authorization in GitHub repository usememos/memos prior to 0.9.1.πŸŽ–@cveNotify
2023-03-02 00:29:50
🚨 CVE-2020-5026IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662.πŸŽ–@cveNotify
2023-03-02 00:29:49
🚨 CVE-2023-22738vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0.πŸŽ–@cveNotify
2023-03-02 00:29:48
🚨 CVE-2023-24117Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-02 00:29:44
🚨 CVE-2023-24119Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-02 00:29:43
🚨 CVE-2023-24120Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-02 00:29:42
🚨 CVE-2023-24122Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-02 00:29:38
🚨 CVE-2023-24123Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-02 00:29:37
🚨 CVE-2023-24125Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-02 00:29:36
🚨 CVE-2023-24127Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-01 22:30:04
🚨 CVE-2023-24129Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-01 22:30:03
🚨 CVE-2023-24130Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-01 22:30:01
🚨 CVE-2023-24131Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-01 22:30:00
🚨 CVE-2023-24132Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-01 22:29:59
🚨 CVE-2023-24133Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-01 22:29:57
🚨 CVE-2023-24134Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.πŸŽ–@cveNotify
2023-03-01 22:29:56
🚨 CVE-2022-3162Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.πŸŽ–@cveNotify
2023-03-01 22:29:55
🚨 CVE-2022-3294Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.πŸŽ–@cveNotify
2023-03-01 22:29:53
🚨 CVE-2022-48309A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.πŸŽ–@cveNotify
2023-03-01 22:29:52
🚨 CVE-2022-48310An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.πŸŽ–@cveNotify
2023-03-01 22:29:51
🚨 CVE-2022-4901Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.πŸŽ–@cveNotify
2023-03-01 22:29:49
🚨 CVE-2023-1127Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.πŸŽ–@cveNotify
2023-03-01 22:29:48
🚨 CVE-2023-23000In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.πŸŽ–@cveNotify
2023-03-01 22:29:46
🚨 CVE-2023-1097Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.πŸŽ–@cveNotify
2023-03-01 22:29:45
🚨 CVE-2022-34864Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-03-01 22:29:43
🚨 CVE-2022-1652Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.πŸŽ–@cveNotify
2023-03-01 22:29:41
🚨 CVE-2022-1786A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.πŸŽ–@cveNotify
2023-03-01 22:29:40
🚨 CVE-2022-0995An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.πŸŽ–@cveNotify
2023-03-01 22:29:39
🚨 CVE-2022-0998An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.πŸŽ–@cveNotify
2023-03-01 22:29:37
🚨 CVE-2022-0500A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernel’s BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.πŸŽ–@cveNotify
2023-03-01 20:30:07
🚨 CVE-2020-15175In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in β€œ/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.πŸŽ–@cveNotify
2023-03-01 20:30:06
🚨 CVE-2020-5421In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.πŸŽ–@cveNotify
2023-03-01 20:30:05
🚨 CVE-2015-5361Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.? Note that the ftps-extensions option is not enabled by default.πŸŽ–@cveNotify
2023-03-01 20:30:04
🚨 CVE-2022-3594A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.πŸŽ–@cveNotify
2023-03-01 20:30:03
🚨 CVE-2018-19615Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userΓ’??s web browser to gain access to the affected device.πŸŽ–@cveNotify
2023-03-01 20:29:58
🚨 CVE-2020-5511PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.πŸŽ–@cveNotify
2023-03-01 20:29:57
🚨 CVE-2019-10433Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.πŸŽ–@cveNotify
2023-03-01 20:29:56
🚨 CVE-2019-1566The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.πŸŽ–@cveNotify
2023-03-01 20:29:55
🚨 CVE-2019-11119Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.πŸŽ–@cveNotify
2023-03-01 20:29:51
🚨 CVE-2022-40232IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.πŸŽ–@cveNotify
2023-03-01 20:29:50
🚨 CVE-2021-32848Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.πŸŽ–@cveNotify
2023-03-01 20:29:49
🚨 CVE-2023-0460The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main App’s ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious app’s ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store.πŸŽ–@cveNotify
2023-03-01 20:29:48
🚨 CVE-2022-30632Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.πŸŽ–@cveNotify
2023-03-01 20:29:44
🚨 CVE-2022-30633Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.πŸŽ–@cveNotify
2023-03-01 20:29:43
🚨 CVE-2019-6116In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.πŸŽ–@cveNotify
2023-03-01 20:29:42
🚨 CVE-2019-6128The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.πŸŽ–@cveNotify
2023-03-01 20:29:41
🚨 CVE-2022-30631Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.πŸŽ–@cveNotify
2023-03-01 15:29:43
🚨 CVE-2023-1115Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.πŸŽ–@cveNotify
2023-03-01 15:29:42
🚨 CVE-2023-1116Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.πŸŽ–@cveNotify
2023-03-01 15:29:41
🚨 CVE-2023-1117Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.πŸŽ–@cveNotify
2023-03-01 15:29:40
🚨 CVE-2021-34164Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.πŸŽ–@cveNotify
2023-03-01 15:29:39
🚨 CVE-2021-46853Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.πŸŽ–@cveNotify
2023-03-01 15:29:38
🚨 CVE-2022-39353xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.πŸŽ–@cveNotify
2023-03-01 07:30:11
🚨 CVE-2022-4564A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-01 07:30:10
🚨 CVE-2017-18559The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.πŸŽ–@cveNotify
2023-03-01 07:30:09
🚨 CVE-2015-9297The events-manager plugin before 5.6 for WordPress has XSS.πŸŽ–@cveNotify
2023-03-01 07:30:08
🚨 CVE-2022-4560A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963.πŸŽ–@cveNotify
2023-03-01 07:30:07
🚨 CVE-2022-4525A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.rc is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-03-01 07:30:02
🚨 CVE-2022-4524A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.0 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904.πŸŽ–@cveNotify
2023-03-01 07:30:01
🚨 CVE-2014-10377The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.πŸŽ–@cveNotify
2023-03-01 07:30:00
🚨 CVE-2016-10884The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.πŸŽ–@cveNotify
2023-03-01 07:29:59
🚨 CVE-2015-9308The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.πŸŽ–@cveNotify
2023-03-01 07:29:55
🚨 CVE-2015-9307The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.πŸŽ–@cveNotify
2023-03-01 07:29:53
🚨 CVE-2022-45378** UNSUPPPORTED WHEN ASSIGNED **In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.πŸŽ–@cveNotify
2023-03-01 07:29:52
🚨 CVE-2017-1002157modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.πŸŽ–@cveNotify
2023-03-01 07:29:51
🚨 CVE-2017-1002152Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.πŸŽ–@cveNotify
2023-03-01 07:29:47
🚨 CVE-2023-1103Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.πŸŽ–@cveNotify
2023-03-01 07:29:46
🚨 CVE-2023-1104Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.πŸŽ–@cveNotify
2023-03-01 07:29:45
🚨 CVE-2023-1105External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.πŸŽ–@cveNotify
2023-03-01 07:29:44
🚨 CVE-2022-38725An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.πŸŽ–@cveNotify
2023-03-01 07:29:43
🚨 CVE-2021-25298Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.πŸŽ–@cveNotify
2023-03-01 02:30:05
🚨 CVE-2023-1059A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824.πŸŽ–@cveNotify
2023-03-01 02:30:03
🚨 CVE-2023-1067Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.πŸŽ–@cveNotify
2023-03-01 02:30:02
🚨 CVE-2023-24364Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel.πŸŽ–@cveNotify
2023-03-01 02:30:00
🚨 CVE-2023-24651Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page.πŸŽ–@cveNotify
2023-03-01 02:29:59
🚨 CVE-2023-24652Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function.πŸŽ–@cveNotify
2023-03-01 02:29:57
🚨 CVE-2023-24653Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function.πŸŽ–@cveNotify
2023-03-01 02:29:56
🚨 CVE-2023-24654Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function.πŸŽ–@cveNotify
2023-03-01 02:29:54
🚨 CVE-2023-24656Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function.πŸŽ–@cveNotify
2023-03-01 02:29:53
🚨 CVE-2022-38220An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.πŸŽ–@cveNotify
2023-03-01 02:29:51
🚨 CVE-2023-0847The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.πŸŽ–@cveNotify
2023-03-01 02:29:50
🚨 CVE-2022-26579PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability.πŸŽ–@cveNotify
2023-03-01 02:29:48
🚨 CVE-2022-26580PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.πŸŽ–@cveNotify
2023-03-01 02:29:47
🚨 CVE-2022-26581PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability.πŸŽ–@cveNotify
2023-03-01 02:29:45
🚨 CVE-2022-26582The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root.πŸŽ–@cveNotify
2023-03-01 02:29:44
🚨 CVE-2022-23239Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.πŸŽ–@cveNotify
2023-03-01 02:29:42
🚨 CVE-2022-23240Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.πŸŽ–@cveNotify
2023-03-01 02:29:41
🚨 CVE-2022-47075An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.πŸŽ–@cveNotify
2023-03-01 02:29:39
🚨 CVE-2022-47076An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.πŸŽ–@cveNotify
2023-03-01 02:29:38
🚨 CVE-2023-1095In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.πŸŽ–@cveNotify
2023-03-01 02:29:37
🚨 CVE-2023-25575API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\Metadata\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue. The result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users. This issue impacts the 2.7, 3.0 and 3.1 branches. Please upgrade to versions 2.7.10, 3.0.12 or 3.1.3. As a workaround, replace the `cache_key` of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the `ApiPlatform\Metadata\ApiProperty` attribute is used.πŸŽ–@cveNotify
2023-03-01 00:29:46
🚨 CVE-2022-36537ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.πŸŽ–@cveNotify
2023-03-01 00:29:45
🚨 CVE-2023-1100A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003.πŸŽ–@cveNotify
2023-03-01 00:29:44
🚨 CVE-2023-22996In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device.πŸŽ–@cveNotify
2023-03-01 00:29:41
🚨 CVE-2023-22997In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).πŸŽ–@cveNotify
2023-03-01 00:29:40
🚨 CVE-2023-0339Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1πŸŽ–@cveNotify
2023-03-01 00:29:39
🚨 CVE-2023-0511Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1πŸŽ–@cveNotify
2023-02-28 22:30:09
🚨 CVE-2023-21593Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-28 22:30:08
🚨 CVE-2018-20822LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).πŸŽ–@cveNotify
2023-02-28 22:30:07
🚨 CVE-2018-20821The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).πŸŽ–@cveNotify
2023-02-28 22:30:06
🚨 CVE-2019-1010257An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.πŸŽ–@cveNotify
2023-02-28 22:30:05
🚨 CVE-2019-10269BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.πŸŽ–@cveNotify
2023-02-28 22:30:04
🚨 CVE-2019-6284In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.πŸŽ–@cveNotify
2023-02-28 22:30:03
🚨 CVE-2019-7222The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.πŸŽ–@cveNotify
2023-02-28 22:30:01
🚨 CVE-2019-7664In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).πŸŽ–@cveNotify
2023-02-28 22:30:00
🚨 CVE-2019-6283In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.πŸŽ–@cveNotify
2023-02-28 22:29:59
🚨 CVE-2018-20584JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.πŸŽ–@cveNotify
2023-02-28 22:29:55
🚨 CVE-2018-1000876binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.πŸŽ–@cveNotify
2023-02-28 22:29:54
🚨 CVE-2021-26277The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.πŸŽ–@cveNotify
2023-02-28 22:29:53
🚨 CVE-2022-43579IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.πŸŽ–@cveNotify
2023-02-28 22:29:52
🚨 CVE-2023-1017An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.πŸŽ–@cveNotify
2023-02-28 22:29:51
🚨 CVE-2023-1065This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case).πŸŽ–@cveNotify
2023-02-28 22:29:47
🚨 CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.πŸŽ–@cveNotify
2023-02-28 22:29:46
🚨 CVE-2023-27372SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.πŸŽ–@cveNotify
2023-02-28 22:29:45
🚨 CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".πŸŽ–@cveNotify
2023-02-28 22:29:44
🚨 CVE-2022-41723A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.πŸŽ–@cveNotify
2023-02-28 22:29:43
🚨 CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).πŸŽ–@cveNotify
2023-02-28 19:30:05
🚨 CVE-2020-16093In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.πŸŽ–@cveNotify
2023-02-28 19:30:03
🚨 CVE-2020-21676A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.πŸŽ–@cveNotify
2023-02-28 19:30:02
🚨 CVE-2020-4051In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.πŸŽ–@cveNotify
2023-02-28 19:30:01
🚨 CVE-2019-14744In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.πŸŽ–@cveNotify
2023-02-28 19:30:00
🚨 CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".πŸŽ–@cveNotify
2023-02-28 19:29:59
🚨 CVE-2022-41723A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.πŸŽ–@cveNotify
2023-02-28 19:29:57
🚨 CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).πŸŽ–@cveNotify
2023-02-28 19:29:56
🚨 CVE-2022-41725A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.πŸŽ–@cveNotify
2023-02-28 19:29:55
🚨 CVE-2022-41727An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.πŸŽ–@cveNotify
2023-02-28 19:29:54
🚨 CVE-2023-1018An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.πŸŽ–@cveNotify
2023-02-28 19:29:53
🚨 CVE-2023-25431An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.πŸŽ–@cveNotify
2023-02-28 19:29:52
🚨 CVE-2023-25432An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.πŸŽ–@cveNotify
2023-02-28 19:29:50
🚨 CVE-2023-27320Sudo before 1.9.13p2 has a double free in the per-command chroot feature.πŸŽ–@cveNotify
2023-02-28 19:29:49
🚨 CVE-2016-15005CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.πŸŽ–@cveNotify
2023-02-28 19:29:48
🚨 CVE-2018-3717connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.πŸŽ–@cveNotify
2023-02-28 19:29:47
🚨 CVE-2018-3718serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.πŸŽ–@cveNotify
2023-02-28 19:29:45
🚨 CVE-2018-3714node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.πŸŽ–@cveNotify
2023-02-28 19:29:44
🚨 CVE-2021-33226Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.πŸŽ–@cveNotify
2023-02-28 19:29:43
🚨 CVE-2018-3713angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.πŸŽ–@cveNotify
2023-02-28 19:29:42
🚨 CVE-2018-3711Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.πŸŽ–@cveNotify
2023-02-28 17:30:12
🚨 CVE-2023-0461There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307cπŸŽ–@cveNotify
2023-02-28 17:30:11
🚨 CVE-2021-33391An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.πŸŽ–@cveNotify
2023-02-28 17:30:10
🚨 CVE-2022-20803A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.πŸŽ–@cveNotify
2023-02-28 17:30:08
🚨 CVE-2019-12523An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.πŸŽ–@cveNotify
2023-02-28 17:30:07
🚨 CVE-2019-12422Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.πŸŽ–@cveNotify
2023-02-28 17:30:06
🚨 CVE-2023-24044** DISPUTED ** A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."πŸŽ–@cveNotify
2023-02-28 17:30:05
🚨 CVE-2023-24785An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature.πŸŽ–@cveNotify
2023-02-28 17:30:04
🚨 CVE-2019-17533Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.πŸŽ–@cveNotify
2023-02-28 17:30:02
🚨 CVE-2023-26020Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.πŸŽ–@cveNotify
2023-02-28 17:30:01
🚨 CVE-2018-16981stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.πŸŽ–@cveNotify
2023-02-28 17:30:00
🚨 CVE-2018-25012A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().πŸŽ–@cveNotify
2023-02-28 17:29:59
🚨 CVE-2019-9918An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.πŸŽ–@cveNotify
2023-02-28 17:29:58
🚨 CVE-2017-5546The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number.πŸŽ–@cveNotify
2023-02-28 17:29:57
🚨 CVE-2021-37373** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.πŸŽ–@cveNotify
2023-02-28 17:29:56
🚨 CVE-2022-2873An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.πŸŽ–@cveNotify
2023-02-28 17:29:52
🚨 CVE-2013-4843Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.πŸŽ–@cveNotify
2023-02-28 17:29:51
🚨 CVE-2022-2318There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.πŸŽ–@cveNotify
2023-02-28 17:29:50
🚨 CVE-2022-27778A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.πŸŽ–@cveNotify
2023-02-28 17:29:49
🚨 CVE-2022-3649A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.πŸŽ–@cveNotify
2023-02-28 17:29:48
🚨 CVE-2022-1973A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.πŸŽ–@cveNotify
2023-02-28 16:29:55
🚨 CVE-2019-16056An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.πŸŽ–@cveNotify
2023-02-28 16:29:51
🚨 CVE-2022-0637There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites.πŸŽ–@cveNotify
2023-02-28 16:29:50
🚨 CVE-2023-1022The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.πŸŽ–@cveNotify
2023-02-28 16:29:49
🚨 CVE-2023-1023The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change sitemap-related settings of the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.πŸŽ–@cveNotify
2023-02-28 16:29:46
🚨 CVE-2023-1024The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.πŸŽ–@cveNotify
2023-02-28 16:29:45
🚨 CVE-2023-1027The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.πŸŽ–@cveNotify
2023-02-28 16:29:44
🚨 CVE-2023-1080The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-02-28 16:29:40
🚨 CVE-2020-36652Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.πŸŽ–@cveNotify
2023-02-28 16:29:39
🚨 CVE-2022-4895Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.πŸŽ–@cveNotify
2023-02-28 16:29:38
🚨 CVE-2021-22283Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.πŸŽ–@cveNotify
2023-02-28 12:30:46
🚨 CVE-2023-26609ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.πŸŽ–@cveNotify
2023-02-28 12:30:45
🚨 CVE-2023-26602ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.πŸŽ–@cveNotify
2023-02-28 07:31:04
🚨 CVE-2023-26235JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.πŸŽ–@cveNotify
2023-02-28 07:31:03
🚨 CVE-2022-4385The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu orderπŸŽ–@cveNotify
2023-02-28 07:31:02
🚨 CVE-2022-4386The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attackπŸŽ–@cveNotify
2023-02-28 07:30:58
🚨 CVE-2023-0929Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-02-28 07:30:57
🚨 CVE-2023-0932Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)πŸŽ–@cveNotify
2023-02-28 07:30:53
🚨 CVE-2023-0933Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)πŸŽ–@cveNotify
2023-02-28 07:30:52
🚨 CVE-2023-0966A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221635.πŸŽ–@cveNotify
2023-02-28 07:30:51
🚨 CVE-2023-0429The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2023-02-28 07:30:47
🚨 CVE-2023-0380The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-28 07:30:46
🚨 CVE-2023-0428The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.πŸŽ–@cveNotify
2023-02-28 02:29:36
🚨 CVE-2015-10086A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.πŸŽ–@cveNotify
2023-02-27 23:29:36
🚨 CVE-2023-24258SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.πŸŽ–@cveNotify
2023-02-27 23:29:35
🚨 CVE-2023-26043GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.πŸŽ–@cveNotify
2023-02-27 22:29:58
🚨 CVE-2020-9846A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.πŸŽ–@cveNotify
2023-02-27 22:29:57
🚨 CVE-2022-46712A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges.πŸŽ–@cveNotify
2023-02-27 22:29:56
🚨 CVE-2021-46841This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity.πŸŽ–@cveNotify
2023-02-27 22:29:55
🚨 CVE-2022-22668A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.πŸŽ–@cveNotify
2023-02-27 22:29:54
🚨 CVE-2022-32846A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2023-02-27 22:29:52
🚨 CVE-2022-32836This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.πŸŽ–@cveNotify
2023-02-27 22:29:51
🚨 CVE-2022-32902A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.πŸŽ–@cveNotify
2023-02-27 22:29:50
🚨 CVE-2022-32855A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.πŸŽ–@cveNotify
2023-02-27 22:29:49
🚨 CVE-2022-32891The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.πŸŽ–@cveNotify
2023-02-27 22:29:48
🚨 CVE-2022-32896This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information.πŸŽ–@cveNotify
2023-02-27 22:29:47
🚨 CVE-2022-32900A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges.πŸŽ–@cveNotify
2023-02-27 22:29:46
🚨 CVE-2022-32949This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.πŸŽ–@cveNotify
2023-02-27 22:29:45
🚨 CVE-2022-42797An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.πŸŽ–@cveNotify
2023-02-27 22:29:44
🚨 CVE-2022-46713A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.πŸŽ–@cveNotify
2023-02-27 22:29:43
🚨 CVE-2022-46704A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to modify protected parts of the file system.πŸŽ–@cveNotify
2023-02-27 22:29:39
🚨 CVE-2023-23496The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.πŸŽ–@cveNotify
2023-02-27 22:29:38
🚨 CVE-2022-46723This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files.πŸŽ–@cveNotify
2023-02-27 22:29:37
🚨 CVE-2023-23501The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory..πŸŽ–@cveNotify
2023-02-27 22:29:36
🚨 CVE-2023-23502An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to determine kernel memory layout.πŸŽ–@cveNotify
2023-02-27 18:29:57
🚨 CVE-2019-13575A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.phpπŸŽ–@cveNotify
2023-02-27 18:29:56
🚨 CVE-2019-0179Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.πŸŽ–@cveNotify
2023-02-27 18:29:52
🚨 CVE-2019-0177Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.πŸŽ–@cveNotify
2023-02-27 18:29:51
🚨 CVE-2019-0180Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.πŸŽ–@cveNotify
2023-02-27 18:29:50
🚨 CVE-2019-11766dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.πŸŽ–@cveNotify
2023-02-27 18:29:46
🚨 CVE-2023-0535The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-27 18:29:45
🚨 CVE-2023-0543The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.πŸŽ–@cveNotify
2023-02-27 18:29:41
🚨 CVE-2023-23157A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page.πŸŽ–@cveNotify
2023-02-27 18:29:40
🚨 CVE-2022-4757The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.πŸŽ–@cveNotify
2023-02-27 16:29:48
🚨 CVE-2023-23108In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.πŸŽ–@cveNotify
2023-02-27 16:29:47
🚨 CVE-2023-23109In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.πŸŽ–@cveNotify
2023-02-27 16:29:46
🚨 CVE-2023-22945In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.πŸŽ–@cveNotify
2023-02-27 16:29:45
🚨 CVE-2022-4422This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.πŸŽ–@cveNotify
2023-02-27 16:29:44
🚨 CVE-2023-22909An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.πŸŽ–@cveNotify
2023-02-27 16:29:42
🚨 CVE-2023-22911An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.πŸŽ–@cveNotify
2023-02-27 16:29:41
🚨 CVE-2022-34908An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.πŸŽ–@cveNotify
2023-02-27 16:29:40
🚨 CVE-2022-34909An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.πŸŽ–@cveNotify
2023-02-27 16:29:39
🚨 CVE-2022-34910An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.πŸŽ–@cveNotify
2023-02-27 16:29:38
🚨 CVE-2023-24206Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.πŸŽ–@cveNotify
2023-02-27 13:29:54
🚨 CVE-2023-1053A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819.πŸŽ–@cveNotify
2023-02-27 13:29:53
🚨 CVE-2023-1056A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221821 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-27 13:29:48
🚨 CVE-2023-1058A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823.πŸŽ–@cveNotify
2023-02-27 13:29:47
🚨 CVE-2023-1059A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824.πŸŽ–@cveNotify
2023-02-27 13:29:46
🚨 CVE-2023-1061A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-27 13:29:45
🚨 CVE-2023-1062A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-27 13:29:41
🚨 CVE-2023-1063A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221827.πŸŽ–@cveNotify
2023-02-27 13:29:40
🚨 CVE-2023-22636An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.πŸŽ–@cveNotify
2023-02-27 13:29:39
🚨 CVE-2023-26609ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.πŸŽ–@cveNotify
2023-02-27 13:29:38
🚨 CVE-2023-26257An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.πŸŽ–@cveNotify
2023-02-27 11:29:37
🚨 CVE-2023-22636An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.πŸŽ–@cveNotify
2023-02-27 11:29:36
🚨 CVE-2022-31405MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.πŸŽ–@cveNotify
2023-02-27 07:29:59
🚨 CVE-2023-26257An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.πŸŽ–@cveNotify
2023-02-27 07:29:58
🚨 CVE-2022-36231pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3.πŸŽ–@cveNotify
2023-02-27 07:29:57
🚨 CVE-2022-45544** DISPUTED ** Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.πŸŽ–@cveNotify
2023-02-27 07:29:55
🚨 CVE-2023-0795LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.πŸŽ–@cveNotify
2023-02-27 07:29:53
🚨 CVE-2023-0796LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.πŸŽ–@cveNotify
2023-02-27 07:29:52
🚨 CVE-2023-0797LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.πŸŽ–@cveNotify
2023-02-27 07:29:51
🚨 CVE-2023-0798LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.πŸŽ–@cveNotify
2023-02-27 07:29:50
🚨 CVE-2023-0799LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.πŸŽ–@cveNotify
2023-02-27 07:29:49
🚨 CVE-2023-0800LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-27 07:29:48
🚨 CVE-2023-0801LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-27 07:29:46
🚨 CVE-2023-0802LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-27 07:29:45
🚨 CVE-2023-0803LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-27 07:29:44
🚨 CVE-2023-0804LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-27 07:29:43
🚨 CVE-2022-37032An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.πŸŽ–@cveNotify
2023-02-27 07:29:42
🚨 CVE-2023-26609ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.πŸŽ–@cveNotify
2023-02-27 01:29:37
🚨 CVE-2023-26605In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.πŸŽ–@cveNotify
2023-02-27 01:29:36
🚨 CVE-2023-26606In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.πŸŽ–@cveNotify
2023-02-27 01:29:35
🚨 CVE-2023-26607In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.πŸŽ–@cveNotify
2023-02-26 22:29:36
🚨 CVE-2023-26602ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.πŸŽ–@cveNotify
2023-02-26 18:29:37
🚨 CVE-2023-1047A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-26 18:29:36
🚨 CVE-2023-1048A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.πŸŽ–@cveNotify
2023-02-26 16:29:43
🚨 CVE-2023-1043A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-26 16:29:42
🚨 CVE-2023-1044A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803.πŸŽ–@cveNotify
2023-02-26 16:29:41
🚨 CVE-2023-1045A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804.πŸŽ–@cveNotify
2023-02-26 16:29:40
🚨 CVE-2023-1046A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-26 16:29:38
🚨 CVE-2023-1047A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-26 16:29:37
🚨 CVE-2023-1048A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.πŸŽ–@cveNotify
2023-02-26 12:29:39
🚨 CVE-2019-25105A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763.πŸŽ–@cveNotify
2023-02-26 12:29:38
🚨 CVE-2021-3329Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stackπŸŽ–@cveNotify
2023-02-26 00:29:53
🚨 CVE-2022-48362Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)πŸŽ–@cveNotify
2023-02-25 22:29:37
🚨 CVE-2023-26550A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.πŸŽ–@cveNotify
2023-02-25 13:29:39
🚨 CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.πŸŽ–@cveNotify
2023-02-25 12:29:41
🚨 CVE-2022-2024OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.πŸŽ–@cveNotify
2023-02-25 12:29:40
🚨 CVE-2023-1035A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784.πŸŽ–@cveNotify
2023-02-25 12:29:39
🚨 CVE-2023-1007A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.πŸŽ–@cveNotify
2023-02-25 12:29:38
🚨 CVE-2023-1008A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-25 12:29:37
🚨 CVE-2023-25725HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.πŸŽ–@cveNotify
2023-02-25 07:30:18
🚨 CVE-2023-26545In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.πŸŽ–@cveNotify
2023-02-25 07:30:16
🚨 CVE-2023-0880Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.πŸŽ–@cveNotify
2023-02-25 07:30:14
🚨 CVE-2023-0878Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.πŸŽ–@cveNotify
2023-02-25 07:30:12
🚨 CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.πŸŽ–@cveNotify
2023-02-25 07:30:10
🚨 CVE-2023-0877Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.πŸŽ–@cveNotify
2023-02-25 07:30:07
🚨 CVE-2023-0821HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.πŸŽ–@cveNotify
2023-02-25 07:30:05
🚨 CVE-2022-44299SiteServerCMS 7.1.3 sscms has a file read vulnerability.πŸŽ–@cveNotify
2023-02-25 07:30:02
🚨 CVE-2022-27891Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.πŸŽ–@cveNotify
2023-02-25 07:30:00
🚨 CVE-2022-32477An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.πŸŽ–@cveNotify
2023-02-25 07:29:57
🚨 CVE-2022-32469An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.πŸŽ–@cveNotify
2023-02-25 07:29:55
🚨 CVE-2022-32475An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code.πŸŽ–@cveNotify
2023-02-25 07:29:53
🚨 CVE-2022-3089Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.πŸŽ–@cveNotify
2023-02-25 07:29:51
🚨 CVE-2022-43929IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.πŸŽ–@cveNotify
2023-02-25 07:29:49
🚨 CVE-2022-43927IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.πŸŽ–@cveNotify
2023-02-25 07:29:47
🚨 CVE-2023-24964IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.πŸŽ–@cveNotify
2023-02-25 07:29:45
🚨 CVE-2022-36775IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.πŸŽ–@cveNotify
2023-02-25 07:29:43
🚨 CVE-2023-1034Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.πŸŽ–@cveNotify
2023-02-25 07:29:42
🚨 CVE-2023-26035ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.πŸŽ–@cveNotify
2023-02-25 07:29:40
🚨 CVE-2023-26036ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33.πŸŽ–@cveNotify
2023-02-25 07:29:38
🚨 CVE-2023-26037ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.πŸŽ–@cveNotify
2023-02-25 00:29:43
🚨 CVE-2021-42392The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.πŸŽ–@cveNotify
2023-02-25 00:29:42
🚨 CVE-2021-34167Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.πŸŽ–@cveNotify
2023-02-25 00:29:39
🚨 CVE-2021-34248SQL injection vulnerability in sourcecodester mobile-shop-system-php-mysql 1.0 allows remote attackers to log in via crafterdstring in the email field of the log in page.πŸŽ–@cveNotify
2023-02-25 00:29:38
🚨 CVE-2022-40675Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.πŸŽ–@cveNotify
2023-02-25 00:29:37
🚨 CVE-2022-43954An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page.πŸŽ–@cveNotify
2023-02-24 22:30:03
🚨 CVE-2022-31836The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.πŸŽ–@cveNotify
2023-02-24 22:30:02
🚨 CVE-2022-38376Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.πŸŽ–@cveNotify
2023-02-24 22:30:00
🚨 CVE-2021-42756Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.πŸŽ–@cveNotify
2023-02-24 22:29:59
🚨 CVE-2023-23781A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.πŸŽ–@cveNotify
2023-02-24 22:29:58
🚨 CVE-2023-24238TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.πŸŽ–@cveNotify
2023-02-24 22:29:57
🚨 CVE-2023-24236TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.πŸŽ–@cveNotify
2023-02-24 22:29:56
🚨 CVE-2023-23780A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.πŸŽ–@cveNotify
2023-02-24 22:29:54
🚨 CVE-2023-22580Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.πŸŽ–@cveNotify
2023-02-24 22:29:53
🚨 CVE-2023-22579Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.πŸŽ–@cveNotify
2023-02-24 22:29:52
🚨 CVE-2019-14206An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.πŸŽ–@cveNotify
2023-02-24 22:29:50
🚨 CVE-2019-14799The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.πŸŽ–@cveNotify
2023-02-24 22:29:49
🚨 CVE-2016-10878The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.πŸŽ–@cveNotify
2023-02-24 22:29:48
🚨 CVE-2023-24483A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.πŸŽ–@cveNotify
2023-02-24 22:29:47
🚨 CVE-2023-22578Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.πŸŽ–@cveNotify
2023-02-24 22:29:46
🚨 CVE-2016-10874The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.πŸŽ–@cveNotify
2023-02-24 22:29:45
🚨 CVE-2016-10875The wp-database-backup plugin before 4.3.1 for WordPress has XSS.πŸŽ–@cveNotify
2023-02-24 22:29:44
🚨 CVE-2020-15778** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."πŸŽ–@cveNotify
2023-02-24 22:29:43
🚨 CVE-2019-14787The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.πŸŽ–@cveNotify
2023-02-24 22:29:42
🚨 CVE-2016-10873The wp-database-backup plugin before 4.3.3 for WordPress has XSS.πŸŽ–@cveNotify
2023-02-24 22:29:41
🚨 CVE-2019-14683The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.πŸŽ–@cveNotify
2023-02-24 20:30:23
🚨 CVE-2023-23460Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.πŸŽ–@cveNotify
2023-02-24 20:30:21
🚨 CVE-2022-47508Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.πŸŽ–@cveNotify
2023-02-24 20:30:20
🚨 CVE-2022-47507SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.πŸŽ–@cveNotify
2023-02-24 20:30:18
🚨 CVE-2010-0442The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."πŸŽ–@cveNotify
2023-02-24 20:30:16
🚨 CVE-2022-47506SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.πŸŽ–@cveNotify
2023-02-24 20:30:14
🚨 CVE-2015-5289Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.πŸŽ–@cveNotify
2023-02-24 20:30:13
🚨 CVE-2022-38111SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.πŸŽ–@cveNotify
2023-02-24 20:30:11
🚨 CVE-2022-47504SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.πŸŽ–@cveNotify
2023-02-24 20:30:09
🚨 CVE-2022-47503SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.πŸŽ–@cveNotify
2023-02-24 20:30:08
🚨 CVE-2018-5332In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).πŸŽ–@cveNotify
2023-02-24 20:30:06
🚨 CVE-2019-8956In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.πŸŽ–@cveNotify
2023-02-24 20:30:05
🚨 CVE-2018-9568In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.πŸŽ–@cveNotify
2023-02-24 20:30:04
🚨 CVE-2019-15927An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.πŸŽ–@cveNotify
2023-02-24 20:30:02
🚨 CVE-2017-17855kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.πŸŽ–@cveNotify
2023-02-24 20:30:01
🚨 CVE-2017-2636Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.πŸŽ–@cveNotify
2023-02-24 20:30:00
🚨 CVE-2018-14619A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.πŸŽ–@cveNotify
2023-02-24 20:29:59
🚨 CVE-2018-10901A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.πŸŽ–@cveNotify
2023-02-24 20:29:58
🚨 CVE-2019-11487The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.πŸŽ–@cveNotify
2023-02-24 20:29:57
🚨 CVE-2018-10675The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.πŸŽ–@cveNotify
2023-02-24 20:29:55
🚨 CVE-2021-29154BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.πŸŽ–@cveNotify
2023-02-24 17:29:58
🚨 CVE-2021-35370An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.πŸŽ–@cveNotify
2023-02-24 17:29:57
🚨 CVE-2023-23205An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.πŸŽ–@cveNotify
2023-02-24 17:29:56
🚨 CVE-2023-25153containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.πŸŽ–@cveNotify
2023-02-24 17:29:55
🚨 CVE-2023-0103If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.πŸŽ–@cveNotify
2023-02-24 17:29:54
🚨 CVE-2023-0102LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.πŸŽ–@cveNotify
2023-02-24 17:29:53
🚨 CVE-2022-45587Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.πŸŽ–@cveNotify
2023-02-24 17:29:52
🚨 CVE-2023-23752An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.πŸŽ–@cveNotify
2023-02-24 17:29:51
🚨 CVE-2023-25578Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. This is a remote, potentially unauthenticated Denial of Service vulnerability. This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. The large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow down the processing of legitimate user requests. The large amount of RAM accumulated while processing requests can lead to Out-Of-Memory kills. Complete DoS is achievable by sending many concurrent multipart requests in a loop. Version 1.51.2 contains a patch for this issue.πŸŽ–@cveNotify
2023-02-24 17:29:50
🚨 CVE-2021-37137The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.πŸŽ–@cveNotify
2023-02-24 17:29:48
🚨 CVE-2022-48337GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.πŸŽ–@cveNotify
2023-02-24 17:29:47
🚨 CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.πŸŽ–@cveNotify
2023-02-24 17:29:46
🚨 CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.πŸŽ–@cveNotify
2023-02-24 17:29:45
🚨 CVE-2021-35576Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).πŸŽ–@cveNotify
2023-02-24 17:29:44
🚨 CVE-2022-43460Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted.πŸŽ–@cveNotify
2023-02-24 17:29:43
🚨 CVE-2022-48323Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.πŸŽ–@cveNotify
2023-02-24 17:29:42
🚨 CVE-2022-42455ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.πŸŽ–@cveNotify
2023-02-24 17:29:41
🚨 CVE-2023-24499Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.πŸŽ–@cveNotify
2023-02-24 17:29:40
🚨 CVE-2020-23685SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.πŸŽ–@cveNotify
2023-02-24 17:29:39
🚨 CVE-2021-43396** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."πŸŽ–@cveNotify
2023-02-24 17:29:38
🚨 CVE-2023-23463Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.πŸŽ–@cveNotify
2023-02-24 15:30:08
🚨 CVE-2021-45486In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.πŸŽ–@cveNotify
2023-02-24 15:30:06
🚨 CVE-2021-3752A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.πŸŽ–@cveNotify
2023-02-24 15:30:05
🚨 CVE-2021-3773A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.πŸŽ–@cveNotify
2023-02-24 15:30:03
🚨 CVE-2022-0564A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.πŸŽ–@cveNotify
2023-02-24 15:30:02
🚨 CVE-2023-21691Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure VulnerabilityπŸŽ–@cveNotify
2023-02-24 15:30:01
🚨 CVE-2022-42735Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .πŸŽ–@cveNotify
2023-02-24 15:30:00
🚨 CVE-2021-43946Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9.πŸŽ–@cveNotify
2023-02-24 15:29:59
🚨 CVE-2021-33963China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.πŸŽ–@cveNotify
2023-02-24 15:29:58
🚨 CVE-2023-21690Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-02-24 15:29:54
🚨 CVE-2023-0595A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)πŸŽ–@cveNotify
2023-02-24 15:29:53
🚨 CVE-2023-1007A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.πŸŽ–@cveNotify
2023-02-24 15:29:52
🚨 CVE-2023-1008A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-24 15:29:51
🚨 CVE-2023-1009A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-24 15:29:50
🚨 CVE-2023-1010A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743.πŸŽ–@cveNotify
2023-02-24 14:29:38
🚨 CVE-2023-0595A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)πŸŽ–@cveNotify
2023-02-24 14:29:37
🚨 CVE-2023-1008A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-24 14:29:36
🚨 CVE-2023-1010A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743.πŸŽ–@cveNotify
2023-02-24 12:30:16
🚨 CVE-2023-0997A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732.πŸŽ–@cveNotify
2023-02-24 12:30:15
🚨 CVE-2023-0998A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-24 12:30:12
🚨 CVE-2023-0999A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-24 12:30:09
🚨 CVE-2023-1002A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735.πŸŽ–@cveNotify
2023-02-24 12:30:05
🚨 CVE-2023-1004A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-24 12:30:03
🚨 CVE-2022-34397Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.πŸŽ–@cveNotify
2023-02-24 12:30:01
🚨 CVE-2022-25937Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).πŸŽ–@cveNotify
2023-02-24 12:29:58
🚨 CVE-2021-40555Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.πŸŽ–@cveNotify
2023-02-24 12:29:56
🚨 CVE-2023-22367Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.πŸŽ–@cveNotify
2023-02-24 12:29:54
🚨 CVE-2020-36661A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The name of the patch is d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-24 12:29:51
🚨 CVE-2019-25103A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639.πŸŽ–@cveNotify
2023-02-24 12:29:49
🚨 CVE-2023-0793Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.πŸŽ–@cveNotify
2023-02-24 12:29:47
🚨 CVE-2023-0790Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.πŸŽ–@cveNotify
2023-02-24 12:29:46
🚨 CVE-2023-25152Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time.πŸŽ–@cveNotify
2023-02-24 12:29:44
🚨 CVE-2023-0792Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.πŸŽ–@cveNotify
2023-02-24 12:29:43
🚨 CVE-2022-48345sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.πŸŽ–@cveNotify
2023-02-24 12:29:42
🚨 CVE-2023-22425Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.πŸŽ–@cveNotify
2023-02-24 12:29:39
🚨 CVE-2023-22427Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.πŸŽ–@cveNotify
2023-02-24 12:29:38
🚨 CVE-2023-24576EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used.πŸŽ–@cveNotify
2023-02-24 06:29:44
🚨 CVE-2022-1607Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) – comcode 150047415.πŸŽ–@cveNotify
2023-02-24 06:29:40
🚨 CVE-2023-26102All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototypeπŸŽ–@cveNotify
2023-02-24 06:29:39
🚨 CVE-2023-0996There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.πŸŽ–@cveNotify
2023-02-24 06:29:38
🚨 CVE-2023-0995Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.πŸŽ–@cveNotify
2023-02-24 06:29:37
🚨 CVE-2022-46440ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.πŸŽ–@cveNotify
2023-02-24 06:29:36
🚨 CVE-2023-0994Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.πŸŽ–@cveNotify
2023-02-24 05:46:27
https://t.me/malwr
2023-02-24 02:30:11
🚨 CVE-2022-42705A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.πŸŽ–@cveNotify
2023-02-24 02:30:10
🚨 CVE-2022-42706An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.πŸŽ–@cveNotify
2023-02-24 02:30:08
🚨 CVE-2022-39269PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-02-24 02:30:07
🚨 CVE-2022-39244PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.πŸŽ–@cveNotify
2023-02-24 02:30:06
🚨 CVE-2022-31031PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.πŸŽ–@cveNotify
2023-02-24 02:30:05
🚨 CVE-2020-12278An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.πŸŽ–@cveNotify
2023-02-24 02:30:04
🚨 CVE-2020-12279An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.πŸŽ–@cveNotify
2023-02-24 02:30:02
🚨 CVE-2018-1631IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.πŸŽ–@cveNotify
2023-02-24 02:30:00
🚨 CVE-2018-1630IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.πŸŽ–@cveNotify
2023-02-24 02:29:59
🚨 CVE-2021-24119In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.πŸŽ–@cveNotify
2023-02-24 02:29:58
🚨 CVE-2020-10941Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.πŸŽ–@cveNotify
2023-02-24 02:29:57
🚨 CVE-2021-44732Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.πŸŽ–@cveNotify
2023-02-24 02:29:56
🚨 CVE-2022-35268A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API.πŸŽ–@cveNotify
2023-02-24 02:29:55
🚨 CVE-2022-35269A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API.πŸŽ–@cveNotify
2023-02-24 02:29:54
🚨 CVE-2022-35270A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API.πŸŽ–@cveNotify
2023-02-24 02:29:53
🚨 CVE-2022-35271A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API.πŸŽ–@cveNotify
2023-02-24 02:29:51
🚨 CVE-2021-31693VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.πŸŽ–@cveNotify
2023-02-24 02:29:50
🚨 CVE-2022-42818This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity.πŸŽ–@cveNotify
2023-02-24 02:29:49
🚨 CVE-2019-6110In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.πŸŽ–@cveNotify
2023-02-24 00:29:46
🚨 CVE-2023-26326The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.πŸŽ–@cveNotify
2023-02-24 00:29:45
🚨 CVE-2023-20011A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.πŸŽ–@cveNotify
2023-02-24 00:29:44
🚨 CVE-2022-46786SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2).πŸŽ–@cveNotify
2023-02-24 00:29:43
🚨 CVE-2022-4492The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.πŸŽ–@cveNotify
2023-02-24 00:29:42
🚨 CVE-2023-0044If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.πŸŽ–@cveNotify
2023-02-24 00:29:41
🚨 CVE-2023-0597A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.πŸŽ–@cveNotify
2023-02-24 00:29:40
🚨 CVE-2023-20015A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.πŸŽ–@cveNotify
2023-02-24 00:29:39
🚨 CVE-2023-20016A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.πŸŽ–@cveNotify
2023-02-24 00:29:38
🚨 CVE-2023-20050A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.πŸŽ–@cveNotify
2023-02-24 00:29:37
🚨 CVE-2023-20089A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.πŸŽ–@cveNotify
2023-02-23 22:29:37
🚨 CVE-2022-32222A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.πŸŽ–@cveNotify
2023-02-23 17:29:43
🚨 CVE-2022-2097AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).πŸŽ–@cveNotify
2023-02-23 17:29:41
🚨 CVE-2023-21568Microsoft SQL Server Integration Service (VS extension) Remote Code Execution VulnerabilityπŸŽ–@cveNotify
2023-02-23 17:29:40
🚨 CVE-2023-22942In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the β€˜kvstore_client’ REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled.πŸŽ–@cveNotify
2023-02-23 17:29:39
🚨 CVE-2023-21794Microsoft Edge (Chromium-based) Spoofing VulnerabilityπŸŽ–@cveNotify
2023-02-23 17:29:38
🚨 CVE-2022-3627LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.πŸŽ–@cveNotify
2023-02-23 17:29:37
🚨 CVE-2022-3636A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.πŸŽ–@cveNotify
2023-02-23 06:30:07
🚨 CVE-2022-45724Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.πŸŽ–@cveNotify
2023-02-23 06:30:06
🚨 CVE-2023-0808A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-23 06:30:04
🚨 CVE-2022-3891The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones.πŸŽ–@cveNotify
2023-02-23 06:30:03
🚨 CVE-2022-40022Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.πŸŽ–@cveNotify
2023-02-23 06:30:02
🚨 CVE-2022-45725Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST requestπŸŽ–@cveNotify
2023-02-23 06:30:00
🚨 CVE-2022-4445The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.πŸŽ–@cveNotify
2023-02-23 06:29:59
🚨 CVE-2022-4448The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-02-23 06:29:58
🚨 CVE-2022-4458The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.πŸŽ–@cveNotify
2023-02-23 06:29:57
🚨 CVE-2022-4580The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-02-23 06:29:56
🚨 CVE-2022-4759The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-02-23 06:29:52
🚨 CVE-2022-38935An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.πŸŽ–@cveNotify
2023-02-23 06:29:51
🚨 CVE-2022-38868SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.πŸŽ–@cveNotify
2023-02-23 06:29:50
🚨 CVE-2021-38239SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.πŸŽ–@cveNotify
2023-02-23 06:29:49
🚨 CVE-2023-23850A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.πŸŽ–@cveNotify
2023-02-23 06:29:48
🚨 CVE-2020-21120SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.πŸŽ–@cveNotify
2023-02-23 06:29:44
🚨 CVE-2021-33396Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.πŸŽ–@cveNotify
2023-02-23 06:29:43
🚨 CVE-2021-33925SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.πŸŽ–@cveNotify
2023-02-23 06:29:42
🚨 CVE-2022-38867SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.πŸŽ–@cveNotify
2023-02-23 06:29:41
🚨 CVE-2022-45543Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.πŸŽ–@cveNotify
2023-02-23 06:29:40
🚨 CVE-2022-45546Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.πŸŽ–@cveNotify
2023-02-23 00:29:37
🚨 CVE-2021-33367Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.πŸŽ–@cveNotify
2023-02-23 00:29:36
🚨 CVE-2022-29273pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.πŸŽ–@cveNotify
2023-02-22 16:29:54
🚨 CVE-2023-0946A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-22 16:29:53
🚨 CVE-2023-25158GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.πŸŽ–@cveNotify
2023-02-22 16:29:51
🚨 CVE-2023-25657Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being β€œdjango” for the Django built-in template engine, and the second being β€œjinja” for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict β€œchange” (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.*πŸŽ–@cveNotify
2023-02-22 16:29:50
🚨 CVE-2023-25810Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-02-22 16:29:48
🚨 CVE-2023-25811Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-02-22 16:29:46
🚨 CVE-2023-25812Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a `Deny` policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header `X-Amz-Bypass-Governance-Retention: true`. However, this was not honored instead the request will be honored and an object under governance would be incorrectly deleted. All users are advised to upgrade. There are no known workarounds for this issue.πŸŽ–@cveNotify
2023-02-22 16:29:44
🚨 CVE-2023-24320An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.πŸŽ–@cveNotify
2023-02-22 16:29:43
🚨 CVE-2023-25157GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.πŸŽ–@cveNotify
2023-02-22 16:29:41
🚨 CVE-2022-48282Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0πŸŽ–@cveNotify
2023-02-22 16:29:40
🚨 CVE-2023-0942The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the β€˜tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.πŸŽ–@cveNotify
2023-02-22 16:29:38
🚨 CVE-2023-0943A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects some unknown processing of the file index.php?page=site_settings of the component Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.πŸŽ–@cveNotify
2023-02-22 12:29:39
🚨 CVE-2023-25136OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."πŸŽ–@cveNotify
2023-02-22 12:29:38
🚨 CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.πŸŽ–@cveNotify
2023-02-22 07:30:21
🚨 CVE-2023-0800LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-22 07:30:19
🚨 CVE-2023-0801LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-22 07:30:17
🚨 CVE-2023-0802LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-22 07:30:15
🚨 CVE-2023-0803LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-22 07:30:12
🚨 CVE-2023-0804LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.πŸŽ–@cveNotify
2023-02-22 07:30:10
🚨 CVE-2023-24084ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.πŸŽ–@cveNotify
2023-02-22 07:30:08
🚨 CVE-2023-24086SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView.πŸŽ–@cveNotify
2023-02-22 07:30:06
🚨 CVE-2022-45091Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.πŸŽ–@cveNotify
2023-02-22 07:30:04
🚨 CVE-2022-45090Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.πŸŽ–@cveNotify
2023-02-22 07:30:01
🚨 CVE-2022-45089Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.πŸŽ–@cveNotify
2023-02-22 07:29:59
🚨 CVE-2022-45088Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01.πŸŽ–@cveNotify
2023-02-22 07:29:57
🚨 CVE-2022-45087Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.πŸŽ–@cveNotify
2023-02-22 07:29:55
🚨 CVE-2022-45086Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.πŸŽ–@cveNotify
2023-02-22 07:29:53
🚨 CVE-2022-45085Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01.πŸŽ–@cveNotify
2023-02-22 07:29:51
🚨 CVE-2022-44447In wlan driver, there is a possible null pointer dereference issue due to a missing bounds check. This could lead to local denial of service in wlan services.πŸŽ–@cveNotify
2023-02-22 07:29:49
🚨 CVE-2022-44448In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.πŸŽ–@cveNotify
2023-02-22 07:29:47
🚨 CVE-2021-4325A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-22 07:29:45
🚨 CVE-2022-38779An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.πŸŽ–@cveNotify
2023-02-22 07:29:43
🚨 CVE-2023-20855VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.πŸŽ–@cveNotify
2023-02-22 07:29:41
🚨 CVE-2023-20858VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.πŸŽ–@cveNotify
2023-02-21 23:29:45
🚨 CVE-2023-0946A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-21 23:29:44
🚨 CVE-2023-25158GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.πŸŽ–@cveNotify
2023-02-21 23:29:43
🚨 CVE-2023-25657Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being β€œdjango” for the Django built-in template engine, and the second being β€œjinja” for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict β€œchange” (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.*πŸŽ–@cveNotify
2023-02-21 23:29:42
🚨 CVE-2023-25810Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-02-21 23:29:39
🚨 CVE-2023-25811Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-02-21 23:29:38
🚨 CVE-2022-43779A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.πŸŽ–@cveNotify
2023-02-21 23:29:37
🚨 CVE-2023-0783A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-21 23:29:36
🚨 CVE-2022-41731IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.πŸŽ–@cveNotify
2023-02-21 21:29:43
🚨 CVE-2023-0286There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.πŸŽ–@cveNotify
2023-02-21 21:29:42
🚨 CVE-2023-0151The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 21:29:41
🚨 CVE-2022-42444IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.πŸŽ–@cveNotify
2023-02-21 21:29:40
🚨 CVE-2023-25614SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.πŸŽ–@cveNotify
2023-02-21 21:29:39
🚨 CVE-2022-42436IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.πŸŽ–@cveNotify
2023-02-21 21:29:38
🚨 CVE-2023-24529Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.πŸŽ–@cveNotify
2023-02-21 21:29:37
🚨 CVE-2023-24530SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.πŸŽ–@cveNotify
2023-02-21 20:29:42
🚨 CVE-2023-21437Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.πŸŽ–@cveNotify
2023-02-21 20:29:41
🚨 CVE-2023-23163Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.πŸŽ–@cveNotify
2023-02-21 20:29:39
🚨 CVE-2022-47368In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.πŸŽ–@cveNotify
2023-02-21 20:29:38
🚨 CVE-2022-47367In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.πŸŽ–@cveNotify
2023-02-21 18:29:57
🚨 CVE-2023-22984A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.πŸŽ–@cveNotify
2023-02-21 18:29:56
🚨 CVE-2022-4422This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.πŸŽ–@cveNotify
2023-02-21 18:29:55
🚨 CVE-2023-21421Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.πŸŽ–@cveNotify
2023-02-21 18:29:51
🚨 CVE-2022-38777An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.πŸŽ–@cveNotify
2023-02-21 18:29:50
🚨 CVE-2022-34451PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.πŸŽ–@cveNotify
2023-02-21 18:29:49
🚨 CVE-2022-34449PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.πŸŽ–@cveNotify
2023-02-21 18:29:48
🚨 CVE-2022-34450PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.πŸŽ–@cveNotify
2023-02-21 18:29:45
🚨 CVE-2023-22797An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.πŸŽ–@cveNotify
2023-02-21 18:29:44
🚨 CVE-2023-21442Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.πŸŽ–@cveNotify
2023-02-21 18:29:43
🚨 CVE-2022-34447PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.πŸŽ–@cveNotify
2023-02-21 18:29:42
🚨 CVE-2022-34448PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.πŸŽ–@cveNotify
2023-02-21 18:29:39
🚨 CVE-2023-21432Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.πŸŽ–@cveNotify
2023-02-21 18:29:38
🚨 CVE-2015-10084A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504.πŸŽ–@cveNotify
2023-02-21 18:29:37
🚨 CVE-2021-32855Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.πŸŽ–@cveNotify
2023-02-21 16:30:11
🚨 CVE-2023-0378The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 16:30:06
🚨 CVE-2023-0380The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 16:30:00
🚨 CVE-2023-0419The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 16:29:57
🚨 CVE-2023-0428The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.πŸŽ–@cveNotify
2023-02-21 16:29:54
🚨 CVE-2023-0429The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2023-02-21 16:29:51
🚨 CVE-2023-0442The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.πŸŽ–@cveNotify
2023-02-21 16:29:47
🚨 CVE-2023-0453The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.πŸŽ–@cveNotify
2023-02-21 11:30:04
🚨 CVE-2022-4897The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site ScriptingπŸŽ–@cveNotify
2023-02-21 11:30:03
🚨 CVE-2023-0059The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 11:30:02
🚨 CVE-2023-0067The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 11:30:01
🚨 CVE-2023-0231The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 11:30:00
🚨 CVE-2023-0232The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.πŸŽ–@cveNotify
2023-02-21 11:29:56
🚨 CVE-2023-0271The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 11:29:55
🚨 CVE-2023-0285The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 11:29:54
🚨 CVE-2023-0366The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-02-21 11:29:53
🚨 CVE-2023-0371The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-02-21 11:29:52
🚨 CVE-2023-0372The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπŸŽ–@cveNotify
2023-02-21 11:29:48
🚨 CVE-2023-0375The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 11:29:47
🚨 CVE-2023-0378The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 11:29:46
🚨 CVE-2023-0380The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 11:29:45
🚨 CVE-2023-0419The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 11:29:44
🚨 CVE-2023-0428The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.πŸŽ–@cveNotify
2023-02-21 11:29:40
🚨 CVE-2023-0429The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).πŸŽ–@cveNotify
2023-02-21 11:29:39
🚨 CVE-2023-0442The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.πŸŽ–@cveNotify
2023-02-21 11:29:38
🚨 CVE-2023-0453The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.πŸŽ–@cveNotify
2023-02-21 11:29:37
🚨 CVE-2023-0540The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.πŸŽ–@cveNotify
2023-02-21 07:29:48
🚨 CVE-2023-24575Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected systemπŸŽ–@cveNotify
2023-02-21 07:29:47
🚨 CVE-2023-26265The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.πŸŽ–@cveNotify
2023-02-21 07:29:46
🚨 CVE-2023-26266In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.πŸŽ–@cveNotify
2023-02-21 07:29:45
🚨 CVE-2014-125089A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-21 07:29:44
🚨 CVE-2022-48340In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.πŸŽ–@cveNotify
2023-02-21 07:29:43
🚨 CVE-2023-26249Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.πŸŽ–@cveNotify
2023-02-21 07:29:42
🚨 CVE-2023-26253In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.πŸŽ–@cveNotify
2023-02-21 07:29:41
🚨 CVE-2023-26242afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.πŸŽ–@cveNotify
2023-02-21 02:29:46
🚨 CVE-2023-26234JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.πŸŽ–@cveNotify
2023-02-21 02:29:45
🚨 CVE-2023-26235JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.πŸŽ–@cveNotify
2023-02-21 02:29:44
🚨 CVE-2021-32853Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.πŸŽ–@cveNotify
2023-02-21 02:29:43
🚨 CVE-2022-48337GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.πŸŽ–@cveNotify
2023-02-21 02:29:42
🚨 CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.πŸŽ–@cveNotify
2023-02-21 02:29:40
🚨 CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.πŸŽ–@cveNotify
2023-02-21 02:29:39
🚨 CVE-2023-23452Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.πŸŽ–@cveNotify
2023-02-21 02:29:38
🚨 CVE-2023-23453Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.πŸŽ–@cveNotify
2023-02-21 02:29:36
🚨 CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.πŸŽ–@cveNotify
2023-02-20 23:29:37
🚨 CVE-2021-32851Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1πŸŽ–@cveNotify
2023-02-20 23:29:36
🚨 CVE-2021-32852Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.πŸŽ–@cveNotify
2023-02-20 22:29:39
🚨 CVE-2022-44216Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.πŸŽ–@cveNotify
2023-02-20 22:29:38
🚨 CVE-2022-44666Windows Contacts Remote Code Execution Vulnerability.πŸŽ–@cveNotify
2023-02-20 22:29:37
🚨 CVE-2022-3901Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.πŸŽ–@cveNotify
2023-02-20 18:29:42
🚨 CVE-2023-24998Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.πŸŽ–@cveNotify
2023-02-20 18:29:38
🚨 CVE-2023-25570Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0. As a workaround, avoid exposing apollo-configservice to the internet.πŸŽ–@cveNotify
2023-02-20 18:29:37
🚨 CVE-2023-25656notation-go is a collection of libraries for supporting Notation sign, verify, push, pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures and the application will be finally killed, and thus availability is impacted. The problem has been patched in the release v1.0.0-rc.3. Some workarounds are available. Users can review their own trust policy file and check if the identity string contains `=#`. Meanwhile, users should only put trusted certificates in their trust stores referenced by their own trust policy files, and make sure the `authenticity` validation is set to `enforce`.πŸŽ–@cveNotify
2023-02-20 18:29:36
🚨 CVE-2023-25805versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0.πŸŽ–@cveNotify
2023-02-20 16:29:44
🚨 CVE-2022-2097AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).πŸŽ–@cveNotify
2023-02-20 13:29:42
🚨 CVE-2016-15026A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The name of the patch is 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-20 12:29:44
🚨 CVE-2014-125088A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488.πŸŽ–@cveNotify
2023-02-20 12:29:43
🚨 CVE-2013-10019A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The name of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-20 12:29:42
🚨 CVE-2023-0907A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is some unknown functionality in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221456.πŸŽ–@cveNotify
2023-02-20 12:29:40
🚨 CVE-2023-0908A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-20 07:29:47
🚨 CVE-2023-26092Liima before 1.17.28 allows server-side template injection.πŸŽ–@cveNotify
2023-02-20 07:29:46
🚨 CVE-2023-26093Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter.πŸŽ–@cveNotify
2023-02-20 07:29:45
🚨 CVE-2022-48328app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.πŸŽ–@cveNotify
2023-02-20 07:29:43
🚨 CVE-2022-48329MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.πŸŽ–@cveNotify
2023-02-20 07:29:42
🚨 CVE-2023-26081In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.πŸŽ–@cveNotify
2023-02-19 20:29:45
🚨 CVE-2014-125087A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.πŸŽ–@cveNotify
2023-02-19 18:29:42
🚨 CVE-2012-10007A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479.πŸŽ–@cveNotify
2023-02-19 18:29:41
🚨 CVE-2023-0919Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.πŸŽ–@cveNotify
2023-02-19 07:29:48
🚨 CVE-2021-34749A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.πŸŽ–@cveNotify
2023-02-19 07:29:47
🚨 CVE-2021-1223Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.πŸŽ–@cveNotify
2023-02-19 07:29:43
🚨 CVE-2021-1224Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.πŸŽ–@cveNotify
2023-02-19 07:29:42
🚨 CVE-2020-3299Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.πŸŽ–@cveNotify
2023-02-19 07:29:41
🚨 CVE-2023-0914Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4.πŸŽ–@cveNotify
2023-02-19 00:29:49
🚨 CVE-2023-25167Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.πŸŽ–@cveNotify
2023-02-19 00:29:48
🚨 CVE-2023-25396Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files.πŸŽ–@cveNotify
2023-02-19 00:29:47
🚨 CVE-2023-23475IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423.πŸŽ–@cveNotify
2023-02-19 00:29:46
🚨 CVE-2023-0690HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0.πŸŽ–@cveNotify
2023-02-19 00:29:44
🚨 CVE-2022-45527File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.πŸŽ–@cveNotify
2023-02-19 00:29:43
🚨 CVE-2022-45755Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.πŸŽ–@cveNotify
2023-02-19 00:29:41
🚨 CVE-2022-45526SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.πŸŽ–@cveNotify
2023-02-19 00:29:40
🚨 CVE-2022-42438IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.πŸŽ–@cveNotify
2023-02-19 00:29:39
🚨 CVE-2022-35720IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.πŸŽ–@cveNotify
2023-02-18 22:29:55
🚨 CVE-2023-0912A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-18 22:29:51
🚨 CVE-2023-0744Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.πŸŽ–@cveNotify
2023-02-18 22:29:50
🚨 CVE-2023-0361A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.πŸŽ–@cveNotify
2023-02-18 22:29:49
🚨 CVE-2019-16884runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.πŸŽ–@cveNotify
2023-02-18 18:29:49
🚨 CVE-2022-47986IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.πŸŽ–@cveNotify
2023-02-18 12:29:58
🚨 CVE-2023-0909A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475.πŸŽ–@cveNotify
2023-02-18 12:29:57
🚨 CVE-2023-0902A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.πŸŽ–@cveNotify
2023-02-18 12:29:56
🚨 CVE-2023-0903A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.πŸŽ–@cveNotify
2023-02-18 12:29:52
🚨 CVE-2023-0905A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-18 12:29:51
🚨 CVE-2023-0906A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455.πŸŽ–@cveNotify
2023-02-18 12:29:50
🚨 CVE-2023-0908A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-18 07:30:00
🚨 CVE-2023-0433Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.πŸŽ–@cveNotify
2023-02-18 07:29:58
🚨 CVE-2022-47024A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.πŸŽ–@cveNotify
2023-02-18 07:29:56
🚨 CVE-2022-40348Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.πŸŽ–@cveNotify
2023-02-18 07:29:54
🚨 CVE-2023-0901Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.πŸŽ–@cveNotify
2023-02-18 02:29:43
🚨 CVE-2021-32843HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4.πŸŽ–@cveNotify
2023-02-18 02:29:42
🚨 CVE-2021-32844HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13.πŸŽ–@cveNotify
2023-02-18 02:29:41
🚨 CVE-2021-32845HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948.πŸŽ–@cveNotify
2023-02-18 02:29:40
🚨 CVE-2021-32846HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba.πŸŽ–@cveNotify
2023-02-17 23:30:01
🚨 CVE-2023-0482In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.πŸŽ–@cveNotify
2023-02-17 23:30:00
🚨 CVE-2023-22237After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:59
🚨 CVE-2023-21574Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:57
🚨 CVE-2023-21575Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:56
🚨 CVE-2023-22238After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:55
🚨 CVE-2023-21576Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:53
🚨 CVE-2023-22239After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:52
🚨 CVE-2023-21577Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:51
🚨 CVE-2023-22243Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:50
🚨 CVE-2023-21583Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:48
🚨 CVE-2023-22244Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:47
🚨 CVE-2023-21584FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:46
🚨 CVE-2023-22246Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:45
🚨 CVE-2023-23064TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.πŸŽ–@cveNotify
2023-02-17 23:29:43
🚨 CVE-2023-21593Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:42
🚨 CVE-2023-24769Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.πŸŽ–@cveNotify
2023-02-17 23:29:41
🚨 CVE-2023-21619FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:40
🚨 CVE-2023-21620FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:38
🚨 CVE-2023-21621FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 23:29:37
🚨 CVE-2023-21622FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.πŸŽ–@cveNotify
2023-02-17 20:30:11
🚨 CVE-2021-32419An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c.πŸŽ–@cveNotify
2023-02-17 20:30:09
🚨 CVE-2021-32441SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.πŸŽ–@cveNotify
2023-02-17 20:30:07
🚨 CVE-2021-32142Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.πŸŽ–@cveNotify
2023-02-17 20:30:05
🚨 CVE-2021-33391An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.πŸŽ–@cveNotify
2023-02-17 20:30:03
🚨 CVE-2021-33391An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.πŸŽ–@cveNotify
2023-02-17 20:30:01
🚨 CVE-2021-33926An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.πŸŽ–@cveNotify
2023-02-17 20:30:00
🚨 CVE-2021-33926An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.πŸŽ–@cveNotify
2023-02-17 20:29:58
🚨 CVE-2021-33983Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function.πŸŽ–@cveNotify
2023-02-17 20:29:56
🚨 CVE-2021-33226Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.πŸŽ–@cveNotify
2023-02-17 20:29:54
🚨 CVE-2021-33237Cross Site Scripting vulnerability in YMFE yapo v1.9.1 allows attacker to execute arbitrary code via the remark parameter of the interface edit page.πŸŽ–@cveNotify
2023-02-17 20:29:52
🚨 CVE-2021-34164Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.πŸŽ–@cveNotify
2023-02-17 20:29:50
🚨 CVE-2021-33948SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.πŸŽ–@cveNotify
2023-02-17 20:29:48
🚨 CVE-2021-34182An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions.πŸŽ–@cveNotify
2023-02-17 20:29:47
🚨 CVE-2021-33949An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.πŸŽ–@cveNotify
2023-02-17 20:29:45
🚨 CVE-2021-35261File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.πŸŽ–@cveNotify
2023-02-17 20:29:43
🚨 CVE-2021-33950An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.πŸŽ–@cveNotify
2023-02-17 20:29:42
🚨 CVE-2021-3172An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.πŸŽ–@cveNotify
2023-02-17 20:29:40
🚨 CVE-2021-3172An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.πŸŽ–@cveNotify
2023-02-17 20:29:39
🚨 CVE-2022-20803A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.πŸŽ–@cveNotify
2023-02-17 20:29:37
🚨 CVE-2022-40232IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.πŸŽ–@cveNotify
2023-02-17 16:29:51
🚨 CVE-2023-21434Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.πŸŽ–@cveNotify
2023-02-17 16:29:50
🚨 CVE-2023-23586Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uringπŸŽ–@cveNotify
2023-02-17 16:29:46
🚨 CVE-2022-40032SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.πŸŽ–@cveNotify
2023-02-17 16:29:45
🚨 CVE-2020-24307** DISPUTED ** An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.πŸŽ–@cveNotify
2023-02-17 16:29:44
🚨 CVE-2023-24815Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-02-17 16:29:40
🚨 CVE-2022-48295The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).πŸŽ–@cveNotify
2023-02-17 16:29:39
🚨 CVE-2023-0575External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.πŸŽ–@cveNotify
2023-02-17 16:29:38
🚨 CVE-2022-48296The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.πŸŽ–@cveNotify
2023-02-17 16:29:37
🚨 CVE-2022-48301The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.πŸŽ–@cveNotify
2023-02-17 13:30:03
🚨 CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.πŸŽ–@cveNotify
2023-02-17 13:30:01
🚨 CVE-2023-0880Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.πŸŽ–@cveNotify
2023-02-17 13:30:00
🚨 CVE-2022-21163Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-17 13:29:58
🚨 CVE-2022-29494Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.πŸŽ–@cveNotify
2023-02-17 13:29:57
🚨 CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.πŸŽ–@cveNotify
2023-02-17 13:29:56
🚨 CVE-2022-31476Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.πŸŽ–@cveNotify
2023-02-17 13:29:54
🚨 CVE-2022-33190Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-17 13:29:53
🚨 CVE-2022-33946Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-17 13:29:51
🚨 CVE-2022-34346Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-17 13:29:50
🚨 CVE-2022-36287Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.πŸŽ–@cveNotify
2023-02-17 13:29:49
🚨 CVE-2022-36289Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.πŸŽ–@cveNotify
2023-02-17 13:29:47
🚨 CVE-2022-35883NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.πŸŽ–@cveNotify
2023-02-17 13:29:46
🚨 CVE-2022-36382Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.πŸŽ–@cveNotify
2023-02-17 13:29:44
🚨 CVE-2022-36416Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-17 13:29:43
🚨 CVE-2022-37340Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-17 13:29:41
🚨 CVE-2022-38090Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.πŸŽ–@cveNotify
2023-02-17 13:29:40
🚨 CVE-2022-41314Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-17 13:29:39
🚨 CVE-2022-41614Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.πŸŽ–@cveNotify
2023-02-17 13:29:38
🚨 CVE-2022-48325Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) year, (2) oldSenha, (3) novaSenha, (4) termo, (5) nome, (6) cnpj, (7) ie, (8) cep, (9) logradouro, (10) numero, (11) bairro, (12) cidade, (13) uf, (14) telefone, (15) email, (16) id, (17) app_name, (18) per_page, (19) app_theme, (20) os_notification, (21) email_automatico, (22) control_estoque, (23) notifica_whats, (24) control_baixa, (25) control_editos, (26) control_edit_vendas, (27) control_datatable, (28) pix_key, (29) os_status_list, (30) control_2vias, (31) status, (32) start, (33) end in file application/controllers/Mapos.php; (34) token, (35) senha, (36) email, (37) nomeCliente, (38) documento, (39) telefone, (40) celular, (41) rua, (42) numero, (43) complemento, (44) bairro, (45) cidade, (46) estado, (47) cep, (48) idClientes, (49) descricaoProduto, (50) defeito in file application/controllers/Mine.php; (51) pesquisa, (52) status, (53) data, (54) data2, (55) dataInicial, (56) dataFinal, (57) termoGarantia, (58) garantias_id, (59) clientes_id, (60) usuarios_id, (61) idOs, (62) garantia, (63) descricaoProduto, (64) defeito, (65) observacoes, (66) laudoTecnico, (67) id, (68) preco, (69) quantidade, (70) idProduto, (71) idOsProduto, (72) produto, (73) idServico, (74) idOsServico, (75) desconto, (76) tipoDesconto, (77) resultado, (78) vencimento, (79) recebimento, (80) os_id, (81) valor, (82) recebido, (83) formaPgto, (84) tipo, (85) anotacao, (86) idAnotacao in file application/controllers/Os.php.πŸŽ–@cveNotify
2023-02-17 13:29:36
🚨 CVE-2022-48326Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) nome, (2) aCliente, (3) eCliente, (4) dCliente, (5) vCliente, (6) aProduto, (7) eProduto, (8) dProduto, (9) vProduto, (10) aServico, (11) eServico, (12) dServico, (13) vServico, (14) aOs, (15) eOs, (16) dOs, (17) vOs, (18) aVenda, (19) eVenda, (20) dVenda, (21) vVenda, (22) aGarantia, (23) eGarantia, (24) dGarantia, (25) vGarantia, (26) aArquivo, (27) eArquivo, (28) dArquivo, (29) vArquivo, (30) aPagamento, (31) ePagamento, (32) dPagamento, (33) vPagamento, (34) aLancamento, (35) eLancamento, (36) dLancamento, (37) vLancamento, (38) cUsuario, (39) cEmitente, (40) cPermissao, (41) cBackup, (42) cAuditoria, (43) cEmail, (44) cSistema, (45) rCliente, (46) rProduto, (47) rServico, (48) rOs, (49) rVenda, (50) rFinanceiro, (51) aCobranca, (52) eCobranca, (53) dCobranca, (54) vCobranca, (55) situacao, (56) idPermissao, (57) id in file application/controllers/Permissoes.php; (58) precoCompra, (59) precoVenda, (60) descricao, (61) unidade, (62) estoque, (63) estoqueMinimo, (64) idProdutos, (65) id, (66) estoqueAtual in file application/controllers/Produtos.php.πŸŽ–@cveNotify
2023-02-17 07:29:58
🚨 CVE-2022-39282FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.πŸŽ–@cveNotify
2023-02-17 07:29:56
🚨 CVE-2022-43945The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HπŸŽ–@cveNotify
2023-02-17 07:29:54
🚨 CVE-2018-3912On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.πŸŽ–@cveNotify
2023-02-17 07:29:53
🚨 CVE-2018-25009A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().πŸŽ–@cveNotify
2023-02-17 07:29:51
🚨 CVE-2020-9453In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.πŸŽ–@cveNotify
2023-02-17 07:29:49
🚨 CVE-2022-45914The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.πŸŽ–@cveNotify
2023-02-17 07:29:47
🚨 CVE-2023-0880Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.πŸŽ–@cveNotify
2023-02-17 07:29:46
🚨 CVE-2023-0877Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.πŸŽ–@cveNotify
2023-02-17 07:29:45
🚨 CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.πŸŽ–@cveNotify
2023-02-17 07:29:43
🚨 CVE-2023-0878Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.πŸŽ–@cveNotify
2023-02-17 00:30:09
🚨 CVE-2022-44299SiteServerCMS 7.1.3 sscms has a file read vulnerability.πŸŽ–@cveNotify
2023-02-17 00:30:08
🚨 CVE-2022-47703TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513.πŸŽ–@cveNotify
2023-02-17 00:30:06
🚨 CVE-2023-0821HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.πŸŽ–@cveNotify
2023-02-17 00:30:05
🚨 CVE-2023-25151opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not "forget" previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue.πŸŽ–@cveNotify
2023-02-17 00:30:03
🚨 CVE-2022-30564Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.πŸŽ–@cveNotify
2023-02-17 00:30:01
🚨 CVE-2022-45786There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn't careful. The developer of the Golang and Pyton drivers didn't fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn't a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters - that would be passed in and that the cypher() function transform needs to be resolved - are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can't be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session's pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks.πŸŽ–@cveNotify
2023-02-17 00:30:00
🚨 CVE-2022-27538A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.πŸŽ–@cveNotify
2023-02-17 00:29:58
🚨 CVE-2023-24347D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.πŸŽ–@cveNotify
2023-02-17 00:29:57
🚨 CVE-2023-24345D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.πŸŽ–@cveNotify
2023-02-17 00:29:55
🚨 CVE-2023-24346D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.πŸŽ–@cveNotify
2023-02-17 00:29:54
🚨 CVE-2023-24343D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.πŸŽ–@cveNotify
2023-02-17 00:29:53
🚨 CVE-2023-24344D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.πŸŽ–@cveNotify
2023-02-17 00:29:51
🚨 CVE-2022-4903A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-17 00:29:48
🚨 CVE-2015-10077A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.πŸŽ–@cveNotify
2023-02-17 00:29:46
🚨 CVE-2023-24573Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.πŸŽ–@cveNotify
2023-02-17 00:29:44
🚨 CVE-2023-23698Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.πŸŽ–@cveNotify
2023-02-17 00:29:43
🚨 CVE-2023-24569Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.πŸŽ–@cveNotify
2023-02-17 00:29:41
🚨 CVE-2022-21163Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-17 00:29:40
🚨 CVE-2022-29494Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.πŸŽ–@cveNotify
2023-02-17 00:29:38
🚨 CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.πŸŽ–@cveNotify
2023-02-16 22:29:54
🚨 CVE-2022-32570Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-16 22:29:53
🚨 CVE-2022-26032Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-16 22:29:52
🚨 CVE-2022-26343Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-16 22:29:49
🚨 CVE-2022-26345Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-16 22:29:48
🚨 CVE-2022-26837Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-16 22:29:47
🚨 CVE-2022-30531Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.πŸŽ–@cveNotify
2023-02-16 22:29:43
🚨 CVE-2022-36398Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-16 22:29:42
🚨 CVE-2022-36278Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-16 22:29:41
🚨 CVE-2022-21216Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.πŸŽ–@cveNotify
2023-02-16 22:29:37
🚨 CVE-2022-36348Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.πŸŽ–@cveNotify
2023-02-16 22:29:36
🚨 CVE-2022-25987Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.πŸŽ–@cveNotify
2023-02-16 19:30:21
🚨 CVE-2023-24807Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.πŸŽ–@cveNotify
2023-02-16 19:30:19
🚨 CVE-2023-23936Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.πŸŽ–@cveNotify
2023-02-16 19:30:17
🚨 CVE-2023-24483A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.πŸŽ–@cveNotify
2023-02-16 19:30:15
🚨 CVE-2015-10076A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.πŸŽ–@cveNotify
2023-02-16 19:30:13
🚨 CVE-2022-1774Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.πŸŽ–@cveNotify
2023-02-16 19:30:11
🚨 CVE-2022-1767Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.πŸŽ–@cveNotify
2023-02-16 19:30:08
🚨 CVE-2022-1727Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.πŸŽ–@cveNotify
2023-02-16 19:30:06
🚨 CVE-2022-1713SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.πŸŽ–@cveNotify
2023-02-16 19:30:04
🚨 CVE-2022-1721Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.πŸŽ–@cveNotify
2023-02-16 19:30:02
🚨 CVE-2022-1722SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addressesπŸŽ–@cveNotify
2023-02-16 19:30:00
🚨 CVE-2022-3568The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.πŸŽ–@cveNotify
2023-02-16 19:29:58
🚨 CVE-2023-0771SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.πŸŽ–@cveNotify
2023-02-16 19:29:56
🚨 CVE-2022-45190An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.πŸŽ–@cveNotify
2023-02-16 19:29:54
🚨 CVE-2022-40480Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.πŸŽ–@cveNotify
2023-02-16 19:29:53
🚨 CVE-2023-24828Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability.πŸŽ–@cveNotify
2023-02-16 19:29:51
🚨 CVE-2023-23286Cross Site Scripting (XSS) vulnerability in Pro