2023-09-22 00:37:15 |
๐จ CVE-2023-4853A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.๐@cveNotify |
|
2023-09-22 00:37:14 |
๐จ CVE-2022-30114A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.๐@cveNotify |
|
2023-09-21 22:37:27 |
๐จ CVE-2023-38343An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.๐@cveNotify |
|
2023-09-21 22:37:26 |
๐จ CVE-2023-38344An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.๐@cveNotify |
|
2023-09-21 22:37:25 |
๐จ CVE-2023-34576SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.๐@cveNotify |
|
2023-09-21 22:37:24 |
๐จ CVE-2023-42482Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.๐@cveNotify |
|
2023-09-21 22:37:23 |
๐จ CVE-2023-41991A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.๐@cveNotify |
|
2023-09-21 22:37:22 |
๐จ CVE-2023-41992The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.๐@cveNotify |
|
2023-09-21 22:37:18 |
๐จ CVE-2020-35357A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.๐@cveNotify |
|
2023-09-21 22:37:17 |
๐จ CVE-2023-43374Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.๐@cveNotify |
|
2023-09-21 22:37:16 |
๐จ CVE-2023-42793In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible๐@cveNotify |
|
2023-09-21 22:37:15 |
๐จ CVE-2023-43566In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration๐@cveNotify |
|
2023-09-21 21:07:37 |
๐จ CVE-2023-41992The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.๐@cveNotify |
|
2023-09-21 21:07:36 |
๐จ CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.๐@cveNotify |
|
2023-09-21 21:07:35 |
๐จ CVE-2023-42280mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.๐@cveNotify |
|
2023-09-21 21:07:34 |
๐จ CVE-2023-40442A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.๐@cveNotify |
|
2023-09-21 21:07:32 |
๐จ CVE-2023-41990The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.๐@cveNotify |
|
2023-09-21 21:07:31 |
๐จ CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.๐@cveNotify |
|
2023-09-21 21:07:29 |
๐จ CVE-2023-32649A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.๐@cveNotify |
|
2023-09-21 21:07:28 |
๐จ CVE-2023-2567A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.๐@cveNotify |
|
2023-09-21 21:07:27 |
๐จ CVE-2023-4094ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.๐@cveNotify |
|
2023-09-21 21:07:26 |
๐จ CVE-2023-29245A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.๐@cveNotify |
|
2023-09-21 21:07:25 |
๐จ CVE-2023-5009An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.๐@cveNotify |
|
2023-09-21 21:07:24 |
๐จ CVE-2023-43375Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.๐@cveNotify |
|
2023-09-21 21:07:23 |
๐จ CVE-2023-5054The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer.๐@cveNotify |
|
2023-09-21 21:07:22 |
๐จ CVE-2023-42399Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.๐@cveNotify |
|
2023-09-21 21:07:21 |
๐จ CVE-2023-43376A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.๐@cveNotify |
|
2023-09-21 21:07:19 |
๐จ CVE-2023-39446** UNSUPPPORTED WHEN ASSIGNED ** Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.๐@cveNotify |
|
2023-09-21 21:07:18 |
๐จ CVE-2023-43377A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.๐@cveNotify |
|
2023-09-21 21:07:17 |
๐จ CVE-2023-39452** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.๐@cveNotify |
|
2023-09-21 21:07:16 |
๐จ CVE-2019-1010283Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.๐@cveNotify |
|
2023-09-21 21:07:15 |
๐จ CVE-2023-40619phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.๐@cveNotify |
|
2023-09-21 19:07:20 |
๐จ CVE-2023-43274Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.๐@cveNotify |
|
2023-09-21 19:07:19 |
๐จ CVE-2023-43309There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.๐@cveNotify |
|
2023-09-21 19:07:18 |
๐จ CVE-2023-43631On boot, the Pillar eve container checks for the existence and content ofโ/config/authorized_keysโ.If the file is present, and contains a supported public key, the container will go on to openport 22 and enable sshd with the given keys as the authorized keys for root login.An attacker could easily add their own keys and gain full control over the system withouttriggering the โmeasured bootโ mechanism implemented by EVE OS, and without markingthe device as โUUDโ (โUnknown Update Detectedโ).This is because the โ/configโ partition is not protected by โmeasured bootโ, it is mutable, andit is not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thus nottriggering the โmeasured bootโ mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:โข aa3501d6c57206ced222c33aea15a9169d629141โข 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.๐@cveNotify |
|
2023-09-21 19:07:17 |
๐จ CVE-2023-43632As noted in the โVTPM.mdโ file in the eve documentation, โVTPM is a server listening on port8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients toexecute tpm2-tools binaries from a list of hardcoded optionsโThe communication with this server is done using protobuf, and the data is comprised of 2parts:1. Header2. DataWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,and these 4 bytes would be parsed as uint32 size of the actual data to come.Then, in the function โhandleRequestโ this size is then used in order to allocate a payload onthe stack for the incoming data.As this payload is allocated on the stack, this will allow overflowing the stack size allocated forthe relevant process with freely controlled data.* An attacker can crash the system. * An attacker can gain control over the system, specifically on the โvtpm_serverโ processwhich has very high privileges.๐@cveNotify |
|
2023-09-21 19:07:16 |
๐จ CVE-2023-43633On boot, the Pillar eve container checks for the existence and content ofโ/config/GlobalConfig/global.jsonโ.If the file exists, it overrides the existing configuration on the device on boot.This allows an attacker to change the systemโs configuration, which also includes somedebug functions.This could be used to unlock the ssh with custom โauthorized_keysโ via theโdebug.enable.sshโ key, similar to the โauthorized_keysโ finding that was noted before.Other usages include unlocking the usb to enable the keyboard via the โdebug.enable.usbโkey, allowing VNC access via the โapp.allow.vncโ key, and more.An attacker could easily enable these debug functionalities without triggering the โmeasuredbootโ mechanism implemented by EVE OS, and without marking the device as โUUDโ(โUnknown Update Detectedโ).This is because the โ/configโ partition is not protected by โmeasured bootโ, it is mutable and itis not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thereby nottriggering the โmeasured bootโ mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:โข aa3501d6c57206ced222c33aea15a9169d629141โข 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.๐@cveNotify |
|
2023-09-21 19:07:15 |
๐จ CVE-2023-43634When sealing/unsealing the โvaultโ key, a list of PCRs is used, which defines which PCRsare used.In a previous project, CYMOTIVE found that the configuration is not protected by the secureboot, and in response Zededa implemented measurements on the config partition that wasmapped to PCR 13.In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.In commit โ56e589749c6ff58ded862d39535d43253b249acfโ, the config partitionmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list ofPCRs that seal/unseal the key.This change makes the measurement of PCR 14 effectively redundant as it would not affectthe sealing/unsealing of the key.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted โvaultโ๐@cveNotify |
|
2023-09-21 16:58:37 |
๐จ CVE-2023-41929A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)๐@cveNotify |
|
2023-09-21 16:58:35 |
๐จ CVE-2023-32187An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service.This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.๐@cveNotify |
|
2023-09-21 16:58:34 |
๐จ CVE-2023-40183DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.๐@cveNotify |
|
2023-09-21 16:58:33 |
๐จ CVE-2023-41048plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.๐@cveNotify |
|
2023-09-21 16:58:32 |
๐จ CVE-2023-42457plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache).๐@cveNotify |
|
2023-09-21 16:58:30 |
๐จ CVE-2023-40018FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.๐@cveNotify |
|
2023-09-21 16:58:29 |
๐จ CVE-2022-20917A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.๐@cveNotify |
|
2023-09-21 16:58:28 |
๐จ CVE-2023-20194A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings.๐@cveNotify |
|
2023-09-21 16:58:27 |
๐จ CVE-2023-36160An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.๐@cveNotify |
|
2023-09-21 16:58:26 |
๐จ CVE-2023-43274Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.๐@cveNotify |
|
2023-09-21 16:58:24 |
๐จ CVE-2023-43309There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.๐@cveNotify |
|
2023-09-21 16:58:23 |
๐จ CVE-2023-43631On boot, the Pillar eve container checks for the existence and content ofโ/config/authorized_keysโ.If the file is present, and contains a supported public key, the container will go on to openport 22 and enable sshd with the given keys as the authorized keys for root login.An attacker could easily add their own keys and gain full control over the system withouttriggering the โmeasured bootโ mechanism implemented by EVE OS, and without markingthe device as โUUDโ (โUnknown Update Detectedโ).This is because the โ/configโ partition is not protected by โmeasured bootโ, it is mutable, andit is not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thus nottriggering the โmeasured bootโ mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:โข aa3501d6c57206ced222c33aea15a9169d629141โข 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.๐@cveNotify |
|
2023-09-21 16:58:22 |
๐จ CVE-2023-43632As noted in the โVTPM.mdโ file in the eve documentation, โVTPM is a server listening on port8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients toexecute tpm2-tools binaries from a list of hardcoded optionsโThe communication with this server is done using protobuf, and the data is comprised of 2parts:1. Header2. DataWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,and these 4 bytes would be parsed as uint32 size of the actual data to come.Then, in the function โhandleRequestโ this size is then used in order to allocate a payload onthe stack for the incoming data.As this payload is allocated on the stack, this will allow overflowing the stack size allocated forthe relevant process with freely controlled data.* An attacker can crash the system. * An attacker can gain control over the system, specifically on the โvtpm_serverโ processwhich has very high privileges.๐@cveNotify |
|
2023-09-21 16:58:21 |
๐จ CVE-2023-43633On boot, the Pillar eve container checks for the existence and content ofโ/config/GlobalConfig/global.jsonโ.If the file exists, it overrides the existing configuration on the device on boot.This allows an attacker to change the systemโs configuration, which also includes somedebug functions.This could be used to unlock the ssh with custom โauthorized_keysโ via theโdebug.enable.sshโ key, similar to the โauthorized_keysโ finding that was noted before.Other usages include unlocking the usb to enable the keyboard via the โdebug.enable.usbโkey, allowing VNC access via the โapp.allow.vncโ key, and more.An attacker could easily enable these debug functionalities without triggering the โmeasuredbootโ mechanism implemented by EVE OS, and without marking the device as โUUDโ(โUnknown Update Detectedโ).This is because the โ/configโ partition is not protected by โmeasured bootโ, it is mutable and itis not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thereby nottriggering the โmeasured bootโ mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:โข aa3501d6c57206ced222c33aea15a9169d629141โข 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.๐@cveNotify |
|
2023-09-21 16:58:20 |
๐จ CVE-2023-43634When sealing/unsealing the โvaultโ key, a list of PCRs is used, which defines which PCRsare used.In a previous project, CYMOTIVE found that the configuration is not protected by the secureboot, and in response Zededa implemented measurements on the config partition that wasmapped to PCR 13.In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.In commit โ56e589749c6ff58ded862d39535d43253b249acfโ, the config partitionmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list ofPCRs that seal/unseal the key.This change makes the measurement of PCR 14 effectively redundant as it would not affectthe sealing/unsealing of the key.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted โvaultโ๐@cveNotify |
|
2023-09-21 16:58:19 |
๐จ CVE-2023-43637Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault keywould always have the last 16 bytes predetermined to be "arfoobarfoobarfo".This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will alwaysreturn "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byterandomly generated key with this key (by takeing 16bytes from each, see "mergeKeys").This makes the key a lot weaker.This issue does not persist in devices that were initialized on/after version 7.10, but devicesthat were initialized before that and updated to a newer version still have this issue.Roll an update that enforces the full 32bytes key usage.๐@cveNotify |
|
2023-09-21 16:58:18 |
๐จ CVE-2023-36562Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability๐@cveNotify |
|
2023-09-21 16:58:17 |
๐จ CVE-2023-38507Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.๐@cveNotify |
|
2023-09-21 14:58:44 |
๐จ CVE-2023-41030Hard-coded credentials inย Juplink RX4-1500 versions V1.0.2 through V1.0.5ย allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.๐@cveNotify |
|
2023-09-21 14:58:43 |
๐จ CVE-2020-24089An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).๐@cveNotify |
|
2023-09-21 14:58:41 |
๐จ CVE-2023-36319File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.๐@cveNotify |
|
2023-09-21 14:58:40 |
๐จ CVE-2023-39575A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.๐@cveNotify |
|
2023-09-21 14:58:38 |
๐จ CVE-2023-4095User enumeration vulnerability in Arconte รurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.๐@cveNotify |
|
2023-09-21 14:58:36 |
๐จ CVE-2023-4093Reflected and persistent XSS vulnerability in Arconte รurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.๐@cveNotify |
|
2023-09-21 14:58:34 |
๐จ CVE-2023-43235D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.๐@cveNotify |
|
2023-09-21 14:58:33 |
๐จ CVE-2023-43236D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.๐@cveNotify |
|
2023-09-21 14:58:31 |
๐จ CVE-2023-43237D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.๐@cveNotify |
|
2023-09-21 14:58:30 |
๐จ CVE-2023-43238D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.๐@cveNotify |
|
2023-09-21 14:58:28 |
๐จ CVE-2023-43239D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.๐@cveNotify |
|
2023-09-21 14:58:27 |
๐จ CVE-2023-43240D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.๐@cveNotify |
|
2023-09-21 14:58:25 |
๐จ CVE-2023-43241D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.๐@cveNotify |
|
2023-09-21 14:58:23 |
๐จ CVE-2023-43242D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.๐@cveNotify |
|
2023-09-21 14:58:22 |
๐จ CVE-2023-41179A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.๐@cveNotify |
|
2023-09-21 14:58:20 |
๐จ CVE-2023-31808Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.๐@cveNotify |
|
2023-09-21 14:58:19 |
๐จ CVE-2023-2995The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-09-21 14:58:18 |
๐จ CVE-2023-4376The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-09-21 14:58:17 |
๐จ CVE-2023-4092SQL injection vulnerability in Arconte รurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.๐@cveNotify |
|
2023-09-21 14:58:15 |
๐จ CVE-2021-28485In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.๐@cveNotify |
|
2023-09-21 13:59:49 |
๐จ CVE-2023-4753OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local attackers can crash liteos-a kernel by the error inputย ๐@cveNotify |
|
2023-09-21 12:00:22 |
๐จ CVE-2023-5104Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.๐@cveNotify |
|
2023-09-21 12:00:20 |
๐จ CVE-2023-4760In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.๐@cveNotify |
|
2023-09-21 12:00:19 |
๐จ CVE-2023-4152Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.๐@cveNotify |
|
2023-09-21 12:00:18 |
๐จ CVE-2023-4291Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication.ย This could lead to a full compromise of the FDS101 device.๐@cveNotify |
|
2023-09-21 12:00:17 |
๐จ CVE-2023-4292Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.๐@cveNotify |
|
2023-09-21 12:00:16 |
๐จ CVE-2015-5467web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.๐@cveNotify |
|
2023-09-21 12:00:15 |
๐จ CVE-2015-8371Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.๐@cveNotify |
|
2023-09-21 12:00:14 |
๐จ CVE-2018-5478Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.๐@cveNotify |
|
2023-09-21 12:00:13 |
๐จ CVE-2023-39252Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.๐@cveNotify |
|
2023-09-21 12:00:12 |
๐จ CVE-2023-43669The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).๐@cveNotify |
|
2023-09-21 12:00:10 |
๐จ CVE-2023-42464A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.๐@cveNotify |
|
2023-09-21 12:00:09 |
๐จ CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.๐@cveNotify |
|
2023-09-21 12:00:07 |
๐จ CVE-2022-0194This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.๐@cveNotify |
|
2023-09-21 12:00:06 |
๐จ CVE-2022-23121This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.๐@cveNotify |
|
2023-09-21 12:00:05 |
๐จ CVE-2022-23122This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.๐@cveNotify |
|
2023-09-21 12:00:04 |
๐จ CVE-2022-23123This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.๐@cveNotify |
|
2023-09-21 12:00:03 |
๐จ CVE-2022-23124This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.๐@cveNotify |
|
2023-09-21 12:00:01 |
๐จ CVE-2022-45188Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).๐@cveNotify |
|
2023-09-21 12:00:00 |
๐จ CVE-2021-31439This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.๐@cveNotify |
|
2023-09-21 09:05:56 |
๐จ CVE-2023-4863Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)๐@cveNotify |
|
2023-09-21 09:05:55 |
๐จ CVE-2023-40188FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.๐@cveNotify |
|
2023-09-21 09:05:54 |
๐จ CVE-2023-39356FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-21 09:05:53 |
๐จ CVE-2023-40569FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-21 09:05:49 |
๐จ CVE-2023-4763Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-09-21 09:05:48 |
๐จ CVE-2023-39354FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-21 09:05:47 |
๐จ CVE-2023-4762Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-09-21 09:05:43 |
๐จ CVE-2023-4761Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-09-21 09:05:41 |
๐จ CVE-2023-40186FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.๐@cveNotify |
|
2023-09-21 09:05:40 |
๐จ CVE-2023-39353FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-21 09:05:37 |
๐จ CVE-2023-40589FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.๐@cveNotify |
|
2023-09-21 09:05:36 |
๐จ CVE-2023-4572Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-09-21 09:05:35 |
๐จ CVE-2023-4428Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-09-21 00:58:15 |
๐จ CVE-2023-36109Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.๐@cveNotify |
|
2023-09-21 00:58:14 |
๐จ CVE-2023-37279Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.๐@cveNotify |
|
2023-09-21 00:58:13 |
๐จ CVE-2023-43135There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.๐@cveNotify |
|
2023-09-20 22:58:38 |
๐จ CVE-2023-39046An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.๐@cveNotify |
|
2023-09-20 22:58:37 |
๐จ CVE-2023-35851SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database.๐@cveNotify |
|
2023-09-20 22:58:35 |
๐จ CVE-2023-35850SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service.๐@cveNotify |
|
2023-09-20 22:58:34 |
๐จ CVE-2023-0923A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.๐@cveNotify |
|
2023-09-20 22:58:33 |
๐จ CVE-2023-41443SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list.๐@cveNotify |
|
2023-09-20 22:58:32 |
๐จ CVE-2021-26837SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.๐@cveNotify |
|
2023-09-20 22:58:31 |
๐จ CVE-2023-0813A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.๐@cveNotify |
|
2023-09-20 22:58:29 |
๐จ CVE-2023-40167Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.๐@cveNotify |
|
2023-09-20 22:58:28 |
๐จ CVE-2022-3596An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.๐@cveNotify |
|
2023-09-20 22:58:27 |
๐จ CVE-2023-39052An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.๐@cveNotify |
|
2023-09-20 22:58:26 |
๐จ CVE-2023-40930Skyworth 3.0 OS is vulnerable to Directory Traversal.๐@cveNotify |
|
2023-09-20 22:58:24 |
๐จ CVE-2023-41484An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.๐@cveNotify |
|
2023-09-20 22:58:23 |
๐จ CVE-2023-42331A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.๐@cveNotify |
|
2023-09-20 22:58:22 |
๐จ CVE-2023-42334An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.๐@cveNotify |
|
2023-09-20 22:58:21 |
๐จ CVE-2023-42335Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.๐@cveNotify |
|
2023-09-20 22:58:17 |
๐จ CVE-2023-43134There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.๐@cveNotify |
|
2023-09-20 22:58:16 |
๐จ CVE-2023-43137TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.๐@cveNotify |
|
2023-09-20 22:58:15 |
๐จ CVE-2023-43138TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.๐@cveNotify |
|
2023-09-20 22:58:14 |
๐จ CVE-2023-37410IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.๐@cveNotify |
|
2023-09-20 22:58:13 |
๐จ CVE-2023-39045An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.๐@cveNotify |
|
2023-09-20 21:58:49 |
๐จ CVE-2023-40368IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.๐@cveNotify |
|
2023-09-20 21:58:48 |
๐จ CVE-2023-43371Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.๐@cveNotify |
|
2023-09-20 21:58:47 |
๐จ CVE-2023-43373Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.๐@cveNotify |
|
2023-09-20 21:58:46 |
๐จ CVE-2023-43374Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.๐@cveNotify |
|
2023-09-20 21:58:45 |
๐จ CVE-2023-43375Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.๐@cveNotify |
|
2023-09-20 21:58:41 |
๐จ CVE-2023-43376A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.๐@cveNotify |
|
2023-09-20 21:58:40 |
๐จ CVE-2023-43377A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.๐@cveNotify |
|
2023-09-20 21:58:39 |
๐จ CVE-2023-3891Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system๐@cveNotify |
|
2023-09-20 21:58:38 |
๐จ CVE-2023-26141Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.๐@cveNotify |
|
2023-09-20 21:58:33 |
๐จ CVE-2023-39044An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.๐@cveNotify |
|
2023-09-20 21:58:32 |
๐จ CVE-2023-40618A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.๐@cveNotify |
|
2023-09-20 21:58:31 |
๐จ CVE-2023-40619phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.๐@cveNotify |
|
2023-09-20 21:58:30 |
๐จ CVE-2023-20594Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.๐@cveNotify |
|
2023-09-20 21:58:26 |
๐จ CVE-2023-43494Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.๐@cveNotify |
|
2023-09-20 21:58:25 |
๐จ CVE-2023-43495Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.๐@cveNotify |
|
2023-09-20 21:58:24 |
๐จ CVE-2023-43497In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.๐@cveNotify |
|
2023-09-20 21:58:23 |
๐จ CVE-2023-43498In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.๐@cveNotify |
|
2023-09-20 19:58:35 |
๐จ CVE-2023-42656In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scriptingย (XSS) vulnerability has been identified in MOVEit Transfer's web interface.ย An attacker could craft a malicious payload targetingย MOVEit Transfer users during the package composition procedure.ย If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.๐@cveNotify |
|
2023-09-20 19:58:34 |
๐จ CVE-2023-42660In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interfaceย that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.๐@cveNotify |
|
2023-09-20 19:58:33 |
๐จ CVE-2023-43494Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.๐@cveNotify |
|
2023-09-20 19:58:32 |
๐จ CVE-2023-43495Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.๐@cveNotify |
|
2023-09-20 19:58:30 |
๐จ CVE-2023-43496Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.๐@cveNotify |
|
2023-09-20 19:58:29 |
๐จ CVE-2023-43497In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.๐@cveNotify |
|
2023-09-20 19:58:28 |
๐จ CVE-2023-43498In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.๐@cveNotify |
|
2023-09-20 19:58:27 |
๐จ CVE-2023-43499Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.๐@cveNotify |
|
2023-09-20 19:58:26 |
๐จ CVE-2023-43500A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.๐@cveNotify |
|
2023-09-20 19:58:25 |
๐จ CVE-2023-43501A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.๐@cveNotify |
|
2023-09-20 19:58:24 |
๐จ CVE-2023-43502A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.๐@cveNotify |
|
2023-09-20 19:58:23 |
๐จ CVE-2023-25588A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.๐@cveNotify |
|
2023-09-20 19:58:22 |
๐จ CVE-2023-4959A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victimโs browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).๐@cveNotify |
|
2023-09-20 19:58:20 |
๐จ CVE-2023-25586A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.๐@cveNotify |
|
2023-09-20 19:58:19 |
๐จ CVE-2023-28614Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.๐@cveNotify |
|
2023-09-20 19:58:17 |
๐จ CVE-2023-4662Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.๐@cveNotify |
|
2023-09-20 19:58:16 |
๐จ CVE-2023-32461Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. ย ๐@cveNotify |
|
2023-09-20 19:58:15 |
๐จ CVE-2023-42398An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.๐@cveNotify |
|
2023-09-20 19:58:14 |
๐จ CVE-2023-4665Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.๐@cveNotify |
|
2023-09-20 19:58:13 |
๐จ CVE-2023-4664Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.๐@cveNotify |
|
2023-09-20 14:58:27 |
๐จ CVE-2023-4236A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.๐@cveNotify |
|
2023-09-20 14:58:25 |
๐จ CVE-2023-41436Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.๐@cveNotify |
|
2023-09-20 14:58:22 |
๐จ CVE-2023-4982Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.๐@cveNotify |
|
2023-09-20 14:58:21 |
๐จ CVE-2023-4981Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.๐@cveNotify |
|
2023-09-20 14:58:20 |
๐จ CVE-2023-4979Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.๐@cveNotify |
|
2023-09-20 14:58:19 |
๐จ CVE-2023-4980Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.๐@cveNotify |
|
2023-09-20 14:58:15 |
๐จ CVE-2023-4977 Code Injection in GitHub repository librenms/librenms prior to 23.9.0.๐@cveNotify |
|
2023-09-20 14:58:14 |
๐จ CVE-2023-40985An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.๐@cveNotify |
|
2023-09-20 14:58:13 |
๐จ CVE-2023-40984A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.๐@cveNotify |
|
2023-09-20 12:58:29 |
๐จ CVE-2023-25531NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.๐@cveNotify |
|
2023-09-20 12:58:28 |
๐จ CVE-2023-38887File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.๐@cveNotify |
|
2023-09-20 12:58:27 |
๐จ CVE-2023-38886An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.๐@cveNotify |
|
2023-09-20 12:58:23 |
๐จ CVE-2023-31011NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.๐@cveNotify |
|
2023-09-20 12:58:22 |
๐จ CVE-2023-31012NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.๐@cveNotify |
|
2023-09-20 12:58:21 |
๐จ CVE-2023-31013NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.๐@cveNotify |
|
2023-09-20 12:58:18 |
๐จ CVE-2023-31014NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.๐@cveNotify |
|
2023-09-20 12:58:17 |
๐จ CVE-2020-24089An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).๐@cveNotify |
|
2023-09-20 12:58:16 |
๐จ CVE-2023-36319File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.๐@cveNotify |
|
2023-09-20 12:58:13 |
๐จ CVE-2023-40931A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php๐@cveNotify |
|
2023-09-20 12:58:12 |
๐จ CVE-2023-40933A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.๐@cveNotify |
|
2023-09-20 12:58:11 |
๐จ CVE-2022-45447M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The โfโ parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.๐@cveNotify |
|
2023-09-20 11:58:27 |
๐จ CVE-2023-22644An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged.This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.๐@cveNotify |
|
2023-09-20 11:58:26 |
๐จ CVE-2023-41374Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.๐@cveNotify |
|
2023-09-20 11:58:25 |
๐จ CVE-2023-41375Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.๐@cveNotify |
|
2023-09-20 11:58:24 |
๐จ CVE-2022-47560** UNSUPPPORTED WHEN ASSIGNED ** The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.๐@cveNotify |
|
2023-09-20 11:58:22 |
๐จ CVE-2022-47561** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.๐@cveNotify |
|
2023-09-20 11:58:21 |
๐จ CVE-2022-47562** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.๐@cveNotify |
|
2023-09-20 11:58:20 |
๐จ CVE-2023-43618An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.๐@cveNotify |
|
2023-09-20 11:58:19 |
๐จ CVE-2023-43620An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.๐@cveNotify |
|
2023-09-20 11:58:18 |
๐จ CVE-2023-43621An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.๐@cveNotify |
|
2023-09-20 11:58:17 |
๐จ CVE-2023-2163Incorrect verifier pruningย in BPF in Linux Kernelย >=5.4ย leads to unsafecode paths being incorrectly marked as safe, resulting inย arbitrary read/write inkernel memory, lateral privilege escalation, and container escape.๐@cveNotify |
|
2023-09-20 11:58:16 |
๐จ CVE-2023-43616An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.๐@cveNotify |
|
2023-09-20 11:58:15 |
๐จ CVE-2023-43617An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.๐@cveNotify |
|
2023-09-20 11:58:14 |
๐จ CVE-2023-43619An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.๐@cveNotify |
|
2023-09-20 11:58:13 |
๐จ CVE-2023-26144Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.**Note:** It was not proven that this vulnerability can crash the process.๐@cveNotify |
|
2023-09-20 05:58:35 |
๐จ CVE-2023-31015NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.๐@cveNotify |
|
2023-09-20 05:58:34 |
๐จ CVE-2022-46146Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.๐@cveNotify |
|
2023-09-20 05:58:33 |
๐จ CVE-2023-25526NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.๐@cveNotify |
|
2023-09-20 05:58:32 |
๐จ CVE-2023-25529NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another userโs session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.๐@cveNotify |
|
2023-09-20 05:58:28 |
๐จ CVE-2023-25529NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another userโs session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.๐@cveNotify |
|
2023-09-20 05:58:27 |
๐จ CVE-2023-25525NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.๐@cveNotify |
|
2023-09-20 05:58:26 |
๐จ CVE-2023-25527NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.๐@cveNotify |
|
2023-09-20 05:58:25 |
๐จ CVE-2023-25532NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.๐@cveNotify |
|
2023-09-20 05:58:24 |
๐จ CVE-2023-25528NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.๐@cveNotify |
|
2023-09-20 05:58:21 |
๐จ CVE-2023-25534NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.๐@cveNotify |
|
2023-09-20 05:58:20 |
๐จ CVE-2023-25530NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.๐@cveNotify |
|
2023-09-20 05:58:19 |
๐จ CVE-2023-25531NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.๐@cveNotify |
|
2023-09-20 05:58:18 |
๐จ CVE-2023-25533NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.๐@cveNotify |
|
2023-09-20 05:58:14 |
๐จ CVE-2023-38887File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.๐@cveNotify |
|
2023-09-20 05:58:13 |
๐จ CVE-2023-38886An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.๐@cveNotify |
|
2023-09-20 05:58:12 |
๐จ CVE-2023-39575A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.๐@cveNotify |
|
2023-09-20 01:58:36 |
๐จ CVE-2023-40933A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.๐@cveNotify |
|
2023-09-20 01:58:35 |
๐จ CVE-2023-40934A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.๐@cveNotify |
|
2023-09-20 01:58:34 |
๐จ CVE-2023-41909An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.๐@cveNotify |
|
2023-09-20 01:58:33 |
๐จ CVE-2023-38802FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).๐@cveNotify |
|
2023-09-20 01:58:31 |
๐จ CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.๐@cveNotify |
|
2023-09-20 01:58:30 |
๐จ CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.๐@cveNotify |
|
2023-09-20 01:58:28 |
๐จ CVE-2023-31490An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.๐@cveNotify |
|
2023-09-20 01:58:27 |
๐จ CVE-2022-40302An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.๐@cveNotify |
|
2023-09-20 01:58:26 |
๐จ CVE-2022-40318An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.๐@cveNotify |
|
2023-09-20 01:58:25 |
๐จ CVE-2022-43681An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.๐@cveNotify |
|
2023-09-20 01:58:24 |
๐จ CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.๐@cveNotify |
|
2023-09-20 01:58:23 |
๐จ CVE-2019-20392An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.๐@cveNotify |
|
2023-09-20 01:58:22 |
๐จ CVE-2019-20398A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.๐@cveNotify |
|
2023-09-20 01:58:21 |
๐จ CVE-2019-20395A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.๐@cveNotify |
|
2023-09-20 01:58:17 |
๐จ CVE-2019-20397A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.๐@cveNotify |
|
2023-09-20 01:58:16 |
๐จ CVE-2019-20394A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.๐@cveNotify |
|
2023-09-20 01:58:15 |
๐จ CVE-2019-20396A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.๐@cveNotify |
|
2023-09-20 01:58:14 |
๐จ CVE-2019-20391An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.๐@cveNotify |
|
2023-09-19 23:58:32 |
๐จ CVE-2023-41349ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.๐@cveNotify |
|
2023-09-19 23:58:31 |
๐จ CVE-2020-36766An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.๐@cveNotify |
|
2023-09-19 23:58:30 |
๐จ CVE-2023-5031A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/article/article-add.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239875.๐@cveNotify |
|
2023-09-19 23:58:29 |
๐จ CVE-2023-2995The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-09-19 23:58:28 |
๐จ CVE-2023-4376The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-09-19 23:58:26 |
๐จ CVE-2023-41834Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests.ย Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.๐@cveNotify |
|
2023-09-19 23:58:25 |
๐จ CVE-2023-20243A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory.๐@cveNotify |
|
2023-09-19 23:58:24 |
๐จ CVE-2023-4501User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.๐@cveNotify |
|
2023-09-19 23:58:23 |
๐จ CVE-2023-40868Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.๐@cveNotify |
|
2023-09-19 23:58:22 |
๐จ CVE-2023-3710Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004.ย Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).๐@cveNotify |
|
2023-09-19 23:58:21 |
๐จ CVE-2023-26142All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.๐@cveNotify |
|
2023-09-19 23:58:20 |
๐จ CVE-2023-3711Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004.ย Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).๐@cveNotify |
|
2023-09-19 23:58:18 |
๐จ CVE-2023-4893The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.๐@cveNotify |
|
2023-09-19 23:58:17 |
๐จ CVE-2023-32665A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.๐@cveNotify |
|
2023-09-19 23:58:16 |
๐จ CVE-2023-4972Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .๐@cveNotify |
|
2023-09-19 23:58:15 |
๐จ CVE-2023-3712Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.ย Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).๐@cveNotify |
|
2023-09-19 23:58:14 |
๐จ CVE-2023-38912SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.๐@cveNotify |
|
2023-09-19 23:58:13 |
๐จ CVE-2023-42362An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.๐@cveNotify |
|
2023-09-19 06:58:35 |
๐จ CVE-2022-28357NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.๐@cveNotify |
|
2023-09-19 06:58:31 |
๐จ CVE-2023-41599An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.๐@cveNotify |
|
2023-09-19 06:58:30 |
๐จ CVE-2023-33831A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.๐@cveNotify |
|
2023-09-19 06:58:29 |
๐จ CVE-2023-38255** UNSUPPPORTED WHEN ASSIGNED ** A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.๐@cveNotify |
|
2023-09-19 06:58:28 |
๐จ CVE-2023-41084** UNSUPPPORTED WHEN ASSIGNED ** Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.๐@cveNotify |
|
2023-09-19 06:58:24 |
๐จ CVE-2023-38582** UNSUPPPORTED WHEN ASSIGNED ** Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.๐@cveNotify |
|
2023-09-19 06:58:23 |
๐จ CVE-2023-39039An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.๐@cveNotify |
|
2023-09-19 06:58:22 |
๐จ CVE-2023-39043An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.๐@cveNotify |
|
2023-09-19 06:58:18 |
๐จ CVE-2023-39058An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.๐@cveNotify |
|
2023-09-19 06:58:17 |
๐จ CVE-2023-39452** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.๐@cveNotify |
|
2023-09-19 06:58:16 |
๐จ CVE-2023-37611Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component.๐@cveNotify |
|
2023-09-19 06:58:15 |
๐จ CVE-2023-42446Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated.๐@cveNotify |
|
2023-09-12 16:58:13 |
๐จ CVE-2023-2071Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies userโs input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets. ย The device has the functionality, through a CIP class, to execute exported functions from libraries. ย There is a routine that restricts it to execute specific functions from two dynamic link library files. ย By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.๐@cveNotify |
|
2023-09-12 16:58:12 |
๐จ CVE-2023-40834OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.๐@cveNotify |
|
2023-09-12 14:58:32 |
๐จ CVE-2023-42472Due to insufficient file type validation, SAP BusinessObjectsย Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data causing a high impact on confidentiality and integrity of the application.๐@cveNotify |
|
2023-09-12 14:58:31 |
๐จ CVE-2023-4840The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐@cveNotify |
|
2023-09-12 14:58:30 |
๐จ CVE-2023-4840The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐@cveNotify |
|
2023-09-12 14:58:29 |
๐จ CVE-2023-4887The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐@cveNotify |
|
2023-09-12 14:58:25 |
๐จ CVE-2023-4887The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐@cveNotify |
|
2023-09-12 14:58:24 |
๐จ CVE-2023-4890The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐@cveNotify |
|
2023-09-12 14:58:23 |
๐จ CVE-2023-4893The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.๐@cveNotify |
|
2023-09-12 14:58:22 |
๐จ CVE-2023-40309SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired,ย an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.๐@cveNotify |
|
2023-09-12 14:58:19 |
๐จ CVE-2023-40622SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.๐@cveNotify |
|
2023-09-12 14:58:18 |
๐จ CVE-2023-40623SAP BusinessObjects Suiteย Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.๐@cveNotify |
|
2023-09-12 14:58:17 |
๐จ CVE-2023-40624SAP NetWeaver AS ABAP (applications based on Unified Rendering)ย - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application.๐@cveNotify |
|
2023-09-12 14:58:13 |
๐จ CVE-2023-40625S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.๐@cveNotify |
|
2023-09-12 14:58:12 |
๐จ CVE-2022-4896Cyber Control, in its 1.650 version, is affected by a vulnerabilityย in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.๐@cveNotify |
|
2023-09-12 14:58:11 |
๐จ CVE-2023-26142All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.๐@cveNotify |
|
2023-09-12 05:58:35 |
๐จ CVE-2023-4898Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.๐@cveNotify |
|
2023-09-12 05:58:34 |
๐จ CVE-2023-4899 SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.๐@cveNotify |
|
2023-09-12 05:58:33 |
๐จ CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, iOS 15.7.9 and iPadOS 15.7.9. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.๐@cveNotify |
|
2023-09-12 05:58:32 |
๐จ CVE-2023-38802FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).๐@cveNotify |
|
2023-09-12 05:58:31 |
๐จ CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.๐@cveNotify |
|
2023-09-12 05:58:27 |
๐จ CVE-2023-31490An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.๐@cveNotify |
|
2023-09-12 05:58:26 |
๐จ CVE-2022-40318An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.๐@cveNotify |
|
2023-09-12 05:58:25 |
๐จ CVE-2022-43681An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.๐@cveNotify |
|
2023-09-12 05:58:24 |
๐จ CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.๐@cveNotify |
|
2023-09-12 05:58:20 |
๐จ CVE-2023-37759Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.๐@cveNotify |
|
2023-09-12 05:58:19 |
๐จ CVE-2023-40353An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.๐@cveNotify |
|
2023-09-12 05:58:18 |
๐จ CVE-2023-30908Potential security vulnerability have been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be remotely exploited to allow authentication bypass, disclosure of sensitive information, and denial of service.๐@cveNotify |
|
2023-09-12 05:58:14 |
๐จ CVE-2023-39711Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section.๐@cveNotify |
|
2023-09-12 05:58:13 |
๐จ CVE-2023-39422Theย /irmdata/api/ endpoints exposed by theย IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless.๐@cveNotify |
|
2023-09-12 05:58:12 |
๐จ CVE-2023-39421The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services.๐@cveNotify |
|
2023-09-12 00:58:18 |
๐จ CVE-2023-39069An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.๐@cveNotify |
|
2023-09-12 00:58:14 |
๐จ CVE-2023-41879Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.๐@cveNotify |
|
2023-09-12 00:58:13 |
๐จ CVE-2023-41640An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.๐@cveNotify |
|
2023-09-12 00:58:12 |
๐จ CVE-2021-39473Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.๐@cveNotify |
|
2023-09-11 22:58:52 |
๐จ CVE-2023-35676In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-09-11 22:58:51 |
๐จ CVE-2023-35677In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-09-11 22:58:50 |
๐จ CVE-2023-35680In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-09-11 22:58:46 |
๐จ CVE-2023-35681In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-09-11 22:58:45 |
๐จ CVE-2023-35683In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-09-11 22:58:44 |
๐จ CVE-2023-35687In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-09-11 22:58:40 |
๐จ CVE-2023-4897Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.๐@cveNotify |
|
2023-09-11 22:58:39 |
๐จ CVE-2023-41933Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.๐@cveNotify |
|
2023-09-11 22:58:38 |
๐จ CVE-2023-4270The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.๐@cveNotify |
|
2023-09-11 22:58:34 |
๐จ CVE-2023-2705The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin๐@cveNotify |
|
2023-09-11 22:58:33 |
๐จ CVE-2023-38256Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.๐@cveNotify |
|
2023-09-11 22:58:32 |
๐จ CVE-2023-3169The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.๐@cveNotify |
|
2023-09-11 19:58:48 |
๐จ CVE-2023-4745A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. It has been rated as critical. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238634 is the identifier assigned to this vulnerability.๐@cveNotify |
|
2023-09-11 19:58:47 |
๐จ CVE-2023-41935Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.๐@cveNotify |
|
2023-09-11 19:58:46 |
๐จ CVE-2023-41937Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.๐@cveNotify |
|
2023-09-11 19:58:45 |
๐จ CVE-2023-41938A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.๐@cveNotify |
|
2023-09-11 19:58:41 |
๐จ CVE-2023-41940Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.๐@cveNotify |
|
2023-09-11 19:58:40 |
๐จ CVE-2023-35719ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.๐@cveNotify |
|
2023-09-11 19:58:39 |
๐จ CVE-2023-4779The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐@cveNotify |
|
2023-09-11 19:58:35 |
๐จ CVE-2023-40743** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.๐@cveNotify |
|
2023-09-11 19:58:34 |
๐จ CVE-2023-28544Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.๐@cveNotify |
|
2023-09-11 19:58:33 |
๐จ CVE-2023-28548Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.๐@cveNotify |
|
2023-09-11 19:58:29 |
๐จ CVE-2023-28557Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.๐@cveNotify |
|
2023-09-11 19:58:28 |
๐จ CVE-2023-30058novel-plus 3.6.2 is vulnerable to SQL Injection.๐@cveNotify |
|
2023-09-11 17:58:39 |
๐จ CVE-2021-44193Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:38 |
๐จ CVE-2021-44194Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:37 |
๐จ CVE-2021-40791Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:36 |
๐จ CVE-2021-40795Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:33 |
๐จ CVE-2021-40790Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:32 |
๐จ CVE-2021-42265Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:31 |
๐จ CVE-2021-43027Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:30 |
๐จ CVE-2021-44189Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:26 |
๐จ CVE-2021-44190Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:25 |
๐จ CVE-2021-44192Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:24 |
๐จ CVE-2023-39264By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users.ย This vulnerability exists in Apache Superset versions up to and including 2.1.0.๐@cveNotify |
|
2023-09-11 17:58:20 |
๐จ CVE-2019-7819Adobe Acrobat Reader versions 2019.010.20098 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:19 |
๐จ CVE-2019-16470Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 17:58:18 |
๐จ CVE-2022-28832Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-11 14:58:32 |
๐จ CVE-2023-27523Improper data authorization check on Jinja templated queries in Apache Supersetย up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.๐@cveNotify |
|
2023-09-11 14:58:31 |
๐จ CVE-2023-4588File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.๐@cveNotify |
|
2023-09-11 14:58:30 |
๐จ CVE-2023-40357Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.๐@cveNotify |
|
2023-09-11 14:58:29 |
๐จ CVE-2023-40531Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.๐@cveNotify |
|
2023-09-11 14:58:26 |
๐จ CVE-2023-39935Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.๐@cveNotify |
|
2023-09-11 14:58:25 |
๐จ CVE-2023-39224Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.๐@cveNotify |
|
2023-09-11 14:58:24 |
๐จ CVE-2023-38568Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.๐@cveNotify |
|
2023-09-11 14:58:20 |
๐จ CVE-2023-37284Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.๐@cveNotify |
|
2023-09-11 14:58:19 |
๐จ CVE-2023-39266A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.๐@cveNotify |
|
2023-09-11 14:58:18 |
๐จ CVE-2023-32619Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.๐@cveNotify |
|
2023-09-11 14:58:14 |
๐จ CVE-2023-4634The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.๐@cveNotify |
|
2023-09-11 14:58:13 |
๐จ CVE-2023-28538Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.๐@cveNotify |
|
2023-09-11 14:58:12 |
๐จ CVE-2023-38574Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.๐@cveNotify |
|
2023-09-11 12:58:17 |
๐จ CVE-2023-3612Govee Home app has unprotected access to WebView component which can be opened by any app onย the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView orย steal sensitive user data by displaying phishing content. ๐@cveNotify |
|
2023-09-11 10:58:14 |
๐จ CVE-2023-4816A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.๐@cveNotify |
|
2023-09-11 10:58:13 |
๐จ CVE-2023-40040An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.๐@cveNotify |
|
2023-09-11 05:58:33 |
๐จ CVE-2023-20900A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html ย in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .๐@cveNotify |
|
2023-09-11 05:58:32 |
๐จ CVE-2023-20867A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.๐@cveNotify |
|
2023-09-10 20:58:27 |
๐จ CVE-2023-4851A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.๐@cveNotify |
|
2023-09-10 20:58:26 |
๐จ CVE-2023-4852A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.๐@cveNotify |
|
2023-09-10 20:58:23 |
๐จ CVE-2023-4848A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.๐@cveNotify |
|
2023-09-10 20:58:22 |
๐จ CVE-2023-4846A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255.๐@cveNotify |
|
2023-09-10 20:58:21 |
๐จ CVE-2023-4847A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.๐@cveNotify |
|
2023-09-10 20:58:18 |
๐จ CVE-2023-4838The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐@cveNotify |
|
2023-09-10 20:58:17 |
๐จ CVE-2022-22409IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.๐@cveNotify |
|
2023-09-10 20:58:16 |
๐จ CVE-2023-42276hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.๐@cveNotify |
|
2023-09-10 15:59:47 |
๐จ CVE-2023-4208A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.๐@cveNotify |
|
2023-09-10 15:59:46 |
๐จ CVE-2023-4622A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.๐@cveNotify |
|
2023-09-10 15:59:45 |
๐จ CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.๐@cveNotify |
|
2023-09-10 15:59:44 |
๐จ CVE-2023-40283An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.๐@cveNotify |
|
2023-09-10 15:59:43 |
๐จ CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.๐@cveNotify |
|
2023-09-10 15:59:39 |
๐จ CVE-2023-4273A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.๐@cveNotify |
|
2023-09-10 15:59:38 |
๐จ CVE-2023-4147A use-after-free flaw was found in the Linux kernelโs Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.๐@cveNotify |
|
2023-09-10 15:59:37 |
๐จ CVE-2023-4194A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.๐@cveNotify |
|
2023-09-10 15:59:36 |
๐จ CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.๐@cveNotify |
|
2023-09-10 15:59:35 |
๐จ CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.๐@cveNotify |
|
2023-09-10 15:59:31 |
๐จ CVE-2023-3863A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.๐@cveNotify |
|
2023-09-10 15:59:30 |
๐จ CVE-2023-3776A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.๐@cveNotify |
|
2023-09-10 15:59:29 |
๐จ CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.ย ๐@cveNotify |
|
2023-09-10 15:59:28 |
๐จ CVE-2023-3772A flaw was found in the Linux kernelโs IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.๐@cveNotify |
|
2023-09-10 15:59:27 |
๐จ CVE-2023-3773A flaw was found in the Linux kernelโs IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.๐@cveNotify |
|
2023-09-10 15:59:23 |
๐จ CVE-2023-2430A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.๐@cveNotify |
|
2023-09-10 15:59:22 |
๐จ CVE-2023-3611An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.๐@cveNotify |
|
2023-09-10 15:59:21 |
๐จ CVE-2023-1206A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernelโs IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.๐@cveNotify |
|
2023-09-10 15:59:20 |
๐จ CVE-2023-2898There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.๐@cveNotify |
|
2023-09-10 15:59:19 |
๐จ CVE-2023-1989A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.๐@cveNotify |
|
2023-09-10 00:58:24 |
๐จ CVE-2023-4865A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.๐@cveNotify |
|
2023-09-10 00:58:20 |
๐จ CVE-2023-41915OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.๐@cveNotify |
|
2023-09-10 00:58:19 |
๐จ CVE-2023-40392A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.๐@cveNotify |
|
2023-09-10 00:58:18 |
๐จ CVE-2023-29491ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.๐@cveNotify |
|
2023-09-09 22:58:18 |
๐จ CVE-2022-38392Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported product is Seagate STDT4000100 763649053447.๐@cveNotify |
|
2023-09-09 14:58:16 |
๐จ CVE-2023-4850A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.๐@cveNotify |
|
2023-09-09 14:58:15 |
๐จ CVE-2023-4851A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.๐@cveNotify |
|
2023-09-09 12:58:15 |
๐จ CVE-2023-4848A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.๐@cveNotify |
|
2023-09-09 10:58:25 |
๐จ CVE-2023-4847A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.๐@cveNotify |
|
2023-09-09 10:58:24 |
๐จ CVE-2023-4845A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.๐@cveNotify |
|
2023-09-09 06:58:38 |
๐จ CVE-2023-4487GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.๐@cveNotify |
|
2023-09-09 06:58:36 |
๐จ CVE-2023-30712Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.๐@cveNotify |
|
2023-09-09 06:58:35 |
๐จ CVE-2023-30711Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.๐@cveNotify |
|
2023-09-09 06:58:34 |
๐จ CVE-2023-30715Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.๐@cveNotify |
|
2023-09-09 06:58:33 |
๐จ CVE-2023-34352A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.๐@cveNotify |
|
2023-09-09 06:58:31 |
๐จ CVE-2023-32438This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.๐@cveNotify |
|
2023-09-09 06:58:30 |
๐จ CVE-2023-32432A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.๐@cveNotify |
|
2023-09-09 06:58:29 |
๐จ CVE-2023-32426A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.๐@cveNotify |
|
2023-09-09 06:58:28 |
๐จ CVE-2023-32428This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.๐@cveNotify |
|
2023-09-09 06:58:27 |
๐จ CVE-2023-28209A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-09-09 06:58:26 |
๐จ CVE-2023-32425The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges.๐@cveNotify |
|
2023-09-09 06:58:24 |
๐จ CVE-2023-28208A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.๐@cveNotify |
|
2023-09-09 06:58:23 |
๐จ CVE-2023-39365Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-09 06:58:22 |
๐จ CVE-2022-30639Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-09 06:58:21 |
๐จ CVE-2022-30637Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-09 06:58:20 |
๐จ CVE-2022-30638Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-09 06:58:19 |
๐จ CVE-2022-30640Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-09 06:58:18 |
๐จ CVE-2022-30642Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-09 06:58:17 |
๐จ CVE-2022-30643Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-09 06:58:16 |
๐จ CVE-2022-30644Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-09 00:58:57 |
๐จ CVE-2023-34723An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.๐@cveNotify |
|
2023-09-09 00:58:55 |
๐จ CVE-2023-38831RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.๐@cveNotify |
|
2023-09-09 00:58:52 |
๐จ CVE-2022-4953The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.๐@cveNotify |
|
2023-09-09 00:58:49 |
๐จ CVE-2023-35386Windows Kernel Elevation of Privilege Vulnerability๐@cveNotify |
|
2023-09-09 00:58:48 |
๐จ CVE-2023-38154Windows Kernel Elevation of Privilege Vulnerability๐@cveNotify |
|
2023-09-09 00:58:46 |
๐จ CVE-2023-34127Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.๐@cveNotify |
|
2023-09-09 00:58:43 |
๐จ CVE-2023-34132Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.๐@cveNotify |
|
2023-09-09 00:58:41 |
๐จ CVE-2023-34124The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.๐@cveNotify |
|
2023-09-09 00:58:38 |
๐จ CVE-2023-34133Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.๐@cveNotify |
|
2023-09-09 00:58:36 |
๐จ CVE-2023-36812OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.๐@cveNotify |
|
2023-09-09 00:58:35 |
๐จ CVE-2023-25826Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.๐@cveNotify |
|
2023-09-09 00:58:33 |
๐จ CVE-2022-31470An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.๐@cveNotify |
|
2023-09-09 00:58:32 |
๐จ CVE-2019-7609Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.๐@cveNotify |
|
2023-09-09 00:58:30 |
๐จ CVE-2023-33016Transient DOS in WLAN firmware while parsing MLO (multi-link operation).๐@cveNotify |
|
2023-09-09 00:58:28 |
๐จ CVE-2023-33019Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.๐@cveNotify |
|
2023-09-09 00:58:25 |
๐จ CVE-2022-22402IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.๐@cveNotify |
|
2023-09-09 00:58:24 |
๐จ CVE-2022-22409IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.๐@cveNotify |
|
2023-09-09 00:58:22 |
๐จ CVE-2023-40306SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.๐@cveNotify |
|
2023-09-09 00:58:19 |
๐จ CVE-2023-42276hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.๐@cveNotify |
|
2023-09-09 00:58:17 |
๐จ CVE-2023-42277hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.๐@cveNotify |
|
2023-09-08 22:58:28 |
๐จ CVE-2022-22405IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.๐@cveNotify |
|
2023-09-08 22:58:27 |
๐จ CVE-2023-24965IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.๐@cveNotify |
|
2023-09-08 22:58:26 |
๐จ CVE-2023-30995IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.๐@cveNotify |
|
2023-09-08 22:58:25 |
๐จ CVE-2023-4809In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.๐@cveNotify |
|
2023-09-08 22:58:24 |
๐จ CVE-2022-33164IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.๐@cveNotify |
|
2023-09-08 22:58:23 |
๐จ CVE-2023-32332IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.๐@cveNotify |
|
2023-09-08 22:58:22 |
๐จ CVE-2023-41318matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.๐@cveNotify |
|
2023-09-08 22:58:21 |
๐จ CVE-2023-4369Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-09-08 21:58:24 |
๐จ CVE-2023-31132Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-08 21:58:21 |
๐จ CVE-2023-21663Memory Corruption while accessing metadata in Display.๐@cveNotify |
|
2023-09-08 18:58:25 |
๐จ CVE-2023-34317An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.๐@cveNotify |
|
2023-09-08 18:58:24 |
๐จ CVE-2023-34353An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.๐@cveNotify |
|
2023-09-08 18:58:23 |
๐จ CVE-2023-34994An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.๐@cveNotify |
|
2023-09-08 18:58:19 |
๐จ CVE-2023-35124An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.๐@cveNotify |
|
2023-09-08 18:58:18 |
๐จ CVE-2023-2453There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a โrequire_onceโ statement. This allows arbitrary files with the โ.phpโ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a โ.phpโ file payload.๐@cveNotify |
|
2023-09-08 18:58:17 |
๐จ CVE-2023-31242An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.๐@cveNotify |
|
2023-09-08 16:58:59 |
๐จ CVE-2023-30722Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.๐@cveNotify |
|
2023-09-08 16:58:58 |
๐จ CVE-2015-1391Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.๐@cveNotify |
|
2023-09-08 16:58:56 |
๐จ CVE-2023-41908Cerebrate before 1.15 lacks the Secure attribute for the session cookie.๐@cveNotify |
|
2023-09-08 16:58:55 |
๐จ CVE-2023-3375Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.๐@cveNotify |
|
2023-09-08 14:58:42 |
๐จ CVE-2023-38836File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.๐@cveNotify |
|
2023-09-08 14:58:38 |
๐จ CVE-2022-41763An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.๐@cveNotify |
|
2023-09-08 14:58:37 |
๐จ CVE-2023-32470Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).๐@cveNotify |
|
2023-09-08 14:58:36 |
๐จ CVE-2023-34041Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.๐@cveNotify |
|
2023-09-08 14:58:35 |
๐จ CVE-2023-41775Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent.๐@cveNotify |
|
2023-09-08 11:58:12 |
๐จ CVE-2023-32470Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).๐@cveNotify |
|
2023-09-08 05:58:35 |
๐จ CVE-2023-40953icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).๐@cveNotify |
|
2023-09-08 05:58:34 |
๐จ CVE-2023-41594Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.๐@cveNotify |
|
2023-09-08 05:58:33 |
๐จ CVE-2014-5329GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.๐@cveNotify |
|
2023-09-08 05:58:29 |
๐จ CVE-2023-35785Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below and Support Center Plus 14300 and below are vulnerable to the authentication bypass vulnerability via a few authenticators.๐@cveNotify |
|
2023-09-08 05:58:28 |
๐จ CVE-2023-40271In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.๐@cveNotify |
|
2023-09-08 05:58:27 |
๐จ CVE-2021-45811A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.๐@cveNotify |
|
2023-09-08 05:58:26 |
๐จ CVE-2023-36184CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.๐@cveNotify |
|
2023-09-08 05:58:22 |
๐จ CVE-2022-48571memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.๐@cveNotify |
|
2023-09-08 05:58:21 |
๐จ CVE-2022-21299Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).๐@cveNotify |
|
2023-09-08 05:58:20 |
๐จ CVE-2022-21340Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).๐@cveNotify |
|
2023-09-08 05:58:16 |
๐จ CVE-2022-21283Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).๐@cveNotify |
|
2023-09-08 05:58:15 |
๐จ CVE-2022-21360Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).๐@cveNotify |
|
2023-09-08 05:58:14 |
๐จ CVE-2022-21277Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).๐@cveNotify |
|
2023-09-08 01:58:30 |
๐จ CVE-2023-40029Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.๐@cveNotify |
|
2023-09-08 01:58:29 |
๐จ CVE-2023-40584Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system's functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.๐@cveNotify |
|
2023-09-08 01:58:27 |
๐จ CVE-2023-38440In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-09-08 01:58:26 |
๐จ CVE-2023-38441In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-09-08 01:58:25 |
๐จ CVE-2023-38439In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-09-08 01:58:24 |
๐จ CVE-2023-38438In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-09-08 01:58:23 |
๐จ CVE-2023-38437In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-09-08 01:58:22 |
๐จ CVE-2023-30908Potential security vulnerabilities have been identified in Hewlett Packard Enterprise OneView Software. These vulnerabilities could be remotely exploited to allow authentication bypass, disclosure of sensitive information, and denial of service.๐@cveNotify |
|
2023-09-08 01:58:21 |
๐จ CVE-2023-41161Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.๐@cveNotify |
|
2023-09-08 01:58:19 |
๐จ CVE-2023-41646Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/๐@cveNotify |
|
2023-09-08 01:58:18 |
๐จ CVE-2023-36665"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.๐@cveNotify |
|
2023-09-08 01:58:17 |
๐จ CVE-2023-33918In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-09-08 01:58:15 |
๐จ CVE-2023-33916In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-09-08 01:58:14 |
๐จ CVE-2023-38436In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-09-08 01:58:13 |
๐จ CVE-2023-33917In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-09-07 22:58:30 |
๐จ CVE-2023-39980A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.๐@cveNotify |
|
2023-09-07 22:58:29 |
๐จ CVE-2023-20193A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec.๐@cveNotify |
|
2023-09-07 22:58:25 |
๐จ CVE-2023-41316Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-07 22:58:24 |
๐จ CVE-2023-41061A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.๐@cveNotify |
|
2023-09-07 22:58:23 |
๐จ CVE-2023-4528Unsafe deserialization in JSCAPE MFT Server versions prior toย 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface๐@cveNotify |
|
2023-09-07 22:58:19 |
๐จ CVE-2023-37798A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.๐@cveNotify |
|
2023-09-07 22:58:18 |
๐จ CVE-2023-39979There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.ย ย ๐@cveNotify |
|
2023-09-07 22:58:17 |
๐จ CVE-2023-4647An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.๐@cveNotify |
|
2023-09-07 20:58:35 |
๐จ CVE-2023-4712A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-09-07 20:58:33 |
๐จ CVE-2023-4711A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-09-07 20:58:32 |
๐จ CVE-2023-41046XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for "VelocityCode", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds.๐@cveNotify |
|
2023-09-07 20:58:31 |
๐จ CVE-2023-41051In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the functionโs `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.๐@cveNotify |
|
2023-09-07 20:58:30 |
๐จ CVE-2023-4710A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-09-07 20:58:29 |
๐จ CVE-2023-41061A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.๐@cveNotify |
|
2023-09-07 20:58:28 |
๐จ CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.๐@cveNotify |
|
2023-09-07 20:58:27 |
๐จ CVE-2023-37798A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.๐@cveNotify |
|
2023-09-07 20:58:25 |
๐จ CVE-2023-20821In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.๐@cveNotify |
|
2023-09-07 20:58:21 |
๐จ CVE-2023-20825In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413.๐@cveNotify |
|
2023-09-07 20:58:20 |
๐จ CVE-2023-20836In camsys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505629; Issue ID: ALPS07505629.๐@cveNotify |
|
2023-09-07 20:58:19 |
๐จ CVE-2023-20820In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.๐@cveNotify |
|
2023-09-07 20:58:18 |
๐จ CVE-2023-20828In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.๐@cveNotify |
|
2023-09-07 20:58:14 |
๐จ CVE-2023-20835In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.๐@cveNotify |
|
2023-09-07 20:58:13 |
๐จ CVE-2023-32811In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.๐@cveNotify |
|
2023-09-07 20:58:12 |
๐จ CVE-2023-32808In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.๐@cveNotify |
|
2023-09-07 18:58:24 |
๐จ CVE-2023-40239Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.๐@cveNotify |
|
2023-09-07 18:58:23 |
๐จ CVE-2023-30800The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.๐@cveNotify |
|
2023-09-07 18:58:22 |
๐จ CVE-2023-40060A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4.ย SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1.ย ๐@cveNotify |
|
2023-09-07 18:58:19 |
๐จ CVE-2021-44189Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-07 18:58:18 |
๐จ CVE-2021-44190Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-07 18:58:17 |
๐จ CVE-2021-44195Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-07 16:58:40 |
๐จ CVE-2023-40576FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.๐@cveNotify |
|
2023-09-07 16:58:39 |
๐จ CVE-2023-20849In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.๐@cveNotify |
|
2023-09-07 16:58:38 |
๐จ CVE-2023-20850In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.๐@cveNotify |
|
2023-09-07 16:58:37 |
๐จ CVE-2023-32817In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.๐@cveNotify |
|
2023-09-07 16:58:33 |
๐จ CVE-2023-32816In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032.๐@cveNotify |
|
2023-09-07 16:58:32 |
๐จ CVE-2023-20847In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.๐@cveNotify |
|
2023-09-07 16:58:31 |
๐จ CVE-2023-32813In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.๐@cveNotify |
|
2023-09-07 16:58:27 |
๐จ CVE-2023-32814In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.๐@cveNotify |
|
2023-09-07 16:58:26 |
๐จ CVE-2023-20838In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.๐@cveNotify |
|
2023-09-07 16:58:25 |
๐จ CVE-2023-20843In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.๐@cveNotify |
|
2023-09-07 16:58:24 |
๐จ CVE-2023-20845In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.๐@cveNotify |
|
2023-09-07 16:58:21 |
๐จ CVE-2023-20844In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121.๐@cveNotify |
|
2023-09-07 16:58:19 |
๐จ CVE-2023-20837In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786.๐@cveNotify |
|
2023-09-07 16:58:18 |
๐จ CVE-2023-20841In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.๐@cveNotify |
|
2023-09-07 16:58:17 |
๐จ CVE-2023-20842In imgsys_cmdq, there is a possible out of bounds write due to a missingย valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.๐@cveNotify |
|
2023-09-07 10:58:35 |
๐จ CVE-2022-0900Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0.๐@cveNotify |
|
2023-09-07 10:58:31 |
๐จ CVE-2023-39238It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific valueย within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.๐@cveNotify |
|
2023-09-07 10:58:30 |
๐จ CVE-2023-39239It is identified a format string vulnerability in ASUS RT-AX56U V2โs General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.๐@cveNotify |
|
2023-09-07 10:58:29 |
๐จ CVE-2023-0979Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection.This issue affects MedDataPACS : before 2023-03-03.๐@cveNotify |
|
2023-09-07 10:58:28 |
๐จ CVE-2021-43361Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.๐@cveNotify |
|
2023-09-07 10:58:24 |
๐จ CVE-2023-39236ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.๐@cveNotify |
|
2023-09-07 10:58:23 |
๐จ CVE-2023-38033ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.๐@cveNotify |
|
2023-09-07 10:58:19 |
๐จ CVE-2023-4815Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.๐@cveNotify |
|
2023-09-07 10:58:18 |
๐จ CVE-2023-30533SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.๐@cveNotify |
|
2023-09-07 10:58:17 |
๐จ CVE-2022-47522The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.๐@cveNotify |
|
2023-09-07 09:58:38 |
๐จ CVE-2023-4772The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐@cveNotify |
|
2023-09-07 09:58:37 |
๐จ CVE-2023-30079A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.๐@cveNotify |
|
2023-09-07 09:58:36 |
๐จ CVE-2023-22652A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.This issue affects libeconf: before 0.5.2.๐@cveNotify |
|
2023-09-07 09:58:35 |
๐จ CVE-2023-38605This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a userโs current location.๐@cveNotify |
|
2023-09-07 09:58:31 |
๐จ CVE-2023-40397The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.๐@cveNotify |
|
2023-09-07 09:58:30 |
๐จ CVE-2023-41329WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook Extensions. The root cause of the attack is a defect in the logic which allows for a race condition triggered by a DNS server whose address expires in between the initial validation and the outbound network request that might go to a domain that was supposed to be prohibited. Control over a DNS service is required to exploit this attack, so it has high execution complexity and limited impact. This issue has been addressed in version 2.35.1 of wiremock-jre8 and wiremock-jre8-standalone, version 3.0.3 of wiremock and wiremock-standalone, version 2.6.1 of the python version of wiremock, and versions 2.35.1-1 and 3.0.3-1 of the wiremock/wiremock Docker container. Users are advised to upgrade. Users unable to upgrade should either configure firewall rules to define the list of permitted destinations or to configure WireMock to use IP addresses instead of the domain names.๐@cveNotify |
|
2023-09-07 09:58:29 |
๐จ CVE-2023-4809In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.๐@cveNotify |
|
2023-09-07 09:58:25 |
๐จ CVE-2023-23623Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.๐@cveNotify |
|
2023-09-07 09:58:24 |
๐จ CVE-2023-38616A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.๐@cveNotify |
|
2023-09-07 09:58:23 |
๐จ CVE-2023-39967WireMock is a tool for mocking HTTP services. When certain request URLs like โ@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMockโs instance. There are 3 identified potential attack vectors: via โTestRequesterโ functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.๐@cveNotify |
|
2023-09-07 09:58:19 |
๐จ CVE-2023-40392A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.๐@cveNotify |
|
2023-09-07 09:58:18 |
๐จ CVE-2023-41053Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-07 09:58:17 |
๐จ CVE-2023-20263A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.๐@cveNotify |
|
2023-09-07 00:58:12 |
๐จ CVE-2023-4754Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.๐@cveNotify |
|
2023-09-07 00:58:11 |
๐จ CVE-2023-41642Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.๐@cveNotify |
|
2023-09-06 22:58:54 |
๐จ CVE-2023-41053Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-06 22:58:53 |
๐จ CVE-2023-28215A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-09-06 22:58:52 |
๐จ CVE-2023-28188A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause a denial-of-service.๐@cveNotify |
|
2023-09-06 22:58:51 |
๐จ CVE-2023-28211A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-09-06 22:58:50 |
๐จ CVE-2023-32426A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.๐@cveNotify |
|
2023-09-06 22:58:46 |
๐จ CVE-2023-28195A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information.๐@cveNotify |
|
2023-09-06 22:58:45 |
๐จ CVE-2023-28214A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-09-06 22:58:44 |
๐จ CVE-2023-27950An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.๐@cveNotify |
|
2023-09-06 22:58:43 |
๐จ CVE-2023-28209A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-09-06 22:58:42 |
๐จ CVE-2023-28213A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-09-06 22:58:38 |
๐จ CVE-2023-28210A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-09-06 22:58:37 |
๐จ CVE-2023-28212A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-09-06 22:58:36 |
๐จ CVE-2023-32356A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-09-06 22:58:35 |
๐จ CVE-2023-32362Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3. A website may be able to track sensitive user information.๐@cveNotify |
|
2023-09-06 22:58:32 |
๐จ CVE-2023-35359Windows Kernel Elevation of Privilege Vulnerability๐@cveNotify |
|
2023-09-06 22:58:31 |
๐จ CVE-2023-28200A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.๐@cveNotify |
|
2023-09-06 22:58:30 |
๐จ CVE-2023-29491ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.๐@cveNotify |
|
2023-09-06 22:58:29 |
๐จ CVE-2023-23333There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.๐@cveNotify |
|
2023-09-06 22:58:28 |
๐จ CVE-2022-3970A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.๐@cveNotify |
|
2023-09-06 20:58:19 |
๐จ CVE-2023-20269A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.๐@cveNotify |
|
2023-09-06 20:58:18 |
๐จ CVE-2023-38485Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that couldย allow an attacker to execute arbitrary code early in the bootย sequence. An attacker could exploit this vulnerability toย gain access to and change underlying sensitive informationย in the affected controller leading to complete systemย compromise.๐@cveNotify |
|
2023-09-06 20:58:17 |
๐จ CVE-2023-41050AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-06 19:58:25 |
๐จ CVE-2023-0667Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark๐@cveNotify |
|
2023-09-06 19:58:24 |
๐จ CVE-2021-36646A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.๐@cveNotify |
|
2023-09-06 19:58:23 |
๐จ CVE-2023-4498Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only๐@cveNotify |
|
2023-09-06 19:58:19 |
๐จ CVE-2023-39615** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.๐@cveNotify |
|
2023-09-06 19:58:18 |
๐จ CVE-2022-34038** DISPUTED ** Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.๐@cveNotify |
|
2023-09-06 19:58:17 |
๐จ CVE-2020-36131AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.๐@cveNotify |
|
2023-09-06 19:58:13 |
๐จ CVE-2021-30475aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.๐@cveNotify |
|
2023-09-06 19:58:12 |
๐จ CVE-2021-30473aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.๐@cveNotify |
|
2023-09-06 16:58:35 |
๐จ CVE-2023-41937Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.๐@cveNotify |
|
2023-09-06 16:58:34 |
๐จ CVE-2023-41940Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.๐@cveNotify |
|
2023-09-06 16:58:33 |
๐จ CVE-2023-41945Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.๐@cveNotify |
|
2023-09-06 16:58:32 |
๐จ CVE-2023-41941A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.๐@cveNotify |
|
2023-09-06 16:58:31 |
๐จ CVE-2023-41942A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.๐@cveNotify |
|
2023-09-06 16:58:30 |
๐จ CVE-2023-41946A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.๐@cveNotify |
|
2023-09-06 16:58:29 |
๐จ CVE-2023-41944Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.๐@cveNotify |
|
2023-09-06 16:58:28 |
๐จ CVE-2023-41931Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.๐@cveNotify |
|
2023-09-06 16:58:27 |
๐จ CVE-2023-41947A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.๐@cveNotify |
|
2023-09-06 16:58:26 |
๐จ CVE-2022-46751Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide".๐@cveNotify |
|
2023-09-06 16:58:24 |
๐จ CVE-2023-1863Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06.๐@cveNotify |
|
2023-09-06 16:58:23 |
๐จ CVE-2023-1114Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100.๐@cveNotify |
|
2023-09-06 16:58:22 |
๐จ CVE-2023-41739Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.๐@cveNotify |
|
2023-09-06 16:58:21 |
๐จ CVE-2023-40182Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.๐@cveNotify |
|
2023-09-06 16:58:20 |
๐จ CVE-2023-41738Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.๐@cveNotify |
|
2023-09-06 16:58:16 |
๐จ CVE-2023-36811borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any "borg check --repair" and before "borg prune". There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-09-06 16:58:15 |
๐จ CVE-2023-39265Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names likeย sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity.ย This vulnerability exists in Apache Superset versions up to and including 2.1.0.๐@cveNotify |
|
2023-09-06 16:58:14 |
๐จ CVE-2021-28644Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-06 16:58:13 |
๐จ CVE-2021-35980Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-09-06 16:58:12 |
๐จ CVE-2021-36021Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system. ๐@cveNotify |
|
2023-09-06 07:58:32 |
๐จ CVE-2023-30717Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.๐@cveNotify |
|
2023-09-06 07:58:31 |
๐จ CVE-2023-30720PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.๐@cveNotify |
|
2023-09-06 07:58:30 |
๐จ CVE-2023-30709Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.๐@cveNotify |
|
2023-09-06 07:58:26 |
๐จ CVE-2023-30711Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.๐@cveNotify |
|
2023-09-06 07:58:25 |
๐จ CVE-2023-30724Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.๐@cveNotify |
|
2023-09-06 07:58:24 |
๐จ CVE-2023-30715Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.๐@cveNotify |
|
2023-09-06 07:58:20 |
๐จ CVE-2023-30718Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.๐@cveNotify |
|
2023-09-06 07:58:19 |
๐จ CVE-2023-30719Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.๐@cveNotify |
|
2023-09-06 07:58:18 |
๐จ CVE-2023-30725Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.๐@cveNotify |
|
2023-09-06 07:58:14 |
๐จ CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.๐@cveNotify |
|
2023-09-06 07:58:13 |
๐จ CVE-2020-21427Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.๐@cveNotify |
|
2023-09-06 07:58:12 |
๐จ CVE-2023-28215A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.๐@cveNotify |
|
2023-08-30 00:58:28 |
๐จ CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.๐@cveNotify |
|
2023-08-30 00:58:27 |
๐จ CVE-2023-40826An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.๐@cveNotify |
|
2023-08-30 00:58:24 |
๐จ CVE-2023-38971Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.๐@cveNotify |
|
2023-08-30 00:58:23 |
๐จ CVE-2023-41153A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.๐@cveNotify |
|
2023-08-30 00:58:22 |
๐จ CVE-2023-4611A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.๐@cveNotify |
|
2023-08-30 00:58:18 |
๐จ CVE-2023-39558AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.๐@cveNotify |
|
2023-08-30 00:58:17 |
๐จ CVE-2023-41265An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.๐@cveNotify |
|
2023-08-30 00:58:16 |
๐จ CVE-2023-41266A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.๐@cveNotify |
|
2023-08-29 22:58:39 |
๐จ CVE-2023-4548A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.๐@cveNotify |
|
2023-08-29 22:58:38 |
๐จ CVE-2021-3262TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.๐@cveNotify |
|
2023-08-29 22:58:37 |
๐จ CVE-2023-39266A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.๐@cveNotify |
|
2023-08-29 22:58:36 |
๐จ CVE-2023-39267An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.๐@cveNotify |
|
2023-08-29 22:58:35 |
๐จ CVE-2023-39268A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.๐@cveNotify |
|
2023-08-29 22:58:31 |
๐จ CVE-2023-39663Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern.๐@cveNotify |
|
2023-08-29 22:58:30 |
๐จ CVE-2023-39678A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.๐@cveNotify |
|
2023-08-29 22:58:29 |
๐จ CVE-2023-3253An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.๐@cveNotify |
|
2023-08-29 22:58:28 |
๐จ CVE-2023-4572Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-29 22:58:23 |
๐จ CVE-2023-34039Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation.ย A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.๐@cveNotify |
|
2023-08-29 22:58:22 |
๐จ CVE-2023-39522goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recovery flow described above is susceptible to having their username/email revealed as existing. An attacker can easily enumerate and check users' existence using the recovery flow, as a clear message is shown when a user doesn't exist. Depending on configuration this can either be done by username, email, or both. This issue has been addressed in versions 2023.5.6 and 2023.6.2. Users are advised to upgrade. There are no known workarounds for this issue.๐@cveNotify |
|
2023-08-29 22:58:21 |
๐จ CVE-2023-3251A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.๐@cveNotify |
|
2023-08-29 22:58:20 |
๐จ CVE-2023-3252An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.๐@cveNotify |
|
2023-08-29 22:58:16 |
๐จ CVE-2023-37428A vulnerability in the EdgeConnect SD-WAN Orchestratorย web-based management interface allows remote authenticatedย users to run arbitrary commands on the underlying host.ย A successful exploit could allow an attacker to executeย arbitrary commands as root on the underlying operating systemย leading to complete system compromise.๐@cveNotify |
|
2023-08-29 22:58:15 |
๐จ CVE-2023-37427A vulnerability in the web-based management interface ofย EdgeConnect SD-WAN Orchestrator could allow an authenticatedย remote attacker to run arbitrary commands on the underlyingย host. Successful exploitation of this vulnerability allowsย an attacker to execute arbitrary commands as root on theย underlying operating system leading to complete systemย compromise.๐@cveNotify |
|
2023-08-29 22:58:14 |
๐จ CVE-2023-39578A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.๐@cveNotify |
|
2023-08-29 22:58:13 |
๐จ CVE-2023-37434Multiple vulnerabilities in the web-based managementย interface of EdgeConnect SD-WAN Orchestrator could allowย an authenticated remote attacker to conduct SQL injectionย attacks against the EdgeConnect SD-WAN Orchestratorย instance. An attacker could exploit these vulnerabilities toย ย obtain and modify sensitive information in the underlyingย database potentially leading to the exposure and corruptionย of sensitive data controlled by the EdgeConnect SD-WANย Orchestrator host.๐@cveNotify |
|
2023-08-29 20:58:18 |
๐จ CVE-2023-38283In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.๐@cveNotify |
|
2023-08-29 20:58:17 |
๐จ CVE-2023-41362MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.๐@cveNotify |
|
2023-08-29 18:58:30 |
๐จ CVE-2023-4513BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file๐@cveNotify |
|
2023-08-29 18:58:26 |
๐จ CVE-2023-4511BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file๐@cveNotify |
|
2023-08-29 18:58:25 |
๐จ CVE-2023-40763User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.๐@cveNotify |
|
2023-08-29 18:58:24 |
๐จ CVE-2023-39708A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.๐@cveNotify |
|
2023-08-29 18:58:21 |
๐จ CVE-2023-40764User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.๐@cveNotify |
|
2023-08-29 18:58:20 |
๐จ CVE-2023-40766User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.๐@cveNotify |
|
2023-08-29 18:58:19 |
๐จ CVE-2023-40767User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.๐@cveNotify |
|
2023-08-29 18:58:18 |
๐จ CVE-2023-40756User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.๐@cveNotify |
|
2023-08-29 17:58:27 |
๐จ CVE-2023-37439Multiple vulnerabilities in the web-based managementย interface of EdgeConnect SD-WAN Orchestrator could allowย an authenticated remote attacker to conduct SQL injectionย attacks against the EdgeConnect SD-WAN Orchestratorย instance. An attacker could exploit these vulnerabilities toย ย obtain and modify sensitive information in the underlyingย database potentially leading to the exposure and corruptionย of sensitive data controlled by the EdgeConnect SD-WANย Orchestrator host.๐@cveNotify |
|
2023-08-29 17:58:26 |
๐จ CVE-2023-37438Multiple vulnerabilities in the web-based managementย interface of EdgeConnect SD-WAN Orchestrator could allowย an authenticated remote attacker to conduct SQL injectionย attacks against the EdgeConnect SD-WAN Orchestratorย instance. An attacker could exploit these vulnerabilities toย ย obtain and modify sensitive information in the underlyingย database potentially leading to the exposure and corruptionย of sensitive data controlled by the EdgeConnect SD-WANย Orchestrator host.๐@cveNotify |
|
2023-08-29 17:58:25 |
๐จ CVE-2021-43171Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.๐@cveNotify |
|
2023-08-29 17:58:23 |
๐จ CVE-2023-40282** UNSUPPPORTED WHEN ASSIGNED ** Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.๐@cveNotify |
|
2023-08-29 17:58:22 |
๐จ CVE-2023-4041Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.๐@cveNotify |
|
2023-08-29 17:58:21 |
๐จ CVE-2023-39985** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.๐@cveNotify |
|
2023-08-29 14:58:22 |
๐จ CVE-2023-40787In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.๐@cveNotify |
|
2023-08-29 14:58:21 |
๐จ CVE-2023-23770Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.๐@cveNotify |
|
2023-08-29 14:58:20 |
๐จ CVE-2023-23771Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.๐@cveNotify |
|
2023-08-29 14:58:19 |
๐จ CVE-2023-23772Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.๐@cveNotify |
|
2023-08-29 14:58:15 |
๐จ CVE-2023-23774Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.๐@cveNotify |
|
2023-08-29 14:58:13 |
๐จ CVE-2023-37436Multiple vulnerabilities in the web-based managementย interface of EdgeConnect SD-WAN Orchestrator could allowย an authenticated remote attacker to conduct SQL injectionย attacks against the EdgeConnect SD-WAN Orchestratorย instance. An attacker could exploit these vulnerabilities toย ย obtain and modify sensitive information in the underlyingย database potentially leading to the exposure and corruptionย of sensitive data controlled by the EdgeConnect SD-WANย Orchestrator host.๐@cveNotify |
|
2023-08-29 14:58:12 |
๐จ CVE-2023-37435Multiple vulnerabilities in the web-based managementย interface of EdgeConnect SD-WAN Orchestrator could allowย an authenticated remote attacker to conduct SQL injectionย attacks against the EdgeConnect SD-WAN Orchestratorย instance. An attacker could exploit these vulnerabilities toย ย obtain and modify sensitive information in the underlyingย database potentially leading to the exposure and corruptionย of sensitive data controlled by the EdgeConnect SD-WANย Orchestrator host.๐@cveNotify |
|
2023-08-29 10:58:32 |
๐จ CVE-2023-41360An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.๐@cveNotify |
|
2023-08-29 10:58:31 |
๐จ CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.๐@cveNotify |
|
2023-08-29 10:58:30 |
๐จ CVE-2023-34724An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.๐@cveNotify |
|
2023-08-29 10:58:29 |
๐จ CVE-2023-34725An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.๐@cveNotify |
|
2023-08-29 10:58:28 |
๐จ CVE-2023-39059An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.๐@cveNotify |
|
2023-08-29 10:58:27 |
๐จ CVE-2023-40781Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.๐@cveNotify |
|
2023-08-29 10:58:26 |
๐จ CVE-2023-40825An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.๐@cveNotify |
|
2023-08-29 10:58:24 |
๐จ CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.๐@cveNotify |
|
2023-08-29 10:58:22 |
๐จ CVE-2023-40828An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.๐@cveNotify |
|
2023-08-29 10:58:21 |
๐จ CVE-2023-40857Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.๐@cveNotify |
|
2023-08-29 10:58:20 |
๐จ CVE-2023-40997Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.๐@cveNotify |
|
2023-08-29 10:58:19 |
๐จ CVE-2023-40998Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.๐@cveNotify |
|
2023-08-29 10:58:18 |
๐จ CVE-2023-41005An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php๐@cveNotify |
|
2023-08-29 10:58:17 |
๐จ CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.๐@cveNotify |
|
2023-08-29 10:58:16 |
๐จ CVE-2023-39650Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.๐@cveNotify |
|
2023-08-29 10:58:15 |
๐จ CVE-2023-35785Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.๐@cveNotify |
|
2023-08-29 10:58:14 |
๐จ CVE-2023-39348Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.๐@cveNotify |
|
2023-08-29 10:58:13 |
๐จ CVE-2023-39578A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.๐@cveNotify |
|
2023-08-29 10:58:12 |
๐จ CVE-2023-41109SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.๐@cveNotify |
|
2023-08-29 06:58:34 |
๐จ CVE-2023-30435IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291.๐@cveNotify |
|
2023-08-29 06:58:33 |
๐จ CVE-2023-30437IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.๐@cveNotify |
|
2023-08-29 06:58:32 |
๐จ CVE-2023-33852IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614.๐@cveNotify |
|
2023-08-29 06:58:31 |
๐จ CVE-2023-38730IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268.๐@cveNotify |
|
2023-08-29 06:58:27 |
๐จ CVE-2023-4557A vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_purchase_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238158 is the identifier assigned to this vulnerability.๐@cveNotify |
|
2023-08-29 06:58:26 |
๐จ CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.๐@cveNotify |
|
2023-08-29 06:58:25 |
๐จ CVE-2023-41359An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.๐@cveNotify |
|
2023-08-29 06:58:24 |
๐จ CVE-2023-41360An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.๐@cveNotify |
|
2023-08-29 06:58:21 |
๐จ CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.๐@cveNotify |
|
2023-08-29 06:58:20 |
๐จ CVE-2023-3180A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.๐@cveNotify |
|
2023-08-29 06:58:19 |
๐จ CVE-2023-0664A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.๐@cveNotify |
|
2023-08-29 06:58:18 |
๐จ CVE-2023-1995Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.๐@cveNotify |
|
2023-08-29 06:58:14 |
๐จ CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-29 06:58:13 |
๐จ CVE-2023-40254Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-29 06:58:12 |
๐จ CVE-2023-28980A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).This issue affects:Juniper Networks Junos OS * 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6; * 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5; * 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4 * 21.1 version 21.1R3 and later versions prior to 21.1R3-S3; * 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2; * 21.3 version 21.3R2 and later versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S1, 21.4R3; * 22.1 versions prior to 22.1R2.Juniper Networks Junos OS Evolved * 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO; * 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; * 22.1-EVO versions prior to 22.1R2-EVO.๐@cveNotify |
|
2023-08-29 00:58:28 |
๐จ CVE-2023-39650Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.๐@cveNotify |
|
2023-08-29 00:58:27 |
๐จ CVE-2023-34724An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.๐@cveNotify |
|
2023-08-29 00:58:26 |
๐จ CVE-2023-34725An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.๐@cveNotify |
|
2023-08-29 00:58:25 |
๐จ CVE-2023-39059An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.๐@cveNotify |
|
2023-08-29 00:58:24 |
๐จ CVE-2023-40781Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.๐@cveNotify |
|
2023-08-29 00:58:22 |
๐จ CVE-2023-40825An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.๐@cveNotify |
|
2023-08-29 00:58:21 |
๐จ CVE-2023-40826An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.๐@cveNotify |
|
2023-08-29 00:58:20 |
๐จ CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.๐@cveNotify |
|
2023-08-29 00:58:19 |
๐จ CVE-2023-40828An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.๐@cveNotify |
|
2023-08-29 00:58:18 |
๐จ CVE-2023-40857Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.๐@cveNotify |
|
2023-08-29 00:58:17 |
๐จ CVE-2023-40997Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.๐@cveNotify |
|
2023-08-29 00:58:16 |
๐จ CVE-2023-40998Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.๐@cveNotify |
|
2023-08-29 00:58:15 |
๐จ CVE-2023-41005An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php๐@cveNotify |
|
2023-08-29 00:58:13 |
๐จ CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.๐@cveNotify |
|
2023-08-29 00:58:12 |
๐จ CVE-2023-39017** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.๐@cveNotify |
|
2023-08-28 23:58:36 |
๐จ CVE-2020-21699The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.๐@cveNotify |
|
2023-08-28 23:58:35 |
๐จ CVE-2020-24165An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).๐@cveNotify |
|
2023-08-28 23:58:31 |
๐จ CVE-2023-39968jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-28 23:58:30 |
๐จ CVE-2023-3699An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.๐@cveNotify |
|
2023-08-28 23:58:26 |
๐จ CVE-2022-48545An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.๐@cveNotify |
|
2023-08-28 23:58:25 |
๐จ CVE-2023-35785Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.๐@cveNotify |
|
2023-08-28 23:58:24 |
๐จ CVE-2023-39348Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.๐@cveNotify |
|
2023-08-28 23:58:21 |
๐จ CVE-2023-39578A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.๐@cveNotify |
|
2023-08-28 23:58:20 |
๐จ CVE-2020-12272OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.๐@cveNotify |
|
2023-08-28 23:58:19 |
๐จ CVE-2022-48538In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.๐@cveNotify |
|
2023-08-28 21:58:29 |
๐จ CVE-2023-40755There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.๐@cveNotify |
|
2023-08-28 21:58:23 |
๐จ CVE-2023-40756User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.๐@cveNotify |
|
2023-08-28 21:58:22 |
๐จ CVE-2023-40759User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.๐@cveNotify |
|
2023-08-28 21:58:21 |
๐จ CVE-2023-40760User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.๐@cveNotify |
|
2023-08-28 16:58:20 |
๐จ CVE-2023-2234Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.๐@cveNotify |
|
2023-08-28 16:58:19 |
๐จ CVE-2023-39708A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.๐@cveNotify |
|
2023-08-28 16:58:18 |
๐จ CVE-2023-40846Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.๐@cveNotify |
|
2023-08-28 10:58:29 |
๐จ CVE-2020-19909** DISPUTED ** Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.๐@cveNotify |
|
2023-08-28 10:58:28 |
๐จ CVE-2023-27604Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via โsqoop import --connectโ, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected.This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.๐@cveNotify |
|
2023-08-28 10:58:27 |
๐จ CVE-2023-38030Sahoโs attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.๐@cveNotify |
|
2023-08-28 10:58:26 |
๐จ CVE-2023-38029Sahoโs attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.๐@cveNotify |
|
2023-08-28 10:58:22 |
๐จ CVE-2023-38028Sahoโs attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but canโt control system or disrupt service.๐@cveNotify |
|
2023-08-28 10:58:21 |
๐จ CVE-2022-43904IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.๐@cveNotify |
|
2023-08-28 10:58:20 |
๐จ CVE-2023-23473IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.๐@cveNotify |
|
2023-08-28 10:58:19 |
๐จ CVE-2023-24959IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.๐@cveNotify |
|
2023-08-28 10:58:15 |
๐จ CVE-2023-26270IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.๐@cveNotify |
|
2023-08-28 10:58:14 |
๐จ CVE-2023-26271IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.๐@cveNotify |
|
2023-08-28 10:58:13 |
๐จ CVE-2023-26272IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.๐@cveNotify |
|
2023-08-28 10:58:12 |
๐จ CVE-2023-4561Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.๐@cveNotify |
|
2023-08-28 05:58:44 |
๐จ CVE-2016-15035A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155.๐@cveNotify |
|
2023-08-28 05:58:43 |
๐จ CVE-2023-38024SpotCam Co., Ltd. SpotCam FHD 2โs hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.๐@cveNotify |
|
2023-08-28 05:58:41 |
๐จ CVE-2023-38025SpotCam Co., Ltd. SpotCam FHD 2โs hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.๐@cveNotify |
|
2023-08-28 05:58:40 |
๐จ CVE-2023-38026SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.๐@cveNotify |
|
2023-08-28 05:58:39 |
๐จ CVE-2023-38027SpotCam Co., Ltd. SpotCam Senseโs hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.๐@cveNotify |
|
2023-08-28 05:58:38 |
๐จ CVE-2023-20197A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .๐@cveNotify |
|
2023-08-28 05:58:37 |
๐จ CVE-2023-22877IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.๐@cveNotify |
|
2023-08-28 05:58:33 |
๐จ CVE-2023-23473IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.๐@cveNotify |
|
2023-08-28 05:58:32 |
๐จ CVE-2023-24959IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.๐@cveNotify |
|
2023-08-28 05:58:31 |
๐จ CVE-2023-26270IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.๐@cveNotify |
|
2023-08-28 05:58:30 |
๐จ CVE-2023-26271IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.๐@cveNotify |
|
2023-08-28 05:58:29 |
๐จ CVE-2023-26272IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.๐@cveNotify |
|
2023-08-28 05:58:25 |
๐จ CVE-2023-4560Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.๐@cveNotify |
|
2023-08-28 05:58:24 |
๐จ CVE-2023-4561Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.๐@cveNotify |
|
2023-08-28 05:58:23 |
๐จ CVE-2023-3330Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allowsย a attackerย toย obtain specific files in the product.๐@cveNotify |
|
2023-08-28 05:58:22 |
๐จ CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.๐@cveNotify |
|
2023-08-28 01:01:35 |
๐จ CVE-2023-4556A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.๐@cveNotify |
|
2023-08-28 01:01:34 |
๐จ CVE-2023-4349Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-28 01:01:30 |
๐จ CVE-2023-4350Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-28 01:01:29 |
๐จ CVE-2023-4352Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-28 01:01:28 |
๐จ CVE-2023-4354Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-28 01:01:25 |
๐จ CVE-2023-4355Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-28 01:01:24 |
๐จ CVE-2023-4357Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-28 01:01:23 |
๐จ CVE-2023-4359Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-28 01:01:20 |
๐จ CVE-2023-4360Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-28 01:01:19 |
๐จ CVE-2023-4362Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-28 01:01:18 |
๐จ CVE-2023-4364Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-26 19:58:55 |
๐จ CVE-2023-4427Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-26 19:58:54 |
๐จ CVE-2023-4429Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-26 19:58:53 |
๐จ CVE-2023-4431Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-26 12:58:12 |
๐จ CVE-2023-4548A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.๐@cveNotify |
|
2023-08-26 10:58:23 |
๐จ CVE-2023-4546A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability.๐@cveNotify |
|
2023-08-26 10:58:22 |
๐จ CVE-2023-4545A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-26 10:58:21 |
๐จ CVE-2023-4544A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-26 05:58:34 |
๐จ CVE-2023-34723An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.๐@cveNotify |
|
2023-08-26 05:58:33 |
๐จ CVE-2023-39287A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.๐@cveNotify |
|
2023-08-26 05:58:30 |
๐จ CVE-2023-39288A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.๐@cveNotify |
|
2023-08-26 05:58:29 |
๐จ CVE-2023-39290A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.๐@cveNotify |
|
2023-08-26 05:58:28 |
๐จ CVE-2023-41121Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.๐@cveNotify |
|
2023-08-26 05:58:24 |
๐จ CVE-2023-4542A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-26 05:58:23 |
๐จ CVE-2021-27932Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.๐@cveNotify |
|
2023-08-26 05:58:22 |
๐จ CVE-2023-24621An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.๐@cveNotify |
|
2023-08-26 05:58:18 |
๐จ CVE-2023-36198Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function.๐@cveNotify |
|
2023-08-26 05:58:17 |
๐จ CVE-2023-39600IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.๐@cveNotify |
|
2023-08-26 05:58:16 |
๐จ CVE-2023-39707A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.๐@cveNotify |
|
2023-08-25 23:58:35 |
๐จ CVE-2023-40585ironic-image is a container image to run OpenStack Ironic as part of Metalยณ. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t ...`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place.๐@cveNotify |
|
2023-08-25 23:58:34 |
๐จ CVE-2023-40587Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.๐@cveNotify |
|
2023-08-25 23:58:33 |
๐จ CVE-2023-41080URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.The vulnerability is limited to the ROOT (default) web application.๐@cveNotify |
|
2023-08-25 23:58:30 |
๐จ CVE-2023-39908The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.๐@cveNotify |
|
2023-08-25 23:58:29 |
๐จ CVE-2020-18651Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.๐@cveNotify |
|
2023-08-25 23:58:28 |
๐จ CVE-2020-18652Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.๐@cveNotify |
|
2023-08-25 23:58:24 |
๐จ CVE-2020-18770An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.๐@cveNotify |
|
2023-08-25 23:58:23 |
๐จ CVE-2022-48547A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.๐@cveNotify |
|
2023-08-25 23:58:18 |
๐จ CVE-2020-18781Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.๐@cveNotify |
|
2023-08-25 23:58:17 |
๐จ CVE-2020-18382Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.๐@cveNotify |
|
2023-08-25 20:58:42 |
๐จ CVE-2022-29654Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.๐@cveNotify |
|
2023-08-25 20:58:41 |
๐จ CVE-2021-40266FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.๐@cveNotify |
|
2023-08-25 20:58:39 |
๐จ CVE-2020-25887Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.๐@cveNotify |
|
2023-08-25 20:58:38 |
๐จ CVE-2020-23804Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.๐@cveNotify |
|
2023-08-25 20:58:37 |
๐จ CVE-2020-22628Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.๐@cveNotify |
|
2023-08-25 20:58:36 |
๐จ CVE-2020-22570Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.๐@cveNotify |
|
2023-08-25 20:58:34 |
๐จ CVE-2020-22219Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.๐@cveNotify |
|
2023-08-25 20:58:33 |
๐จ CVE-2020-21687Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.๐@cveNotify |
|
2023-08-25 20:58:32 |
๐จ CVE-2023-20197A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .๐@cveNotify |
|
2023-08-25 20:58:31 |
๐จ CVE-2023-20217A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device.๐@cveNotify |
|
2023-08-25 20:58:30 |
๐จ CVE-2023-20221A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.๐@cveNotify |
|
2023-08-25 20:58:28 |
๐จ CVE-2023-4456A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.๐@cveNotify |
|
2023-08-25 20:58:27 |
๐จ CVE-2020-21722Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.๐@cveNotify |
|
2023-08-25 20:58:26 |
๐จ CVE-2020-21723A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.๐@cveNotify |
|
2023-08-25 20:58:24 |
๐จ CVE-2020-21724Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.๐@cveNotify |
|
2023-08-25 20:58:23 |
๐จ CVE-2020-21896A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.๐@cveNotify |
|
2023-08-25 20:58:22 |
๐จ CVE-2023-40352McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.๐@cveNotify |
|
2023-08-25 20:58:21 |
๐จ CVE-2020-27418A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.๐@cveNotify |
|
2023-08-25 20:58:20 |
๐จ CVE-2021-40262A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.๐@cveNotify |
|
2023-08-25 20:58:19 |
๐จ CVE-2020-21679Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.๐@cveNotify |
|
2023-08-25 18:58:42 |
๐จ CVE-2023-40798In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.๐@cveNotify |
|
2023-08-25 18:58:41 |
๐จ CVE-2023-38201A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.๐@cveNotify |
|
2023-08-25 18:58:40 |
๐จ CVE-2023-40799Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.๐@cveNotify |
|
2023-08-25 18:58:39 |
๐จ CVE-2023-40800The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.๐@cveNotify |
|
2023-08-25 18:58:35 |
๐จ CVE-2023-40801The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn๐@cveNotify |
|
2023-08-25 18:58:34 |
๐จ CVE-2023-40802The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn๐@cveNotify |
|
2023-08-25 18:58:33 |
๐จ CVE-2023-40915Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.๐@cveNotify |
|
2023-08-25 18:58:32 |
๐จ CVE-2023-4534A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-25 18:58:31 |
๐จ CVE-2020-22218An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.๐@cveNotify |
|
2023-08-25 18:58:27 |
๐จ CVE-2023-38906An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.๐@cveNotify |
|
2023-08-25 18:58:26 |
๐จ CVE-2023-38909An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.๐@cveNotify |
|
2023-08-25 18:58:25 |
๐จ CVE-2023-40034Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall.๐@cveNotify |
|
2023-08-25 18:58:24 |
๐จ CVE-2020-22217Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.๐@cveNotify |
|
2023-08-25 18:58:20 |
๐จ CVE-2023-4435Improper Input Validation in GitHub repository hamza417/inure prior to build88.๐@cveNotify |
|
2023-08-25 18:58:19 |
๐จ CVE-2020-21710A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.๐@cveNotify |
|
2023-08-25 18:58:18 |
๐จ CVE-2020-18831Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.๐@cveNotify |
|
2023-08-25 18:58:17 |
๐จ CVE-2023-3936The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin๐@cveNotify |
|
2023-08-25 16:58:52 |
๐จ CVE-2023-2006A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.๐@cveNotify |
|
2023-08-25 16:58:50 |
๐จ CVE-2014-3534arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.๐@cveNotify |
|
2023-08-25 16:58:49 |
๐จ CVE-2014-3153The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.๐@cveNotify |
|
2023-08-25 16:58:48 |
๐จ CVE-2014-1737The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.๐@cveNotify |
|
2023-08-25 16:58:47 |
๐จ CVE-2022-4452Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-25 16:58:43 |
๐จ CVE-2023-40799Tenda AC23 Vv16.03.07.45_cn AC23 is vulnerable to Buffer via sub_450A4C function.๐@cveNotify |
|
2023-08-25 16:58:42 |
๐จ CVE-2023-40800The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.๐@cveNotify |
|
2023-08-25 16:58:41 |
๐จ CVE-2023-40801The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn๐@cveNotify |
|
2023-08-25 16:58:40 |
๐จ CVE-2023-40802The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn๐@cveNotify |
|
2023-08-25 16:58:39 |
๐จ CVE-2023-40915Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.๐@cveNotify |
|
2023-08-25 16:58:38 |
๐จ CVE-2023-4534A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-25 16:58:37 |
๐จ CVE-2023-3269A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.๐@cveNotify |
|
2023-08-25 16:58:36 |
๐จ CVE-2023-4448A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.๐@cveNotify |
|
2023-08-25 16:58:35 |
๐จ CVE-2023-4447A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568.๐@cveNotify |
|
2023-08-25 16:58:34 |
๐จ CVE-2020-23992Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.๐@cveNotify |
|
2023-08-25 16:58:30 |
๐จ CVE-2023-33242Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.๐@cveNotify |
|
2023-08-25 16:58:28 |
๐จ CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.๐@cveNotify |
|
2023-08-25 16:58:27 |
๐จ CVE-2023-39747TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm.๐@cveNotify |
|
2023-08-25 16:58:26 |
๐จ CVE-2023-39748An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.๐@cveNotify |
|
2023-08-25 13:58:18 |
๐จ CVE-2023-4478Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.๐@cveNotify |
|
2023-08-25 10:58:27 |
๐จ CVE-2023-3406Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server๐@cveNotify |
|
2023-08-25 10:58:26 |
๐จ CVE-2023-3425Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.๐@cveNotify |
|
2023-08-25 10:58:25 |
๐จ CVE-2023-32756e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but canโt control system or disrupt service.๐@cveNotify |
|
2023-08-25 10:58:24 |
๐จ CVE-2023-32755e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command.๐@cveNotify |
|
2023-08-25 10:58:20 |
๐จ CVE-2023-41173AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.๐@cveNotify |
|
2023-08-25 10:58:19 |
๐จ CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.๐@cveNotify |
|
2023-08-25 10:58:18 |
๐จ CVE-2023-3573In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operationsย to gain full access to the device.๐@cveNotify |
|
2023-08-25 10:58:14 |
๐จ CVE-2023-3261The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.๐@cveNotify |
|
2023-08-25 10:58:13 |
๐จ CVE-2023-2673Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allowย UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks.๐@cveNotify |
|
2023-08-25 10:58:12 |
๐จ CVE-2023-3260The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.๐@cveNotify |
|
2023-08-25 05:58:31 |
๐จ CVE-2023-40530Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.๐@cveNotify |
|
2023-08-25 05:58:30 |
๐จ CVE-2023-39699IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.๐@cveNotify |
|
2023-08-25 05:58:29 |
๐จ CVE-2023-39700IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.๐@cveNotify |
|
2023-08-25 05:58:28 |
๐จ CVE-2023-38973A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.๐@cveNotify |
|
2023-08-25 05:58:27 |
๐จ CVE-2023-38974A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.๐@cveNotify |
|
2023-08-25 05:58:26 |
๐จ CVE-2023-40179Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.๐@cveNotify |
|
2023-08-25 05:58:24 |
๐จ CVE-2023-40182Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.๐@cveNotify |
|
2023-08-25 05:58:23 |
๐จ CVE-2023-40217An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)๐@cveNotify |
|
2023-08-25 05:58:22 |
๐จ CVE-2023-40570Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4.๐@cveNotify |
|
2023-08-25 05:58:21 |
๐จ CVE-2023-40577Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.๐@cveNotify |
|
2023-08-25 05:58:20 |
๐จ CVE-2023-40599Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.๐@cveNotify |
|
2023-08-25 05:58:19 |
๐จ CVE-2023-4520The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โ_fv_player_user_videoโ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.๐@cveNotify |
|
2023-08-25 05:58:18 |
๐จ CVE-2023-32077Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.๐@cveNotify |
|
2023-08-25 00:58:23 |
๐จ CVE-2022-39266isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept `cachedData` payloads from a user.๐@cveNotify |
|
2023-08-25 00:58:22 |
๐จ CVE-2022-28073A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.๐@cveNotify |
|
2023-08-25 00:58:18 |
๐จ CVE-2023-23564An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.๐@cveNotify |
|
2023-08-25 00:58:17 |
๐จ CVE-2022-28071A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.๐@cveNotify |
|
2023-08-25 00:58:13 |
๐จ CVE-2022-28069A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.๐@cveNotify |
|
2023-08-25 00:58:12 |
๐จ CVE-2022-28068A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.๐@cveNotify |
|
2023-08-25 00:58:11 |
๐จ CVE-2021-33388dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y๐@cveNotify |
|
2023-08-24 22:58:44 |
๐จ CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.๐@cveNotify |
|
2023-08-24 22:58:43 |
๐จ CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability๐@cveNotify |
|
2023-08-24 22:58:42 |
๐จ CVE-2023-38158Microsoft Edge (Chromium-based) Information Disclosure Vulnerability๐@cveNotify |
|
2023-08-24 22:58:41 |
๐จ CVE-2023-25913Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.๐@cveNotify |
|
2023-08-24 22:58:40 |
๐จ CVE-2023-25914Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.๐@cveNotify |
|
2023-08-24 22:58:36 |
๐จ CVE-2023-25915Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.๐@cveNotify |
|
2023-08-24 22:58:35 |
๐จ CVE-2023-4301A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.๐@cveNotify |
|
2023-08-24 22:58:34 |
๐จ CVE-2023-4302A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.๐@cveNotify |
|
2023-08-24 22:58:33 |
๐จ CVE-2023-4303Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.๐@cveNotify |
|
2023-08-24 22:58:32 |
๐จ CVE-2023-38899SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.๐@cveNotify |
|
2023-08-24 22:58:28 |
๐จ CVE-2023-39660An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.๐@cveNotify |
|
2023-08-24 22:58:27 |
๐จ CVE-2023-31041An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.๐@cveNotify |
|
2023-08-24 22:58:26 |
๐จ CVE-2023-38889An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).๐@cveNotify |
|
2023-08-24 22:58:25 |
๐จ CVE-2023-39749D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. This vulnerability is exploited via a crafted GET request.๐@cveNotify |
|
2023-08-24 22:58:21 |
๐จ CVE-2023-39750D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request.๐@cveNotify |
|
2023-08-24 22:58:20 |
๐จ CVE-2023-39751TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.๐@cveNotify |
|
2023-08-24 22:58:19 |
๐จ CVE-2023-4450A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.๐@cveNotify |
|
2023-08-24 22:58:18 |
๐จ CVE-2023-4453Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.๐@cveNotify |
|
2023-08-24 22:58:17 |
๐จ CVE-2023-4454Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.๐@cveNotify |
|
2023-08-24 20:58:30 |
๐จ CVE-2023-40876DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.๐@cveNotify |
|
2023-08-24 20:58:29 |
๐จ CVE-2023-34040In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.Specifically, an application is vulnerable when all of the following are true: * The user does notย configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topicBy default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.๐@cveNotify |
|
2023-08-24 20:58:28 |
๐จ CVE-2023-40891Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.๐@cveNotify |
|
2023-08-24 20:58:24 |
๐จ CVE-2023-40893Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.๐@cveNotify |
|
2023-08-24 20:58:23 |
๐จ CVE-2023-40895Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.๐@cveNotify |
|
2023-08-24 20:58:22 |
๐จ CVE-2023-40896Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.๐@cveNotify |
|
2023-08-24 20:58:19 |
๐จ CVE-2023-40897Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.๐@cveNotify |
|
2023-08-24 20:58:18 |
๐จ CVE-2023-40899Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.๐@cveNotify |
|
2023-08-24 20:58:17 |
๐จ CVE-2023-40901Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.๐@cveNotify |
|
2023-08-24 20:58:13 |
๐จ CVE-2023-40902Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.๐@cveNotify |
|
2023-08-24 20:58:12 |
๐จ CVE-2023-4418A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.๐@cveNotify |
|
2023-08-24 20:58:11 |
๐จ CVE-2023-4419The LMS5xx uses hard-coded credentials, which potentially allow low-skilledunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.๐@cveNotify |
|
2023-08-24 19:58:45 |
๐จ CVE-2023-34971An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and later๐@cveNotify |
|
2023-08-24 19:58:44 |
๐จ CVE-2023-34972A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQuTS hero h5.1.0.2424 build 20230609 and later๐@cveNotify |
|
2023-08-24 19:58:42 |
๐จ CVE-2023-40706There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login.๐@cveNotify |
|
2023-08-24 19:58:41 |
๐จ CVE-2023-40707There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.๐@cveNotify |
|
2023-08-24 19:58:37 |
๐จ CVE-2023-40708The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.๐@cveNotify |
|
2023-08-24 19:58:36 |
๐จ CVE-2023-40709An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for theย SNAP PAC S1 Firmware version R10.3b๐@cveNotify |
|
2023-08-24 19:58:35 |
๐จ CVE-2023-40710An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for theย SNAP PAC S1 Firmware version R10.3b๐@cveNotify |
|
2023-08-24 19:58:34 |
๐จ CVE-2023-34960A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.๐@cveNotify |
|
2023-08-24 19:58:33 |
๐จ CVE-2023-37914XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-24 19:58:29 |
๐จ CVE-2023-34419A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.๐@cveNotify |
|
2023-08-24 19:58:28 |
๐จ CVE-2023-40272Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.It is recommended to upgrade to a version that is not affected.๐@cveNotify |
|
2023-08-24 19:58:27 |
๐จ CVE-2023-4392A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237380. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-24 19:58:26 |
๐จ CVE-2023-39785Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.๐@cveNotify |
|
2023-08-24 19:58:25 |
๐จ CVE-2023-39786Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.๐@cveNotify |
|
2023-08-24 19:58:21 |
๐จ CVE-2023-39784Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.๐@cveNotify |
|
2023-08-24 19:58:20 |
๐จ CVE-2023-25647There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone couldย monitorย the touchย event.๐@cveNotify |
|
2023-08-24 19:58:19 |
๐จ CVE-2023-26115All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.๐@cveNotify |
|
2023-08-24 19:58:18 |
๐จ CVE-2023-27471An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.๐@cveNotify |
|
2023-08-24 17:58:23 |
๐จ CVE-2023-2318DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.๐@cveNotify |
|
2023-08-24 17:58:19 |
๐จ CVE-2023-21267In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-24 17:58:18 |
๐จ CVE-2023-40371IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.๐@cveNotify |
|
2023-08-24 17:58:17 |
๐จ CVE-2022-38223There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.๐@cveNotify |
|
2023-08-24 17:58:14 |
๐จ CVE-2023-4415A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-24 17:58:13 |
๐จ CVE-2023-25399A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.๐@cveNotify |
|
2023-08-24 17:58:12 |
๐จ CVE-2021-33503An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.๐@cveNotify |
|
2023-08-24 05:58:59 |
๐จ CVE-2023-4358Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-24 05:58:58 |
๐จ CVE-2023-4359Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-24 05:58:55 |
๐จ CVE-2023-4360Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-24 05:58:54 |
๐จ CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.๐@cveNotify |
|
2023-08-24 05:58:53 |
๐จ CVE-2023-34475A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.๐@cveNotify |
|
2023-08-24 05:58:52 |
๐จ CVE-2023-3195A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.๐@cveNotify |
|
2023-08-24 05:58:48 |
๐จ CVE-2023-40360QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.๐@cveNotify |
|
2023-08-24 05:58:47 |
๐จ CVE-2023-40572XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.๐@cveNotify |
|
2023-08-24 05:58:46 |
๐จ CVE-2023-40573XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with "Job content executed" will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1.๐@cveNotify |
|
2023-08-24 01:58:28 |
๐จ CVE-2023-32202Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.๐@cveNotify |
|
2023-08-24 01:58:26 |
๐จ CVE-2023-36317Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.๐@cveNotify |
|
2023-08-24 01:58:25 |
๐จ CVE-2023-38422Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.๐@cveNotify |
|
2023-08-24 01:58:24 |
๐จ CVE-2023-3453ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.๐@cveNotify |
|
2023-08-24 01:58:22 |
๐จ CVE-2023-41028A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root.๐@cveNotify |
|
2023-08-23 23:58:17 |
๐จ CVE-2023-20115A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.๐@cveNotify |
|
2023-08-23 23:58:16 |
๐จ CVE-2023-20168A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. ๐@cveNotify |
|
2023-08-23 12:58:18 |
๐จ CVE-2023-3899A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.๐@cveNotify |
|
2023-08-23 10:58:22 |
๐จ CVE-2023-41104libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.๐@cveNotify |
|
2023-08-23 10:58:21 |
๐จ CVE-2023-41105An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.๐@cveNotify |
|
2023-08-23 10:58:20 |
๐จ CVE-2023-41098An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.๐@cveNotify |
|
2023-08-23 10:58:19 |
๐จ CVE-2023-41100An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.๐@cveNotify |
|
2023-08-23 10:58:18 |
๐จ CVE-2023-4041Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.๐@cveNotify |
|
2023-08-23 06:58:34 |
๐จ CVE-2023-4427Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-23 06:58:33 |
๐จ CVE-2023-4428Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-23 06:58:31 |
๐จ CVE-2023-4429Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-23 06:58:30 |
๐จ CVE-2023-4430Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-23 06:58:29 |
๐จ CVE-2023-4431Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-23 06:58:27 |
๐จ CVE-2022-44729Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.๐@cveNotify |
|
2023-08-23 06:58:26 |
๐จ CVE-2022-44730Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.A malicious SVG can probe user profile / data and send it directly as parameter to a URL.๐@cveNotify |
|
2023-08-23 06:58:25 |
๐จ CVE-2023-40027Keystone is an open source headless CMS for Node.js โ built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible (no session required) if a `session` strategy is not defined. This vulnerability does not affect developers using the `@keystone-6/auth` package, or any users that have written their own `ui.isAccessAllowed` (that is to say, `isAccessAllowed` is not `undefined`). This vulnerability does affect users who believed that their `session` strategy will, by default, enforce that `adminMeta` is inaccessible by the public in accordance with that strategy; akin to the behaviour of the AdminUI middleware. This vulnerability has been patched in `@keystone-6/core` version `5.5.1`. Users are advised to upgrade. Users unable to upgrade may opt to write their own `isAccessAllowed` functionality to work-around this vulnerability.๐@cveNotify |
|
2023-08-23 06:58:24 |
๐จ CVE-2023-40028Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-23 06:58:22 |
๐จ CVE-2023-40013SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive. Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-23 06:58:21 |
๐จ CVE-2023-4265Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 ๐@cveNotify |
|
2023-08-23 00:58:55 |
๐จ CVE-2023-20201Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.๐@cveNotify |
|
2023-08-23 00:58:54 |
๐จ CVE-2023-4389A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.๐@cveNotify |
|
2023-08-23 00:58:52 |
๐จ CVE-2023-4385A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.๐@cveNotify |
|
2023-08-23 00:58:50 |
๐จ CVE-2023-40351A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.๐@cveNotify |
|
2023-08-23 00:58:48 |
๐จ CVE-2023-38737IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.๐@cveNotify |
|
2023-08-23 00:58:47 |
๐จ CVE-2023-32547Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-23 00:58:45 |
๐จ CVE-2023-36671An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. This allows an adversary to trick the victim into sending plaintext traffic to the VPN server's IP address and thereby deanonymize the victim. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack for only traffic to the real IP address of the VPN server" rather than to only Clario.๐@cveNotify |
|
2023-08-23 00:58:44 |
๐จ CVE-2023-20203Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.๐@cveNotify |
|
2023-08-23 00:58:42 |
๐จ CVE-2023-20222A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.๐@cveNotify |
|
2023-08-23 00:58:41 |
๐จ CVE-2023-20205Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.๐@cveNotify |
|
2023-08-23 00:58:39 |
๐จ CVE-2023-4382A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-23 00:58:37 |
๐จ CVE-2020-24113Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).๐@cveNotify |
|
2023-08-23 00:58:35 |
๐จ CVE-2023-38733IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.๐@cveNotify |
|
2023-08-23 00:58:33 |
๐จ CVE-2023-38734IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.๐@cveNotify |
|
2023-08-23 00:58:31 |
๐จ CVE-2023-39026Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.๐@cveNotify |
|
2023-08-23 00:58:29 |
๐จ CVE-2023-40370IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.๐@cveNotify |
|
2023-08-23 00:58:28 |
๐จ CVE-2023-31492Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.๐@cveNotify |
|
2023-08-23 00:58:26 |
๐จ CVE-2023-39910The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.๐@cveNotify |
|
2023-08-23 00:58:25 |
๐จ CVE-2021-37386Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.๐@cveNotify |
|
2023-08-23 00:58:23 |
๐จ CVE-2023-39341"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).๐@cveNotify |
|
2023-08-22 22:58:40 |
๐จ CVE-2020-19189Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.๐@cveNotify |
|
2023-08-22 22:58:39 |
๐จ CVE-2020-21428Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.๐@cveNotify |
|
2023-08-22 22:58:38 |
๐จ CVE-2020-19726An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.๐@cveNotify |
|
2023-08-22 22:58:37 |
๐จ CVE-2020-20813Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.๐@cveNotify |
|
2023-08-22 22:58:36 |
๐จ CVE-2020-21687Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.๐@cveNotify |
|
2023-08-22 22:58:35 |
๐จ CVE-2020-21723A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.๐@cveNotify |
|
2023-08-22 22:58:34 |
๐จ CVE-2020-21710A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.๐@cveNotify |
|
2023-08-22 22:58:33 |
๐จ CVE-2020-21890Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.๐@cveNotify |
|
2023-08-22 22:58:32 |
๐จ CVE-2020-21896A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.๐@cveNotify |
|
2023-08-22 22:58:31 |
๐จ CVE-2020-21686A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.๐@cveNotify |
|
2023-08-22 22:58:30 |
๐จ CVE-2020-22217Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.๐@cveNotify |
|
2023-08-22 22:58:29 |
๐จ CVE-2020-21699The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.๐@cveNotify |
|
2023-08-22 22:58:28 |
๐จ CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.๐@cveNotify |
|
2023-08-22 22:58:27 |
๐จ CVE-2020-21724Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.๐@cveNotify |
|
2023-08-22 22:58:26 |
๐จ CVE-2020-22181A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi๐@cveNotify |
|
2023-08-22 22:58:21 |
๐จ CVE-2020-23793An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.๐@cveNotify |
|
2023-08-22 22:58:20 |
๐จ CVE-2020-24294Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.๐@cveNotify |
|
2023-08-22 22:58:19 |
๐จ CVE-2021-32420dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.๐@cveNotify |
|
2023-08-22 22:58:18 |
๐จ CVE-2020-26652An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.๐@cveNotify |
|
2023-08-22 18:58:42 |
๐จ CVE-2023-4241lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.๐@cveNotify |
|
2023-08-22 18:58:40 |
๐จ CVE-2023-0551The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments๐@cveNotify |
|
2023-08-22 18:58:35 |
๐จ CVE-2023-22957An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.๐@cveNotify |
|
2023-08-22 18:58:34 |
๐จ CVE-2023-1977The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.๐@cveNotify |
|
2023-08-22 18:58:33 |
๐จ CVE-2023-2122The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.๐@cveNotify |
|
2023-08-22 18:58:32 |
๐จ CVE-2023-2123The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.๐@cveNotify |
|
2023-08-22 18:58:31 |
๐จ CVE-2023-2225The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).๐@cveNotify |
|
2023-08-22 18:58:27 |
๐จ CVE-2023-2254The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.๐@cveNotify |
|
2023-08-22 18:58:26 |
๐จ CVE-2023-2271The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack๐@cveNotify |
|
2023-08-22 18:58:25 |
๐จ CVE-2023-2272The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin๐@cveNotify |
|
2023-08-22 18:58:24 |
๐จ CVE-2023-4381Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.๐@cveNotify |
|
2023-08-22 18:58:23 |
๐จ CVE-2020-26037Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.๐@cveNotify |
|
2023-08-22 16:59:13 |
๐จ CVE-2023-4363Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-22 16:59:12 |
๐จ CVE-2023-4362Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-22 16:59:11 |
๐จ CVE-2023-38915File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function.๐@cveNotify |
|
2023-08-22 16:59:10 |
๐จ CVE-2020-27673An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.๐@cveNotify |
|
2023-08-22 16:59:06 |
๐จ CVE-2023-32748The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.๐@cveNotify |
|
2023-08-22 16:59:05 |
๐จ CVE-2023-38840Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.๐@cveNotify |
|
2023-08-22 16:59:04 |
๐จ CVE-2023-38687Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is opened. Item names given to Svelecte appear to be directly rendered as HTML by the default item renderer. This means that any HTML tags in the name are rendered as HTML elements not as text. Note that the custom item renderer shown in https://mskocik.github.io/svelecte/#item-rendering is also vulnerable to the same exploit. Any site that uses Svelecte with dynamically created items either from an external source or from user-created content could be vulnerable to an XSS attack (execution of untrusted JavaScript), clickjacking or any other attack that can be performed with arbitrary HTML injection. The actual impact of this vulnerability for a specific application depends on how trustworthy the sources that provide Svelecte items are and the steps that the application has taken to mitigate XSS attacks. XSS attacks using this vulnerability are mostly mitigated by a Content Security Policy that blocks inline JavaScript. This issue has been addressed in version 3.16.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-22 16:59:00 |
๐จ CVE-2023-29468The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.๐@cveNotify |
|
2023-08-22 16:58:59 |
๐จ CVE-2023-40020PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions `app/routes/v3/admin.controller.ts` did not correctly verify whether the user was an administrator (High Level) or moderator (Low Level) causing the request to continue processing. The response would be a 403 with ADMIN_ONLY, however, next() would call leading to any updates/changes in the route to process. This issue has been addressed in version 3.2.49. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-22 16:58:58 |
๐จ CVE-2023-39947eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.๐@cveNotify |
|
2023-08-22 16:58:54 |
๐จ CVE-2023-39946eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.๐@cveNotify |
|
2023-08-22 16:58:53 |
๐จ CVE-2023-24478Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-22 16:58:52 |
๐จ CVE-2023-32494Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.๐@cveNotify |
|
2023-08-22 16:58:51 |
๐จ CVE-2023-32004A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.๐@cveNotify |
|
2023-08-22 14:58:49 |
๐จ CVE-2023-0274The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.๐@cveNotify |
|
2023-08-22 14:58:48 |
๐จ CVE-2023-0579The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.๐@cveNotify |
|
2023-08-22 14:58:47 |
๐จ CVE-2023-1110The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks๐@cveNotify |
|
2023-08-22 14:58:45 |
๐จ CVE-2023-1465The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin๐@cveNotify |
|
2023-08-22 14:58:44 |
๐จ CVE-2023-38906An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.๐@cveNotify |
|
2023-08-22 14:58:43 |
๐จ CVE-2023-38908An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.๐@cveNotify |
|
2023-08-22 14:58:42 |
๐จ CVE-2023-38909An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.๐@cveNotify |
|
2023-08-22 14:58:41 |
๐จ CVE-2023-4301A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.๐@cveNotify |
|
2023-08-22 14:58:40 |
๐จ CVE-2023-4302A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.๐@cveNotify |
|
2023-08-22 14:58:38 |
๐จ CVE-2023-4303Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.๐@cveNotify |
|
2023-08-22 14:58:37 |
๐จ CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability๐@cveNotify |
|
2023-08-22 14:58:36 |
๐จ CVE-2023-38158Microsoft Edge (Chromium-based) Information Disclosure Vulnerability๐@cveNotify |
|
2023-08-22 14:58:35 |
๐จ CVE-2023-25913Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.๐@cveNotify |
|
2023-08-22 14:58:34 |
๐จ CVE-2023-25914Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.๐@cveNotify |
|
2023-08-22 14:58:33 |
๐จ CVE-2023-25915Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.๐@cveNotify |
|
2023-08-22 14:58:31 |
๐จ CVE-2023-40352McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.๐@cveNotify |
|
2023-08-22 14:58:30 |
๐จ CVE-2023-4373Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.๐@cveNotify |
|
2023-08-22 14:58:29 |
๐จ CVE-2023-4417Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.๐@cveNotify |
|
2023-08-22 14:58:28 |
๐จ CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.๐@cveNotify |
|
2023-08-22 00:58:14 |
๐จ CVE-2023-4301A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.๐@cveNotify |
|
2023-08-22 00:58:13 |
๐จ CVE-2022-47952lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.๐@cveNotify |
|
2023-08-22 00:58:12 |
๐จ CVE-2022-34671NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.๐@cveNotify |
|
2023-08-21 22:58:19 |
๐จ CVE-2023-25913Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.๐@cveNotify |
|
2023-08-21 22:58:17 |
๐จ CVE-2023-25914Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.๐@cveNotify |
|
2023-08-21 22:58:16 |
๐จ CVE-2023-25915Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.๐@cveNotify |
|
2023-08-21 22:58:15 |
๐จ CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability๐@cveNotify |
|
2023-08-21 22:58:14 |
๐จ CVE-2023-38158Microsoft Edge (Chromium-based) Information Disclosure Vulnerability๐@cveNotify |
|
2023-08-21 22:58:13 |
๐จ CVE-2023-29360Microsoft Streaming Service Elevation of Privilege Vulnerability๐@cveNotify |
|
2023-08-21 20:58:30 |
๐จ CVE-2023-4334Broadcom RAID Controller Web server (nginx) is serving private files without any authentication๐@cveNotify |
|
2023-08-21 20:58:29 |
๐จ CVE-2023-4336Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute๐@cveNotify |
|
2023-08-21 20:58:28 |
๐จ CVE-2023-4338Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers๐@cveNotify |
|
2023-08-21 20:58:24 |
๐จ CVE-2023-4340Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file๐@cveNotify |
|
2023-08-21 20:58:23 |
๐จ CVE-2023-4342Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy๐@cveNotify |
|
2023-08-21 20:58:22 |
๐จ CVE-2023-4343Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter๐@cveNotify |
|
2023-08-21 20:58:18 |
๐จ CVE-2023-4323Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup๐@cveNotify |
|
2023-08-21 20:58:17 |
๐จ CVE-2023-4326Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites๐@cveNotify |
|
2023-08-21 20:58:13 |
๐จ CVE-2023-4328Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux๐@cveNotify |
|
2023-08-21 20:58:12 |
๐จ CVE-2023-4330Broadcom RAID Controller web interface is vulnerable Denial of Service can be caused by an authenticated user to the REST API Interface๐@cveNotify |
|
2023-08-21 20:58:11 |
๐จ CVE-2023-4331Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols๐@cveNotify |
|
2023-08-21 17:58:32 |
๐จ CVE-2023-32267A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.๐@cveNotify |
|
2023-08-21 17:58:28 |
๐จ CVE-2021-28025Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).๐@cveNotify |
|
2023-08-21 17:58:27 |
๐จ CVE-2022-36392Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.๐@cveNotify |
|
2023-08-21 17:58:26 |
๐จ CVE-2022-45112Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-21 17:58:22 |
๐จ CVE-2023-2802The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-08-21 17:58:21 |
๐จ CVE-2023-2606The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).๐@cveNotify |
|
2023-08-21 14:58:28 |
๐จ CVE-2023-4349Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-21 14:58:27 |
๐จ CVE-2023-21235In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-21 14:58:26 |
๐จ CVE-2020-28715An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).๐@cveNotify |
|
2023-08-21 14:58:23 |
๐จ CVE-2023-38899SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.๐@cveNotify |
|
2023-08-21 14:58:22 |
๐จ CVE-2023-40735Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture) allows loss of plausible deniability, confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21.๐@cveNotify |
|
2023-08-21 14:58:21 |
๐จ CVE-2023-4455Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.๐@cveNotify |
|
2023-08-21 12:58:13 |
๐จ CVE-2023-4453Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.๐@cveNotify |
|
2023-08-21 12:58:12 |
๐จ CVE-2023-4455Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.๐@cveNotify |
|
2023-08-21 10:58:27 |
๐จ CVE-2023-39543Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.๐@cveNotify |
|
2023-08-21 10:58:23 |
๐จ CVE-2023-40068Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.๐@cveNotify |
|
2023-08-21 10:58:22 |
๐จ CVE-2023-39851** DISPUTED ** webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation.๐@cveNotify |
|
2023-08-21 10:58:21 |
๐จ CVE-2023-39852** DISPUTED ** Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who indicates that the userid is a session variable controlled by the server, and thus cannot be used for exploitation.๐@cveNotify |
|
2023-08-21 05:58:39 |
๐จ CVE-2023-39750D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request.๐@cveNotify |
|
2023-08-21 05:58:38 |
๐จ CVE-2023-39751TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.๐@cveNotify |
|
2023-08-21 05:58:36 |
๐จ CVE-2023-4450A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.๐@cveNotify |
|
2023-08-21 05:58:35 |
๐จ CVE-2023-4016Under some circumstances, this weakness allows a user who has access to run the โpsโ utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.๐@cveNotify |
|
2023-08-21 05:58:34 |
๐จ CVE-2023-20593An issue in โZen 2โ CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.๐@cveNotify |
|
2023-08-21 05:58:33 |
๐จ CVE-2023-39617TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.๐@cveNotify |
|
2023-08-21 05:58:32 |
๐จ CVE-2023-39618TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.๐@cveNotify |
|
2023-08-21 05:58:31 |
๐จ CVE-2023-4447A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568.๐@cveNotify |
|
2023-08-21 05:58:29 |
๐จ CVE-2023-4448A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.๐@cveNotify |
|
2023-08-21 05:58:28 |
๐จ CVE-2023-4449A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability.๐@cveNotify |
|
2023-08-21 05:58:24 |
๐จ CVE-2023-40251Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-21 05:58:23 |
๐จ CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-21 05:58:22 |
๐จ CVE-2023-40253Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-21 05:58:21 |
๐จ CVE-2023-39784Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.๐@cveNotify |
|
2023-08-21 05:58:20 |
๐จ CVE-2023-39785Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.๐@cveNotify |
|
2023-08-21 05:58:16 |
๐จ CVE-2023-39786Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.๐@cveNotify |
|
2023-08-21 05:58:15 |
๐จ CVE-2023-39807N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.๐@cveNotify |
|
2023-08-21 05:58:14 |
๐จ CVE-2023-39808N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service.๐@cveNotify |
|
2023-08-21 05:58:13 |
๐จ CVE-2023-39809N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php.๐@cveNotify |
|
2023-08-21 05:58:12 |
๐จ CVE-2023-4443A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Affected is an unknown function of the file vm\doctor\edit-doc.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237564.๐@cveNotify |
|
2023-08-21 01:58:22 |
๐จ CVE-2023-4438A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237559.๐@cveNotify |
|
2023-08-21 01:58:21 |
๐จ CVE-2023-4439A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The identifier of this vulnerability is VDB-237560.๐@cveNotify |
|
2023-08-21 01:58:19 |
๐จ CVE-2023-4436A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237557 was assigned to this vulnerability.๐@cveNotify |
|
2023-08-21 01:58:18 |
๐จ CVE-2023-4437A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237558 is the identifier assigned to this vulnerability.๐@cveNotify |
|
2023-08-20 22:58:11 |
๐จ CVE-2023-30861Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.2. The application sets `session.permanent = True`3. The application does not access or modify the session at any point during a request.4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.๐@cveNotify |
|
2023-08-20 20:58:12 |
๐จ CVE-2022-24989TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.๐@cveNotify |
|
2023-08-20 20:58:11 |
๐จ CVE-2023-36674An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.๐@cveNotify |
|
2023-08-20 16:58:11 |
๐จ CVE-2023-4451Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.๐@cveNotify |
|
2023-08-20 10:58:18 |
๐จ CVE-2023-37250Unity Parsec before 8 has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs.๐@cveNotify |
|
2023-08-20 10:58:17 |
๐จ CVE-2023-37369In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.๐@cveNotify |
|
2023-08-20 06:58:12 |
๐จ CVE-2023-2318DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.๐@cveNotify |
|
2023-08-19 22:00:37 |
๐จ CVE-2023-3609A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.๐@cveNotify |
|
2023-08-19 22:00:36 |
๐จ CVE-2023-3338A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.๐@cveNotify |
|
2023-08-19 22:00:35 |
๐จ CVE-2023-3090A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable ifย CONFIG_IPVLAN is enabled.We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.๐@cveNotify |
|
2023-08-19 22:00:33 |
๐จ CVE-2023-3389A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable andย 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).๐@cveNotify |
|
2023-08-19 22:00:32 |
๐จ CVE-2023-3212A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.๐@cveNotify |
|
2023-08-19 22:00:31 |
๐จ CVE-2023-35788An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.๐@cveNotify |
|
2023-08-19 22:00:29 |
๐จ CVE-2023-3268An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.๐@cveNotify |
|
2023-08-19 22:00:28 |
๐จ CVE-2023-3111A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().๐@cveNotify |
|
2023-08-19 22:00:26 |
๐จ CVE-2023-31084An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.๐@cveNotify |
|
2023-08-19 22:00:25 |
๐จ CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.ย ๐@cveNotify |
|
2023-08-19 22:00:23 |
๐จ CVE-2023-21255In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-19 22:00:22 |
๐จ CVE-2023-21400In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-19 22:00:21 |
๐จ CVE-2023-1206A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernelโs IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.๐@cveNotify |
|
2023-08-19 22:00:19 |
๐จ CVE-2023-2898There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.๐@cveNotify |
|
2023-08-19 22:00:18 |
๐จ CVE-2023-2002A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.๐@cveNotify |
|
2023-08-19 22:00:17 |
๐จ CVE-2023-2124An out-of-bounds memory access flaw was found in the Linux kernelโs XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.๐@cveNotify |
|
2023-08-19 22:00:15 |
๐จ CVE-2023-2269A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.๐@cveNotify |
|
2023-08-19 22:00:14 |
๐จ CVE-2023-2007The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.๐@cveNotify |
|
2023-08-19 22:00:13 |
๐จ CVE-2023-1380A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.๐@cveNotify |
|
2023-08-19 22:00:12 |
๐จ CVE-2022-4269A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.๐@cveNotify |
|
2023-08-19 12:00:59 |
๐จ CVE-2023-2318DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.๐@cveNotify |
|
2023-08-19 12:00:58 |
๐จ CVE-2023-2971Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.๐@cveNotify |
|
2023-08-19 06:01:41 |
๐จ CVE-2022-4918Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-19 06:01:40 |
๐จ CVE-2022-4920Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-19 06:01:39 |
๐จ CVE-2022-3443Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)๐@cveNotify |
|
2023-08-19 06:01:38 |
๐จ CVE-2022-3444Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)๐@cveNotify |
|
2023-08-19 06:01:35 |
๐จ CVE-2022-2477Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.๐@cveNotify |
|
2023-08-19 06:01:34 |
๐จ CVE-2022-2479Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.๐@cveNotify |
|
2023-08-19 06:01:33 |
๐จ CVE-2022-2481Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.๐@cveNotify |
|
2023-08-19 06:01:29 |
๐จ CVE-2022-1919Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.๐@cveNotify |
|
2023-08-19 06:01:28 |
๐จ CVE-2023-4432Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.๐@cveNotify |
|
2023-08-19 06:01:27 |
๐จ CVE-2023-3997Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the userโs terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal userโs action.๐@cveNotify |
|
2023-08-19 06:01:23 |
๐จ CVE-2022-46706A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.๐@cveNotify |
|
2023-08-19 06:01:22 |
๐จ CVE-2023-38857Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.๐@cveNotify |
|
2023-08-19 06:01:21 |
๐จ CVE-2023-38851Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.๐@cveNotify |
|
2023-08-19 00:58:19 |
๐จ CVE-2023-38839SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component.๐@cveNotify |
|
2023-08-19 00:58:18 |
๐จ CVE-2023-40037Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.๐@cveNotify |
|
2023-08-19 00:58:16 |
๐จ CVE-2023-40172Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-19 00:58:15 |
๐จ CVE-2023-40173Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.๐@cveNotify |
|
2023-08-19 00:58:14 |
๐จ CVE-2023-40174Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-19 00:58:13 |
๐จ CVE-2023-40175Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-18 22:58:24 |
๐จ CVE-2023-27471An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.๐@cveNotify |
|
2023-08-18 22:58:23 |
๐จ CVE-2023-38910CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.๐@cveNotify |
|
2023-08-18 22:58:22 |
๐จ CVE-2023-38911A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.๐@cveNotify |
|
2023-08-18 22:58:19 |
๐จ CVE-2023-4422Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.๐@cveNotify |
|
2023-08-18 22:58:18 |
๐จ CVE-2023-40342Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.๐@cveNotify |
|
2023-08-18 22:58:17 |
๐จ CVE-2023-40343Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.๐@cveNotify |
|
2023-08-18 22:58:13 |
๐จ CVE-2023-40344A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.๐@cveNotify |
|
2023-08-18 22:58:12 |
๐จ CVE-2023-40346Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.๐@cveNotify |
|
2023-08-18 22:58:11 |
๐จ CVE-2023-40347Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.๐@cveNotify |
|
2023-08-18 20:58:38 |
๐จ CVE-2023-31943SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.๐@cveNotify |
|
2023-08-18 20:58:37 |
๐จ CVE-2023-31944SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.๐@cveNotify |
|
2023-08-18 20:58:36 |
๐จ CVE-2023-31945SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php.๐@cveNotify |
|
2023-08-18 20:58:35 |
๐จ CVE-2023-31946File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php.๐@cveNotify |
|
2023-08-18 20:58:34 |
๐จ CVE-2023-39850Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.๐@cveNotify |
|
2023-08-18 20:58:30 |
๐จ CVE-2023-39851webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.๐@cveNotify |
|
2023-08-18 20:58:29 |
๐จ CVE-2023-21273In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-18 20:58:28 |
๐จ CVE-2022-22646This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to modify protected parts of the file system.๐@cveNotify |
|
2023-08-18 20:58:27 |
๐จ CVE-2020-36615An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution.๐@cveNotify |
|
2023-08-18 20:58:26 |
๐จ CVE-2023-21234In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-18 20:58:22 |
๐จ CVE-2023-22444Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-18 20:58:21 |
๐จ CVE-2023-21233In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-18 20:58:20 |
๐จ CVE-2023-21232In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-18 20:58:19 |
๐จ CVE-2023-21231In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-18 20:58:18 |
๐จ CVE-2023-21230In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-18 20:58:17 |
๐จ CVE-2022-37336Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-18 20:58:16 |
๐จ CVE-2023-27471An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.๐@cveNotify |
|
2023-08-18 20:58:15 |
๐จ CVE-2023-38890Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.๐@cveNotify |
|
2023-08-18 20:58:14 |
๐จ CVE-2023-38910CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.๐@cveNotify |
|
2023-08-18 20:58:13 |
๐จ CVE-2023-38911A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.๐@cveNotify |
|
2023-08-18 19:58:22 |
๐จ CVE-2023-4412A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-18 19:58:21 |
๐จ CVE-2023-38751Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation.๐@cveNotify |
|
2023-08-18 19:58:20 |
๐จ CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platformsย is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services.ย The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.ย OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.๐@cveNotify |
|
2023-08-18 17:58:13 |
๐จ CVE-2023-4407A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.๐@cveNotify |
|
2023-08-18 17:58:12 |
๐จ CVE-2023-3452The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.๐@cveNotify |
|
2023-08-18 14:58:14 |
๐จ CVE-2023-4407A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.๐@cveNotify |
|
2023-08-18 14:58:13 |
๐จ CVE-2023-32543Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-18 14:58:12 |
๐จ CVE-2023-27515Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.๐@cveNotify |
|
2023-08-18 12:58:25 |
๐จ CVE-2023-39445Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.๐@cveNotify |
|
2023-08-18 12:58:24 |
๐จ CVE-2023-39454Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code.๐@cveNotify |
|
2023-08-18 12:58:23 |
๐จ CVE-2023-39944OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.๐@cveNotify |
|
2023-08-18 12:58:19 |
๐จ CVE-2023-40069OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.๐@cveNotify |
|
2023-08-18 12:58:18 |
๐จ CVE-2023-32626Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.๐@cveNotify |
|
2023-08-18 12:58:17 |
๐จ CVE-2023-38132LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.๐@cveNotify |
|
2023-08-18 12:58:13 |
๐จ CVE-2023-39415Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an unintended operation.๐@cveNotify |
|
2023-08-18 12:58:12 |
๐จ CVE-2023-37567Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.๐@cveNotify |
|
2023-08-18 12:58:11 |
๐จ CVE-2023-37563ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.๐@cveNotify |
|
2023-08-18 10:58:12 |
๐จ CVE-2023-4040The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.๐@cveNotify |
|
2023-08-18 05:58:18 |
๐จ CVE-2023-30188Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.๐@cveNotify |
|
2023-08-18 05:58:17 |
๐จ CVE-2023-39666D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters.๐@cveNotify |
|
2023-08-18 00:58:33 |
๐จ CVE-2023-39971Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.๐@cveNotify |
|
2023-08-18 00:58:32 |
๐จ CVE-2023-39973Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.๐@cveNotify |
|
2023-08-18 00:58:31 |
๐จ CVE-2023-39974Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.๐@cveNotify |
|
2023-08-18 00:58:28 |
๐จ CVE-2023-37734EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.๐@cveNotify |
|
2023-08-18 00:58:27 |
๐จ CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-18 00:58:26 |
๐จ CVE-2022-44611Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.๐@cveNotify |
|
2023-08-18 00:58:22 |
๐จ CVE-2023-31939SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.๐@cveNotify |
|
2023-08-18 00:58:21 |
๐จ CVE-2023-31938SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.๐@cveNotify |
|
2023-08-18 00:58:20 |
๐จ CVE-2023-31942Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php.๐@cveNotify |
|
2023-08-18 00:58:16 |
๐จ CVE-2023-31944SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.๐@cveNotify |
|
2023-08-18 00:58:15 |
๐จ CVE-2023-36106An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.๐@cveNotify |
|
2023-08-17 20:58:45 |
๐จ CVE-2023-39741lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.๐@cveNotify |
|
2023-08-17 20:58:43 |
๐จ CVE-2023-39743lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.๐@cveNotify |
|
2023-08-17 20:58:40 |
๐จ CVE-2023-40313A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.๐@cveNotify |
|
2023-08-17 20:58:38 |
๐จ CVE-2023-40272Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.It is recommended to upgrade to a version that is not affected.๐@cveNotify |
|
2023-08-17 20:58:36 |
๐จ CVE-2023-4382A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-17 20:58:35 |
๐จ CVE-2023-40338Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.๐@cveNotify |
|
2023-08-17 20:58:33 |
๐จ CVE-2023-40341A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.๐@cveNotify |
|
2023-08-17 20:58:32 |
๐จ CVE-2023-40342Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.๐@cveNotify |
|
2023-08-17 20:58:30 |
๐จ CVE-2023-40343Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.๐@cveNotify |
|
2023-08-17 20:58:26 |
๐จ CVE-2023-40344A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.๐@cveNotify |
|
2023-08-17 20:58:25 |
๐จ CVE-2023-40345Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.๐@cveNotify |
|
2023-08-17 20:58:23 |
๐จ CVE-2023-40346Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.๐@cveNotify |
|
2023-08-17 20:58:22 |
๐จ CVE-2023-40347Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.๐@cveNotify |
|
2023-08-17 20:58:20 |
๐จ CVE-2023-40348The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.๐@cveNotify |
|
2023-08-17 20:58:19 |
๐จ CVE-2023-40349Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.๐@cveNotify |
|
2023-08-17 20:58:18 |
๐จ CVE-2023-40350Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.๐@cveNotify |
|
2023-08-17 20:58:17 |
๐จ CVE-2023-40351A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.๐@cveNotify |
|
2023-08-17 20:58:15 |
๐จ CVE-2023-40336A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.๐@cveNotify |
|
2023-08-17 20:58:14 |
๐จ CVE-2023-40337A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.๐@cveNotify |
|
2023-08-17 20:58:13 |
๐จ CVE-2023-40339Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.๐@cveNotify |
|
2023-08-17 18:58:37 |
๐จ CVE-2018-3657Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.๐@cveNotify |
|
2023-08-17 18:58:36 |
๐จ CVE-2017-5698Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.๐@cveNotify |
|
2023-08-17 18:58:35 |
๐จ CVE-2023-34419A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.๐@cveNotify |
|
2023-08-17 18:58:34 |
๐จ CVE-2023-3078An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.๐@cveNotify |
|
2023-08-17 18:58:33 |
๐จ CVE-2023-4028A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.๐@cveNotify |
|
2023-08-17 18:58:32 |
๐จ CVE-2023-4029A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.๐@cveNotify |
|
2023-08-17 18:58:31 |
๐จ CVE-2023-4030A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.๐@cveNotify |
|
2023-08-17 18:58:30 |
๐จ CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platformsย is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services.ย The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.ย OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.๐@cveNotify |
|
2023-08-17 18:58:28 |
๐จ CVE-2023-26756The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks.๐@cveNotify |
|
2023-08-17 18:58:27 |
๐จ CVE-2022-25864Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-17 18:58:23 |
๐จ CVE-2022-27635Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-17 18:58:22 |
๐จ CVE-2022-36351Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.๐@cveNotify |
|
2023-08-17 18:58:21 |
๐จ CVE-2022-37343Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-17 18:58:20 |
๐จ CVE-2022-38076Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-17 18:58:19 |
๐จ CVE-2022-40964Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-17 18:58:18 |
๐จ CVE-2022-43456Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-17 18:58:17 |
๐จ CVE-2022-46329Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-17 18:58:16 |
๐จ CVE-2023-37511If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved.๐@cveNotify |
|
2023-08-17 18:58:15 |
๐จ CVE-2023-26587Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-17 18:58:14 |
๐จ CVE-2023-29243Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.๐@cveNotify |
|
2023-08-17 16:58:35 |
๐จ CVE-2021-28500An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA APIโs by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.๐@cveNotify |
|
2023-08-17 16:58:34 |
๐จ CVE-2023-22356Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-17 16:58:33 |
๐จ CVE-2023-32285Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.๐@cveNotify |
|
2023-08-17 16:58:32 |
๐จ CVE-2023-39396Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.๐@cveNotify |
|
2023-08-17 16:58:28 |
๐จ CVE-2023-23342If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented.ย ๐@cveNotify |
|
2023-08-17 16:58:27 |
๐จ CVE-2023-38034A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products:All UniFi Access Points (Version 6.5.53 and earlier)All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation:Update UniFi Access Points to Version 6.5.62 or later.Update UniFi Switches to Version 6.5.59 or later.๐@cveNotify |
|
2023-08-17 16:58:26 |
๐จ CVE-2022-34657Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-17 16:58:22 |
๐จ CVE-2022-36372Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-17 16:58:21 |
๐จ CVE-2023-22330Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-17 16:58:20 |
๐จ CVE-2020-25575** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010.๐@cveNotify |
|
2023-08-17 16:58:19 |
๐จ CVE-2023-35163Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vegaโs Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a partyโs general account on Vega, can be re-processed 50 times resulting in 5000USDT in that partyโs general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network.A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited.๐@cveNotify |
|
2023-08-17 16:58:16 |
๐จ CVE-2023-39393Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.๐@cveNotify |
|
2023-08-17 16:58:15 |
๐จ CVE-2023-39388Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.๐@cveNotify |
|
2023-08-17 16:58:14 |
๐จ CVE-2023-39389Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.๐@cveNotify |
|
2023-08-17 16:58:13 |
๐จ CVE-2023-39269A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition.An attacker may cause total loss of availability of the web server, which might recover after the attack is over.๐@cveNotify |
|
2023-08-17 14:58:32 |
๐จ CVE-2023-39394Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified.๐@cveNotify |
|
2023-08-17 14:58:31 |
๐จ CVE-2023-39395Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.๐@cveNotify |
|
2023-08-17 14:58:27 |
๐จ CVE-2023-39404Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.๐@cveNotify |
|
2023-08-17 14:58:26 |
๐จ CVE-2023-39397Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.๐@cveNotify |
|
2023-08-17 14:58:25 |
๐จ CVE-2023-39398Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.๐@cveNotify |
|
2023-08-17 14:58:24 |
๐จ CVE-2023-39392Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.๐@cveNotify |
|
2023-08-17 14:58:20 |
๐จ CVE-2023-39399Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.๐@cveNotify |
|
2023-08-17 14:58:19 |
๐จ CVE-2023-39403Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.๐@cveNotify |
|
2023-08-17 14:58:18 |
๐จ CVE-2020-36023An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.๐@cveNotify |
|
2023-08-17 14:58:14 |
๐จ CVE-2023-38902An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P218, RG-EG series business VPN routers v.EG_3.0(1)B11P216, EAP and RAP series wireless access points v.AP_3.0(1)B11P218, and NBC series wireless controllers v.AC_3.0(1)B11P86 allows a remote attacker to execute arbitrary code via the unifyframe-sgi.elf component in sub_40DA38.๐@cveNotify |
|
2023-08-17 14:58:13 |
๐จ CVE-2021-28427Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.๐@cveNotify |
|
2023-08-17 14:58:12 |
๐จ CVE-2023-3697Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.๐@cveNotify |
|
2023-08-17 13:58:13 |
๐จ CVE-2023-29182A stack-based buffer overflow vulnerability [CWE-121]ย in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.๐@cveNotify |
|
2023-08-17 13:58:12 |
๐จ CVE-2023-2910Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.๐@cveNotify |
|
2023-08-17 13:58:11 |
๐จ CVE-2023-3698Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.๐@cveNotify |
|
2023-08-17 10:58:18 |
๐จ CVE-2023-34216TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. ๐@cveNotify |
|
2023-08-17 10:58:17 |
๐จ CVE-2023-40251Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-17 10:58:13 |
๐จ CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-17 10:58:12 |
๐จ CVE-2023-40253Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-17 10:58:11 |
๐จ CVE-2023-40254Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-17 05:58:37 |
๐จ CVE-2023-34214TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. ๐@cveNotify |
|
2023-08-17 05:58:36 |
๐จ CVE-2023-39383Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.๐@cveNotify |
|
2023-08-17 05:58:35 |
๐จ CVE-2023-39380Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.๐@cveNotify |
|
2023-08-17 05:58:34 |
๐จ CVE-2023-33237TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.ย ๐@cveNotify |
|
2023-08-17 05:58:30 |
๐จ CVE-2023-39381 Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.๐@cveNotify |
|
2023-08-17 05:58:29 |
๐จ CVE-2020-36024An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.๐@cveNotify |
|
2023-08-17 05:58:28 |
๐จ CVE-2020-24922Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.๐@cveNotify |
|
2023-08-17 05:58:24 |
๐จ CVE-2020-28848CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.๐@cveNotify |
|
2023-08-17 05:58:23 |
๐จ CVE-2020-28849Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.๐@cveNotify |
|
2023-08-17 05:58:22 |
๐จ CVE-2023-4273A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.๐@cveNotify |
|
2023-08-17 05:58:18 |
๐จ CVE-2020-24904An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.๐@cveNotify |
|
2023-08-17 05:58:17 |
๐จ CVE-2020-23595Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.๐@cveNotify |
|
2023-08-17 05:58:16 |
๐จ CVE-2023-25757Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.๐@cveNotify |
|
2023-08-17 00:58:31 |
๐จ CVE-2023-35009IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.๐@cveNotify |
|
2023-08-17 00:58:30 |
๐จ CVE-2023-20013Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.๐@cveNotify |
|
2023-08-17 00:58:29 |
๐จ CVE-2023-20111A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface and viewing hidden fields within the application. A successful exploit could allow the attacker to access sensitive information, including device entry credentials, that could aid the attacker in further attacks.๐@cveNotify |
|
2023-08-17 00:58:25 |
๐จ CVE-2023-20197A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .๐@cveNotify |
|
2023-08-17 00:58:24 |
๐จ CVE-2023-20203Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.๐@cveNotify |
|
2023-08-17 00:58:23 |
๐จ CVE-2023-20211A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by authenticating to the application as a user with read-only or higher privileges and sending crafted HTTP requests to an affected system. A successful exploit could allow the attacker to read or modify data in the underlying database or elevate their privileges.๐@cveNotify |
|
2023-08-17 00:58:19 |
๐จ CVE-2023-20221A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.๐@cveNotify |
|
2023-08-17 00:58:18 |
๐จ CVE-2023-20222A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.๐@cveNotify |
|
2023-08-17 00:58:17 |
๐จ CVE-2023-20229A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a directory traversal attack on an affected host. A successful exploit could allow an attacker to use a cryptographic key to overwrite arbitrary files with SYSTEM-level privileges, resulting in a denial of service (DoS) condition or data loss on the affected system.๐@cveNotify |
|
2023-08-17 00:58:13 |
๐จ CVE-2023-20232A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit could allow the attacker to cause the internal WebProxy to redirect users to an attacker-controlled host.๐@cveNotify |
|
2023-08-17 00:58:12 |
๐จ CVE-2023-38894A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.๐@cveNotify |
|
2023-08-17 00:58:11 |
๐จ CVE-2023-39846An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.๐@cveNotify |
|
2023-08-16 22:58:40 |
๐จ CVE-2023-27506Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-16 22:58:39 |
๐จ CVE-2023-2905Due to a failure in validating the length of a provided MQTT_CMD_PUBLISHย parsed message with a variable length header, Cesanta Mongoose, anย embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.๐@cveNotify |
|
2023-08-16 22:58:38 |
๐จ CVE-2023-25182Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-16 22:58:34 |
๐จ CVE-2023-27392Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-16 22:58:33 |
๐จ CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.๐@cveNotify |
|
2023-08-16 22:58:32 |
๐จ CVE-2021-25864node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.๐@cveNotify |
|
2023-08-16 22:58:29 |
๐จ CVE-2023-39952Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available.๐@cveNotify |
|
2023-08-16 22:58:28 |
๐จ CVE-2023-28075Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.๐@cveNotify |
|
2023-08-16 22:58:27 |
๐จ CVE-2023-4382A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-16 22:58:23 |
๐จ CVE-2023-4384A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.๐@cveNotify |
|
2023-08-16 22:58:22 |
๐จ CVE-2021-27523An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.๐@cveNotify |
|
2023-08-16 22:58:21 |
๐จ CVE-2023-32609Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-16 20:58:38 |
๐จ CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.๐@cveNotify |
|
2023-08-16 20:58:37 |
๐จ CVE-2023-34615An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.๐@cveNotify |
|
2023-08-16 20:58:36 |
๐จ CVE-2023-4387A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.๐@cveNotify |
|
2023-08-16 20:58:32 |
๐จ CVE-2023-4389A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.๐@cveNotify |
|
2023-08-16 20:58:31 |
๐จ CVE-2023-39953user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available.๐@cveNotify |
|
2023-08-16 20:58:30 |
๐จ CVE-2023-39250Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.๐@cveNotify |
|
2023-08-16 20:58:26 |
๐จ CVE-2023-4385A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.๐@cveNotify |
|
2023-08-16 20:58:25 |
๐จ CVE-2023-399651Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.๐@cveNotify |
|
2023-08-16 20:58:24 |
๐จ CVE-2019-13192Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.๐@cveNotify |
|
2023-08-16 20:58:21 |
๐จ CVE-2019-13194Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.๐@cveNotify |
|
2023-08-16 20:58:20 |
๐จ CVE-2023-399641Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.๐@cveNotify |
|
2023-08-16 20:58:19 |
๐จ CVE-2023-39961Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.๐@cveNotify |
|
2023-08-16 20:58:18 |
๐จ CVE-2023-33468KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.๐@cveNotify |
|
2023-08-16 19:58:30 |
๐จ CVE-2021-34704A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.๐@cveNotify |
|
2023-08-16 19:58:26 |
๐จ CVE-2021-1493A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.๐@cveNotify |
|
2023-08-16 19:58:25 |
๐จ CVE-2021-1476A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials.๐@cveNotify |
|
2023-08-16 19:58:24 |
๐จ CVE-2021-1488A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS.๐@cveNotify |
|
2023-08-16 19:58:20 |
๐จ CVE-2023-20006A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.๐@cveNotify |
|
2023-08-16 19:58:19 |
๐จ CVE-2022-20826A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust.๐@cveNotify |
|
2023-08-16 19:58:15 |
๐จ CVE-2022-20947A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.๐@cveNotify |
|
2023-08-16 19:58:14 |
๐จ CVE-2022-20795A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service (DoS) condition. This vulnerability is due to suboptimal processing that occurs when establishing a DTLS tunnel as part of an AnyConnect SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted DTLS traffic to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected VPN headend device. This could cause existing DTLS tunnels to stop passing traffic and prevent new DTLS tunnels from establishing, resulting in a DoS condition. Note: When the attack traffic stops, the device recovers gracefully.๐@cveNotify |
|
2023-08-16 16:58:33 |
๐จ CVE-2023-32487Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure. ๐@cveNotify |
|
2023-08-16 16:58:32 |
๐จ CVE-2023-32486Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.๐@cveNotify |
|
2023-08-16 16:58:31 |
๐จ CVE-2023-32492Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.๐@cveNotify |
|
2023-08-16 16:58:27 |
๐จ CVE-2023-32493Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.๐@cveNotify |
|
2023-08-16 16:58:26 |
๐จ CVE-2020-26037Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.๐@cveNotify |
|
2023-08-16 16:58:25 |
๐จ CVE-2023-32494Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.๐@cveNotify |
|
2023-08-16 16:58:24 |
๐จ CVE-2023-38904A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.๐@cveNotify |
|
2023-08-16 16:58:20 |
๐จ CVE-2023-40338Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.๐@cveNotify |
|
2023-08-16 16:58:19 |
๐จ CVE-2023-40342Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.๐@cveNotify |
|
2023-08-16 16:58:18 |
๐จ CVE-2023-40343Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.๐@cveNotify |
|
2023-08-16 16:58:14 |
๐จ CVE-2023-40344A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.๐@cveNotify |
|
2023-08-16 16:58:13 |
๐จ CVE-2023-40346Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.๐@cveNotify |
|
2023-08-16 16:58:12 |
๐จ CVE-2023-40347Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.๐@cveNotify |
|
2023-08-16 16:58:11 |
๐จ CVE-2023-40348The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.๐@cveNotify |
|
2023-08-16 14:58:35 |
๐จ CVE-2023-0551The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachments๐@cveNotify |
|
2023-08-16 14:58:34 |
๐จ CVE-2023-0579The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.๐@cveNotify |
|
2023-08-16 14:58:33 |
๐จ CVE-2023-1465The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as admin๐@cveNotify |
|
2023-08-16 14:58:32 |
๐จ CVE-2023-1977The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.๐@cveNotify |
|
2023-08-16 14:58:28 |
๐จ CVE-2023-2122The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.๐@cveNotify |
|
2023-08-16 14:58:27 |
๐จ CVE-2023-2225The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).๐@cveNotify |
|
2023-08-16 14:58:26 |
๐จ CVE-2023-2254The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.๐@cveNotify |
|
2023-08-16 14:58:25 |
๐จ CVE-2023-2271The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack๐@cveNotify |
|
2023-08-16 14:58:22 |
๐จ CVE-2023-2272The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin๐@cveNotify |
|
2023-08-16 14:58:21 |
๐จ CVE-2022-4782The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.๐@cveNotify |
|
2023-08-16 14:58:20 |
๐จ CVE-2023-31448A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L๐@cveNotify |
|
2023-08-16 14:58:19 |
๐จ CVE-2023-31449A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L๐@cveNotify |
|
2023-08-16 14:58:15 |
๐จ CVE-2023-31452A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H๐@cveNotify |
|
2023-08-16 14:58:14 |
๐จ CVE-2023-32782A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H๐@cveNotify |
|
2023-08-16 14:58:13 |
๐จ CVE-2023-37581Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?๐@cveNotify |
|
2023-08-16 11:58:25 |
๐จ CVE-2023-37581Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?๐@cveNotify |
|
2023-08-16 11:58:24 |
๐จ CVE-2023-3632Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.๐@cveNotify |
|
2023-08-16 11:58:20 |
๐จ CVE-2023-3817Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. After fixingCVE-2023-3446 it was discovered that a large q parameter value can also triggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.๐@cveNotify |
|
2023-08-16 11:58:19 |
๐จ CVE-2023-3446Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of thosechecks confirms that the modulus ('p' parameter) is not too large. Trying to usea very large modulus is slow and OpenSSL will not normally use a modulus whichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parametersthat have been supplied. Some of those checks use the supplied modulus valueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.๐@cveNotify |
|
2023-08-16 11:58:18 |
๐จ CVE-2023-2330The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack๐@cveNotify |
|
2023-08-16 11:58:14 |
๐จ CVE-2023-2886Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.๐@cveNotify |
|
2023-08-16 11:58:13 |
๐จ CVE-2023-3958The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.๐@cveNotify |
|
2023-08-16 11:58:12 |
๐จ CVE-2023-4374The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.๐@cveNotify |
|
2023-08-16 05:58:27 |
๐จ CVE-2023-32003`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.๐@cveNotify |
|
2023-08-16 05:58:22 |
๐จ CVE-2023-32006The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.๐@cveNotify |
|
2023-08-16 05:58:21 |
๐จ CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platformsย is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services.ย The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.ย OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.๐@cveNotify |
|
2023-08-16 05:58:20 |
๐จ CVE-2022-40982Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-16 05:58:19 |
๐จ CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-16 05:58:15 |
๐จ CVE-2023-23908Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-16 05:58:14 |
๐จ CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.๐@cveNotify |
|
2023-08-16 05:58:13 |
๐จ CVE-2023-27561runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.๐@cveNotify |
|
2023-08-16 05:58:12 |
๐จ CVE-2019-19921runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)๐@cveNotify |
|
2023-08-16 01:58:14 |
๐จ CVE-2023-20560Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzenโข Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.๐@cveNotify |
|
2023-08-16 01:58:13 |
๐จ CVE-2023-39849Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.๐@cveNotify |
|
2023-08-16 01:58:12 |
๐จ CVE-2023-39851webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.๐@cveNotify |
|
2023-08-15 22:58:25 |
๐จ CVE-2023-32563An unauthenticated attacker could achieve the code execution through a RemoteControl server.๐@cveNotify |
|
2023-08-15 22:58:24 |
๐จ CVE-2023-32564An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.๐@cveNotify |
|
2023-08-15 22:58:23 |
๐จ CVE-2023-4282The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.๐@cveNotify |
|
2023-08-15 22:58:22 |
๐จ CVE-2023-32562An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.๐@cveNotify |
|
2023-08-15 22:58:21 |
๐จ CVE-2023-38401A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevateย privileges. Successful exploitation could allow execution ofย arbitrary code with NT AUTHORITY\SYSTEM privileges on theย operating system.๐@cveNotify |
|
2023-08-15 22:58:17 |
๐จ CVE-2023-38402A vulnerability in the HPE Aruba Networking Virtual Intranetย Access (VIA) client could allow malicious users to overwriteย arbitrary files as NT AUTHORITY\SYSTEM. A successfulย exploit could allow these malicious users to create aย Denial-of-Service (DoS) condition affecting the Microsoftย Windows operating System boot process.๐@cveNotify |
|
2023-08-15 22:58:15 |
๐จ CVE-2023-38862An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.๐@cveNotify |
|
2023-08-15 22:58:14 |
๐จ CVE-2023-38863An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.๐@cveNotify |
|
2023-08-15 22:58:13 |
๐จ CVE-2023-38865COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.๐@cveNotify |
|
2023-08-15 20:58:28 |
๐จ CVE-2023-4345Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user๐@cveNotify |
|
2023-08-15 20:58:25 |
๐จ CVE-2023-38401A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevateย privileges. Successful exploitation could allow execution ofย arbitrary code with NT AUTHORITY\SYSTEM privileges on theย operating system.๐@cveNotify |
|
2023-08-15 20:58:24 |
๐จ CVE-2023-38861An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.๐@cveNotify |
|
2023-08-15 20:58:23 |
๐จ CVE-2023-38863An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.๐@cveNotify |
|
2023-08-15 20:58:19 |
๐จ CVE-2023-4323Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup๐@cveNotify |
|
2023-08-15 20:58:18 |
๐จ CVE-2023-4326Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites๐@cveNotify |
|
2023-08-15 20:58:14 |
๐จ CVE-2023-4328Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux๐@cveNotify |
|
2023-08-15 20:58:13 |
๐จ CVE-2023-4330Broadcom RAID Controller web interface is vulnerable Denial of Service can be caused by an authenticated user to the REST API Interface๐@cveNotify |
|
2023-08-15 20:58:12 |
๐จ CVE-2023-4331Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols๐@cveNotify |
|
2023-08-15 18:58:28 |
๐จ CVE-2023-32781An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.๐@cveNotify |
|
2023-08-15 18:58:27 |
๐จ CVE-2023-31450An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine.๐@cveNotify |
|
2023-08-15 18:58:23 |
๐จ CVE-2023-29303Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-08-15 18:58:22 |
๐จ CVE-2023-38233Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-08-15 18:58:21 |
๐จ CVE-2023-38234Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-08-15 18:58:17 |
๐จ CVE-2023-38236Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-08-15 18:58:16 |
๐จ CVE-2023-38238Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-08-15 18:58:15 |
๐จ CVE-2023-38239Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-08-15 17:58:47 |
๐จ CVE-2023-39212Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.๐@cveNotify |
|
2023-08-15 17:58:45 |
๐จ CVE-2019-1714A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.๐@cveNotify |
|
2023-08-15 17:58:44 |
๐จ CVE-2019-1687A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted TCP packet sequence to the targeted device. A successful exploit could allow the attacker to cause a DoS condition.๐@cveNotify |
|
2023-08-15 17:58:43 |
๐จ CVE-2019-1701Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities.๐@cveNotify |
|
2023-08-15 17:58:41 |
๐จ CVE-2019-1708A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.๐@cveNotify |
|
2023-08-15 17:58:40 |
๐จ CVE-2019-1706A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition.๐@cveNotify |
|
2023-08-15 17:58:39 |
๐จ CVE-2019-1705A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition.๐@cveNotify |
|
2023-08-15 17:58:37 |
๐จ CVE-2019-1693A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition.๐@cveNotify |
|
2023-08-15 17:58:36 |
๐จ CVE-2019-1697A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets sent to an affected device. An attacker could exploit these vulnerabilities by sending a crafted LDAP packet, using Basic Encoding Rules (BER), to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.๐@cveNotify |
|
2023-08-15 17:58:35 |
๐จ CVE-2019-1695A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry.๐@cveNotify |
|
2023-08-15 17:58:33 |
๐จ CVE-2020-3166A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS.๐@cveNotify |
|
2023-08-15 17:58:32 |
๐จ CVE-2018-15388A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition.๐@cveNotify |
|
2023-08-15 17:58:31 |
๐จ CVE-2020-3167A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.๐@cveNotify |
|
2023-08-15 17:58:30 |
๐จ CVE-2018-15454A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.๐@cveNotify |
|
2023-08-15 17:58:29 |
๐จ CVE-2019-1694A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots.๐@cveNotify |
|
2023-08-15 17:58:28 |
๐จ CVE-2019-1713A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device.๐@cveNotify |
|
2023-08-15 17:58:27 |
๐จ CVE-2019-15256A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker's source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device.๐@cveNotify |
|
2023-08-15 17:58:26 |
๐จ CVE-2018-15465A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.๐@cveNotify |
|
2023-08-15 17:58:25 |
๐จ CVE-2018-15383A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition.๐@cveNotify |
|
2023-08-15 17:58:24 |
๐จ CVE-2018-15397A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition.๐@cveNotify |
|
2023-08-15 13:58:14 |
๐จ CVE-2023-2916The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.๐@cveNotify |
|
2023-08-15 13:58:13 |
๐จ CVE-2023-4308The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โuser-submitted-contentโ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.๐@cveNotify |
|
2023-08-15 06:58:15 |
๐จ CVE-2023-36482An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.๐@cveNotify |
|
2023-08-15 00:58:31 |
๐จ CVE-2022-46706A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.๐@cveNotify |
|
2023-08-15 00:58:30 |
๐จ CVE-2022-46722A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.๐@cveNotify |
|
2023-08-15 00:58:29 |
๐จ CVE-2022-46725A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.๐@cveNotify |
|
2023-08-15 00:58:25 |
๐จ CVE-2023-27939An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.๐@cveNotify |
|
2023-08-15 00:58:24 |
๐จ CVE-2023-27947An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.๐@cveNotify |
|
2023-08-15 00:58:23 |
๐จ CVE-2023-28179The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory.๐@cveNotify |
|
2023-08-15 00:58:19 |
๐จ CVE-2023-28198A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.๐@cveNotify |
|
2023-08-15 00:58:18 |
๐จ CVE-2023-32358A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.๐@cveNotify |
|
2023-08-15 00:58:17 |
๐จ CVE-2023-21230In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-15 00:58:13 |
๐จ CVE-2023-21232In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-15 00:58:12 |
๐จ CVE-2023-21235In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-14 23:58:34 |
๐จ CVE-2023-21268In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-14 23:58:33 |
๐จ CVE-2023-21269In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.๐@cveNotify |
|
2023-08-14 23:58:32 |
๐จ CVE-2023-38687Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is opened. Item names given to Svelecte appear to be directly rendered as HTML by the default item renderer. This means that any HTML tags in the name are rendered as HTML elements not as text. Note that the custom item renderer shown in https://mskocik.github.io/svelecte/#item-rendering is also vulnerable to the same exploit. Any site that uses Svelecte with dynamically created items either from an external source or from user-created content could be vulnerable to an XSS attack (execution of untrusted JavaScript), clickjacking or any other attack that can be performed with arbitrary HTML injection. The actual impact of this vulnerability for a specific application depends on how trustworthy the sources that provide Svelecte items are and the steps that the application has taken to mitigate XSS attacks. XSS attacks using this vulnerability are mostly mitigated by a Content Security Policy that blocks inline JavaScript. This issue has been addressed in version 3.16.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-14 23:58:31 |
๐จ CVE-2023-39827Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function.๐@cveNotify |
|
2023-08-14 23:58:30 |
๐จ CVE-2023-39828Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.๐@cveNotify |
|
2023-08-14 23:58:28 |
๐จ CVE-2023-39829Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWirelessRepeat function.๐@cveNotify |
|
2023-08-14 23:58:27 |
๐จ CVE-2023-39950efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.๐@cveNotify |
|
2023-08-14 23:58:26 |
๐จ CVE-2023-40013SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive. Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-14 23:58:25 |
๐จ CVE-2023-40020PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions `app/routes/v3/admin.controller.ts` did not correctly verify whether the user was an administrator (High Level) or moderator (Low Level) causing the request to continue processing. The response would be a 403 with ADMIN_ONLY, however, next() would call leading to any updates/changes in the route to process. This issue has been addressed in version 3.2.49. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-14 23:58:24 |
๐จ CVE-2022-4953The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.๐@cveNotify |
|
2023-08-14 23:58:22 |
๐จ CVE-2023-2606The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).๐@cveNotify |
|
2023-08-14 23:58:21 |
๐จ CVE-2023-2802The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-08-14 23:58:20 |
๐จ CVE-2023-2803The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.๐@cveNotify |
|
2023-08-14 23:58:19 |
๐จ CVE-2023-3328The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-08-14 23:58:18 |
๐จ CVE-2023-3435The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.๐@cveNotify |
|
2023-08-14 23:58:17 |
๐จ CVE-2023-3601The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor.๐@cveNotify |
|
2023-08-14 23:58:16 |
๐จ CVE-2023-3645The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-08-14 23:58:15 |
๐จ CVE-2023-3721The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-08-14 23:58:14 |
๐จ CVE-2023-40023yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade.๐@cveNotify |
|
2023-08-14 23:58:12 |
๐จ CVE-2023-40024ScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.๐@cveNotify |
|
2023-08-14 20:58:32 |
๐จ CVE-2023-3526In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.๐@cveNotify |
|
2023-08-14 20:58:31 |
๐จ CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.๐@cveNotify |
|
2023-08-14 20:58:30 |
๐จ CVE-2023-28530IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.๐@cveNotify |
|
2023-08-14 20:58:29 |
๐จ CVE-2023-34034Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.๐@cveNotify |
|
2023-08-14 20:58:26 |
๐จ CVE-2023-34330AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.ย ๐@cveNotify |
|
2023-08-14 20:58:25 |
๐จ CVE-2023-34329AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.๐@cveNotify |
|
2023-08-14 20:58:24 |
๐จ CVE-2022-24834Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.๐@cveNotify |
|
2023-08-14 20:58:23 |
๐จ CVE-2023-29406The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.๐@cveNotify |
|
2023-08-14 20:58:20 |
๐จ CVE-2023-36824Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.๐@cveNotify |
|
2023-08-14 20:58:19 |
๐จ CVE-2023-28953IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.๐@cveNotify |
|
2023-08-14 20:58:18 |
๐จ CVE-2023-32748The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.๐@cveNotify |
|
2023-08-14 20:58:14 |
๐จ CVE-2023-38741IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905.๐@cveNotify |
|
2023-08-14 20:58:13 |
๐จ CVE-2023-40312Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload.ย The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanksย Jordi Miralles Comins for reporting this issue.๐@cveNotify |
|
2023-08-14 20:58:12 |
๐จ CVE-2023-40360QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.๐@cveNotify |
|
2023-08-14 18:58:23 |
๐จ CVE-2022-36113Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain.Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.๐@cveNotify |
|
2023-08-14 18:58:20 |
๐จ CVE-2022-36114Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.๐@cveNotify |
|
2023-08-14 18:58:19 |
๐จ CVE-2023-4009In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.๐@cveNotify |
|
2023-08-14 18:58:18 |
๐จ CVE-2023-30682Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.๐@cveNotify |
|
2023-08-14 18:58:14 |
๐จ CVE-2023-30684Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.๐@cveNotify |
|
2023-08-14 18:58:13 |
๐จ CVE-2023-30687Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.๐@cveNotify |
|
2023-08-14 16:58:33 |
๐จ CVE-2023-31041An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.๐@cveNotify |
|
2023-08-14 16:58:32 |
๐จ CVE-2023-30688Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.๐@cveNotify |
|
2023-08-14 16:58:31 |
๐จ CVE-2023-30679Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.๐@cveNotify |
|
2023-08-14 16:58:30 |
๐จ CVE-2023-38212Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.๐@cveNotify |
|
2023-08-14 16:58:26 |
๐จ CVE-2023-33250The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.๐@cveNotify |
|
2023-08-14 16:58:25 |
๐จ CVE-2023-4242The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.๐@cveNotify |
|
2023-08-14 16:58:24 |
๐จ CVE-2020-36023An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.๐@cveNotify |
|
2023-08-14 16:58:20 |
๐จ CVE-2023-36344An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.๐@cveNotify |
|
2023-08-14 16:58:19 |
๐จ CVE-2023-4219A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.๐@cveNotify |
|
2023-08-14 16:58:18 |
๐จ CVE-2023-37728IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.๐@cveNotify |
|
2023-08-14 16:58:14 |
๐จ CVE-2023-1119The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.๐@cveNotify |
|
2023-08-14 16:58:13 |
๐จ CVE-2022-31595SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.๐@cveNotify |
|
2023-08-14 16:58:12 |
๐จ CVE-2023-39006The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization.๐@cveNotify |
|
2023-08-14 15:58:36 |
๐จ CVE-2022-22528SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.๐@cveNotify |
|
2023-08-14 15:58:35 |
๐จ CVE-2023-3160The vulnerability potentially allows an attacker to misuse ESETโs file operations during the module update to delete or move files without having proper permissions.๐@cveNotify |
|
2023-08-14 15:58:34 |
๐จ CVE-2023-4321Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.๐@cveNotify |
|
2023-08-14 15:58:30 |
๐จ CVE-2023-3264The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.๐@cveNotify |
|
2023-08-14 15:58:29 |
๐จ CVE-2023-3266A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.๐@cveNotify |
|
2023-08-14 15:58:28 |
๐จ CVE-2023-3267When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.๐@cveNotify |
|
2023-08-14 15:58:25 |
๐จ CVE-2023-40303GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.๐@cveNotify |
|
2023-08-14 15:58:24 |
๐จ CVE-2023-40274An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.๐@cveNotify |
|
2023-08-14 15:58:23 |
๐จ CVE-2023-3259The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user information๐@cveNotify |
|
2023-08-14 15:58:19 |
๐จ CVE-2023-3260When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.๐@cveNotify |
|
2023-08-14 15:58:18 |
๐จ CVE-2023-3262The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.๐@cveNotify |
|
2023-08-14 15:58:17 |
๐จ CVE-2023-40292Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.๐@cveNotify |
|
2023-08-13 23:58:13 |
๐จ CVE-2023-23208Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.๐@cveNotify |
|
2023-08-13 23:58:12 |
๐จ CVE-2020-13654XWiki Platform before 12.8 mishandles escaping in the property displayer.๐@cveNotify |
|
2023-08-13 20:58:12 |
๐จ CVE-2023-32627A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.๐@cveNotify |
|
2023-08-13 20:58:11 |
๐จ CVE-2023-2255Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.๐@cveNotify |
|
2023-08-13 15:58:37 |
๐จ CVE-2023-39398Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.๐@cveNotify |
|
2023-08-13 15:58:36 |
๐จ CVE-2023-39399Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.๐@cveNotify |
|
2023-08-13 15:58:35 |
๐จ CVE-2023-39400Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.๐@cveNotify |
|
2023-08-13 15:58:34 |
๐จ CVE-2023-39401Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.๐@cveNotify |
|
2023-08-13 15:58:33 |
๐จ CVE-2023-39402Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.๐@cveNotify |
|
2023-08-13 15:58:30 |
๐จ CVE-2023-39403Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.๐@cveNotify |
|
2023-08-13 15:58:29 |
๐จ CVE-2023-39406Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.๐@cveNotify |
|
2023-08-13 15:58:28 |
๐จ CVE-2023-39380Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.๐@cveNotify |
|
2023-08-13 15:58:24 |
๐จ CVE-2023-39381 Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.๐@cveNotify |
|
2023-08-13 15:58:23 |
๐จ CVE-2023-39383Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.๐@cveNotify |
|
2023-08-13 15:58:22 |
๐จ CVE-2023-39388Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.๐@cveNotify |
|
2023-08-13 15:58:18 |
๐จ CVE-2023-39389Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.๐@cveNotify |
|
2023-08-13 15:58:17 |
๐จ CVE-2023-39392Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.๐@cveNotify |
|
2023-08-13 15:58:16 |
๐จ CVE-2023-39393Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.๐@cveNotify |
|
2023-08-13 15:58:15 |
๐จ CVE-2023-39396Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.๐@cveNotify |
|
2023-08-13 15:58:14 |
๐จ CVE-2023-39405Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.๐@cveNotify |
|
2023-08-13 01:03:57 |
๐จ CVE-2023-4265Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 ๐@cveNotify |
|
2023-08-12 13:08:12 |
๐จ CVE-2023-3824In PHP version 8.0.* before 8.0.30,ย 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.ย ๐@cveNotify |
|
2023-08-12 13:08:11 |
๐จ CVE-2023-4068Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-12 13:08:10 |
๐จ CVE-2023-4070Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-12 13:08:06 |
๐จ CVE-2023-3737Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-12 13:08:05 |
๐จ CVE-2023-3738Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-12 13:08:04 |
๐จ CVE-2023-3734Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-12 13:08:00 |
๐จ CVE-2023-3732Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-12 13:07:59 |
๐จ CVE-2023-3727Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-12 13:07:58 |
๐จ CVE-2023-3728Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-12 13:07:55 |
๐จ CVE-2023-3730Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-12 13:07:54 |
๐จ CVE-2023-38559A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.๐@cveNotify |
|
2023-08-12 13:07:53 |
๐จ CVE-2022-4918Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)๐@cveNotify |
|
2023-08-12 13:07:52 |
๐จ CVE-2022-4919Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)๐@cveNotify |
|
2023-08-12 05:58:19 |
๐จ CVE-2022-40982Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-12 05:58:15 |
๐จ CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-12 05:58:14 |
๐จ CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.๐@cveNotify |
|
2023-08-12 05:58:13 |
๐จ CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.๐@cveNotify |
|
2023-08-12 00:58:20 |
๐จ CVE-2023-36314There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.๐@cveNotify |
|
2023-08-12 00:58:19 |
๐จ CVE-2023-36313PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".๐@cveNotify |
|
2023-08-12 00:58:14 |
๐จ CVE-2023-4202Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.๐@cveNotify |
|
2023-08-12 00:58:13 |
๐จ CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.๐@cveNotify |
|
2023-08-11 21:58:44 |
๐จ CVE-2023-38691matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.๐@cveNotify |
|
2023-08-11 21:58:43 |
๐จ CVE-2023-0179A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.๐@cveNotify |
|
2023-08-11 21:58:42 |
๐จ CVE-2017-3807A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838.๐@cveNotify |
|
2023-08-11 21:58:38 |
๐จ CVE-2019-1934A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.๐@cveNotify |
|
2023-08-11 21:58:37 |
๐จ CVE-2016-6367Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.๐@cveNotify |
|
2023-08-11 21:58:36 |
๐จ CVE-2017-3793A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321.๐@cveNotify |
|
2023-08-11 21:58:33 |
๐จ CVE-2013-5515The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service (device reload) via crafted HTTPS requests, aka Bug ID CSCua22709.๐@cveNotify |
|
2023-08-11 21:58:32 |
๐จ CVE-2013-5568The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug ID CSCui33308.๐@cveNotify |
|
2023-08-11 21:58:31 |
๐จ CVE-2016-6431A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode.๐@cveNotify |
|
2023-08-11 21:58:27 |
๐จ CVE-2012-5717Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.๐@cveNotify |
|
2023-08-11 21:58:26 |
๐จ CVE-2013-5511The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815.๐@cveNotify |
|
2023-08-11 21:58:25 |
๐จ CVE-2015-6327The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of service (device reload) via crafted ISAKMP UDP packets, aka Bug ID CSCus94026.๐@cveNotify |
|
2023-08-11 18:58:40 |
๐จ CVE-2022-48580A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows forย the injection of arbitrary commands to the underlying operating system.๐@cveNotify |
|
2023-08-11 18:58:39 |
๐จ CVE-2023-31448An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.๐@cveNotify |
|
2023-08-11 18:58:38 |
๐จ CVE-2023-4203Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.๐@cveNotify |
|
2023-08-11 18:58:37 |
๐จ CVE-2023-4202Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.๐@cveNotify |
|
2023-08-11 18:58:36 |
๐จ CVE-2023-38167Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability๐@cveNotify |
|
2023-08-11 18:58:32 |
๐จ CVE-2023-38172Microsoft Message Queuing Denial of Service Vulnerability๐@cveNotify |
|
2023-08-11 18:58:31 |
๐จ CVE-2023-38347An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.๐@cveNotify |
|
2023-08-11 18:58:30 |
๐จ CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platformsย is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services.ย The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.๐@cveNotify |
|
2023-08-11 18:58:29 |
๐จ CVE-2022-48603A SQL injection vulnerability exists in the โmessage viewer iframeโ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.๐@cveNotify |
|
2023-08-11 18:58:28 |
๐จ CVE-2023-36914Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability๐@cveNotify |
|
2023-08-11 18:58:24 |
๐จ CVE-2022-48598A SQL injection vulnerability exists in the โreporter events type dateโ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.๐@cveNotify |
|
2023-08-11 18:58:23 |
๐จ CVE-2023-39218Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.๐@cveNotify |
|
2023-08-11 18:58:22 |
๐จ CVE-2022-48581A command injection vulnerability exists in the โdash exportโ feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.๐@cveNotify |
|
2023-08-11 18:58:21 |
๐จ CVE-2023-34545A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.๐@cveNotify |
|
2023-08-11 18:58:20 |
๐จ CVE-2023-38758Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.๐@cveNotify |
|
2023-08-11 18:58:16 |
๐จ CVE-2023-39217Improper input validation in Zoom SDKโs before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.๐@cveNotify |
|
2023-08-11 18:58:15 |
๐จ CVE-2023-39216Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.๐@cveNotify |
|
2023-08-11 18:58:14 |
๐จ CVE-2023-3522Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.๐@cveNotify |
|
2023-08-11 18:58:13 |
๐จ CVE-2023-38759Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.๐@cveNotify |
|
2023-08-11 16:58:37 |
๐จ CVE-2020-28848CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.๐@cveNotify |
|
2023-08-11 16:58:36 |
๐จ CVE-2020-23595Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.๐@cveNotify |
|
2023-08-11 16:58:35 |
๐จ CVE-2020-24221An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).๐@cveNotify |
|
2023-08-11 16:58:34 |
๐จ CVE-2020-19952Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.๐@cveNotify |
|
2023-08-11 16:58:31 |
๐จ CVE-2020-25915Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.๐@cveNotify |
|
2023-08-11 16:58:30 |
๐จ CVE-2020-27449Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.๐@cveNotify |
|
2023-08-11 16:58:29 |
๐จ CVE-2020-24922Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.๐@cveNotify |
|
2023-08-11 16:58:25 |
๐จ CVE-2020-24950SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.๐@cveNotify |
|
2023-08-11 16:58:24 |
๐จ CVE-2020-27514Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).๐@cveNotify |
|
2023-08-11 16:58:23 |
๐จ CVE-2020-28849Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.๐@cveNotify |
|
2023-08-11 16:58:19 |
๐จ CVE-2020-35141An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).๐@cveNotify |
|
2023-08-11 16:58:18 |
๐จ CVE-2020-35990Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.๐@cveNotify |
|
2023-08-11 16:58:17 |
๐จ CVE-2020-36024An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.๐@cveNotify |
|
2023-08-11 16:58:16 |
๐จ CVE-2020-36034SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.๐@cveNotify |
|
2023-08-11 13:58:11 |
๐จ CVE-2023-26309A remote code execution vulnerability in the webview component of OnePlus Store app.๐@cveNotify |
|
2023-08-11 10:58:34 |
๐จ CVE-2023-39553Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.This issue affects Apache Airflow Drill Provider: before 2.4.3.It is recommended to upgrade to a version that is not affected.๐@cveNotify |
|
2023-08-11 10:58:33 |
๐จ CVE-2023-40254Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-11 10:58:29 |
๐จ CVE-2023-40267GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.๐@cveNotify |
|
2023-08-11 10:58:27 |
๐จ CVE-2023-4105Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message๐@cveNotify |
|
2023-08-11 10:58:26 |
๐จ CVE-2023-4107Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.๐@cveNotify |
|
2023-08-11 10:58:25 |
๐จ CVE-2023-4108Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged๐@cveNotify |
|
2023-08-11 10:58:21 |
๐จ CVE-2023-3823In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such asย ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.ย ๐@cveNotify |
|
2023-08-11 10:58:20 |
๐จ CVE-2023-3824In PHP version 8.0.* before 8.0.30,ย 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.ย ๐@cveNotify |
|
2023-08-11 10:58:19 |
๐จ CVE-2023-40253Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.๐@cveNotify |
|
2023-08-11 10:58:18 |
๐จ CVE-2023-40260EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.๐@cveNotify |
|
2023-08-11 10:58:17 |
๐จ CVE-2023-40256A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.๐@cveNotify |
|
2023-08-11 06:58:39 |
๐จ CVE-2022-29887Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.๐@cveNotify |
|
2023-08-11 06:58:38 |
๐จ CVE-2022-34657Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-11 06:58:37 |
๐จ CVE-2022-36351Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.๐@cveNotify |
|
2023-08-11 06:58:36 |
๐จ CVE-2022-36392Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.๐@cveNotify |
|
2023-08-11 06:58:32 |
๐จ CVE-2022-37336Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-11 06:58:31 |
๐จ CVE-2022-38076Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-11 06:58:30 |
๐จ CVE-2022-38083Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-11 06:58:29 |
๐จ CVE-2022-38102Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.๐@cveNotify |
|
2023-08-11 06:58:25 |
๐จ CVE-2022-40964Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-11 06:58:24 |
๐จ CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-11 06:58:23 |
๐จ CVE-2022-41984Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.๐@cveNotify |
|
2023-08-11 06:58:19 |
๐จ CVE-2022-43505Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.๐@cveNotify |
|
2023-08-11 06:58:18 |
๐จ CVE-2022-44612Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.๐@cveNotify |
|
2023-08-11 06:58:17 |
๐จ CVE-2022-45112Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.๐@cveNotify |
|
2023-08-10 23:58:45 |
๐จ CVE-2023-38188Azure Apache Hadoop Spoofing Vulnerability๐@cveNotify |
|
2023-08-10 23:58:44 |
๐จ CVE-2023-38186Windows Mobile Device Management Elevation of Privilege Vulnerability๐@cveNotify |
|
2023-08-10 23:58:43 |
๐จ CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability๐@cveNotify |
|
2023-08-10 23:58:42 |
๐จ CVE-2023-38254Microsoft Message Queuing Denial of Service Vulnerability๐@cveNotify |
|
2023-08-10 23:58:38 |
๐จ CVE-2023-36895Microsoft Outlook Remote Code Execution Vulnerability๐@cveNotify |
|
2023-08-10 23:58:37 |
๐จ CVE-2023-36897Visual Studio Tools for Office Runtime Spoofing Vulnerability๐@cveNotify |
|
2023-08-10 23:58:36 |
๐จ CVE-2023-36910Microsoft Message Queuing Remote Code Execution Vulnerability๐@cveNotify |
|
2023-08-10 23:58:32 |
๐จ CVE-2023-36912Microsoft Message Queuing Denial of Service Vulnerability๐@cveNotify |
|
2023-08-10 23:58:31 |
๐จ CVE-2023-35385Microsoft Message Queuing Remote Code Execution Vulnerability๐@cveNotify |
|
2023-08-10 23:58:30 |
๐จ CVE-2023-35390.NET and Visual Studio Remote Code Execution Vulnerability๐@cveNotify |
|
2023-08-10 23:58:26 |
๐จ CVE-2023-35377Microsoft Message Queuing Denial of Service Vulnerability๐@cveNotify |
|
2023-08-10 23:58:25 |
๐จ CVE-2023-28129Desktop & Server Management (DSM) may have a possible execution of arbitrary commands.๐@cveNotify |
|
2023-08-10 23:58:24 |
๐จ CVE-2023-32561A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.๐@cveNotify |
|
2023-08-10 18:58:17 |
๐จ CVE-2022-47636A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.๐@cveNotify |
|
2023-08-10 18:58:16 |
๐จ CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.๐@cveNotify |
|
2023-08-10 16:58:29 |
๐จ CVE-2023-38699MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior.๐@cveNotify |
|
2023-08-10 16:58:28 |
๐จ CVE-2023-39107An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.๐@cveNotify |
|
2023-08-10 16:58:27 |
๐จ CVE-2023-37543Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.๐@cveNotify |
|
2023-08-10 16:58:26 |
๐จ CVE-2023-38830An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.๐@cveNotify |
|
2023-08-10 16:58:25 |
๐จ CVE-2023-39776A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.๐@cveNotify |
|
2023-08-10 16:58:24 |
๐จ CVE-2023-39954user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available.๐@cveNotify |
|
2023-08-10 16:58:23 |
๐จ CVE-2023-39955Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.๐@cveNotify |
|
2023-08-10 16:58:20 |
๐จ CVE-2023-20216A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability.๐@cveNotify |
|
2023-08-10 16:58:19 |
๐จ CVE-2023-4196Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.๐@cveNotify |
|
2023-08-10 16:58:18 |
๐จ CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.๐@cveNotify |
|
2023-08-10 16:58:17 |
๐จ CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.๐@cveNotify |
|
2023-08-10 16:58:15 |
๐จ CVE-2023-0525Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.๐@cveNotify |
|
2023-08-10 16:58:14 |
๐จ CVE-2023-3373Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.๐@cveNotify |
|
2023-08-10 10:58:18 |
๐จ CVE-2022-30308In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesnโt check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.๐@cveNotify |
|
2023-08-10 10:58:17 |
๐จ CVE-2022-30309In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesnโt check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.๐@cveNotify |
|
2023-08-10 10:58:14 |
๐จ CVE-2022-30310In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesnโt check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.๐@cveNotify |
|
2023-08-10 10:58:13 |
๐จ CVE-2023-4276The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.๐@cveNotify |
|
2023-08-10 10:58:12 |
๐จ CVE-2023-3772A flaw was found in the Linux kernelโs IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.๐@cveNotify |
|
2023-08-10 00:58:23 |
๐จ CVE-2023-35838The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.๐@cveNotify |
|
2023-08-10 00:58:19 |
๐จ CVE-2023-36672An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in leakage of traffic in plaintext" rather than to only Clario.๐@cveNotify |
|
2023-08-10 00:58:18 |
๐จ CVE-2023-33241Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares.๐@cveNotify |
|
2023-08-10 00:58:17 |
๐จ CVE-2023-33242Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.๐@cveNotify |
|
2023-08-09 22:58:40 |
๐จ CVE-2023-2754The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.๐@cveNotify |
|
2023-08-09 22:58:39 |
๐จ CVE-2023-33906In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-08-09 22:58:38 |
๐จ CVE-2023-28468An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.๐@cveNotify |
|
2023-08-09 22:58:34 |
๐จ CVE-2020-26082A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.๐@cveNotify |
|
2023-08-09 22:58:33 |
๐จ CVE-2023-39527PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.๐@cveNotify |
|
2023-08-09 22:58:32 |
๐จ CVE-2023-39526PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.๐@cveNotify |
|
2023-08-09 22:58:29 |
๐จ CVE-2023-23347HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.๐@cveNotify |
|
2023-08-09 22:58:28 |
๐จ CVE-2023-33469In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.๐@cveNotify |
|
2023-08-09 22:58:27 |
๐จ CVE-2023-38347An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.๐@cveNotify |
|
2023-08-09 22:58:23 |
๐จ CVE-2023-33466Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).๐@cveNotify |
|
2023-08-09 22:58:22 |
๐จ CVE-2022-48592A SQL injection vulnerability exists in the vendor_country parameter of the โvendor print reportโ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.๐@cveNotify |
|
2023-08-09 21:58:30 |
๐จ CVE-2022-48595A SQL injection vulnerability exists in the โticket template watchersโ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.๐@cveNotify |
|
2023-08-09 21:58:29 |
๐จ CVE-2022-48598A SQL injection vulnerability exists in the โreporter events type dateโ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.๐@cveNotify |
|
2023-08-09 21:58:25 |
๐จ CVE-2022-48600A SQL injection vulnerability exists in the โnotes viewโ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.๐@cveNotify |
|
2023-08-09 21:58:24 |
๐จ CVE-2022-48603A SQL injection vulnerability exists in the โmessage viewer iframeโ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.๐@cveNotify |
|
2023-08-09 21:58:19 |
๐จ CVE-2023-23346HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.๐@cveNotify |
|
2023-08-09 21:58:18 |
๐จ CVE-2023-38999A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.๐@cveNotify |
|
2023-08-09 21:58:13 |
๐จ CVE-2023-39001A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file.๐@cveNotify |
|
2023-08-09 21:58:12 |
๐จ CVE-2023-39004Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.๐@cveNotify |
|
2023-08-09 18:58:40 |
๐จ CVE-2023-36220Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.๐@cveNotify |
|
2023-08-09 18:58:39 |
๐จ CVE-2021-24916The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.๐@cveNotify |
|
2023-08-09 18:58:38 |
๐จ CVE-2023-38765SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.๐@cveNotify |
|
2023-08-09 18:58:37 |
๐จ CVE-2023-0604The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)๐@cveNotify |
|
2023-08-09 18:58:36 |
๐จ CVE-2023-2843The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.๐@cveNotify |
|
2023-08-09 18:58:31 |
๐จ CVE-2023-38764SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.๐@cveNotify |
|
2023-08-09 18:58:30 |
๐จ CVE-2023-3365The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment๐@cveNotify |
|
2023-08-09 18:58:29 |
๐จ CVE-2023-3492The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.๐@cveNotify |
|
2023-08-09 18:58:28 |
๐จ CVE-2023-3524The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting๐@cveNotify |
|
2023-08-09 18:58:27 |
๐จ CVE-2023-3575The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks๐@cveNotify |
|
2023-08-09 18:58:23 |
๐จ CVE-2023-3671The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin๐@cveNotify |
|
2023-08-09 18:58:22 |
๐จ CVE-2023-20804In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.๐@cveNotify |
|
2023-08-09 18:58:21 |
๐จ CVE-2023-38763SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.๐@cveNotify |
|
2023-08-09 18:58:20 |
๐จ CVE-2023-23757Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.๐@cveNotify |
|
2023-08-09 18:58:16 |
๐จ CVE-2023-23758Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.๐@cveNotify |
|
2023-08-09 18:58:15 |
๐จ CVE-2023-34476Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.๐@cveNotify |
|
2023-08-09 18:58:14 |
๐จ CVE-2023-34477Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.๐@cveNotify |
|
2023-08-09 18:58:13 |
๐จ CVE-2023-39508Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0This issue affects Apache Airflow: before 2.6.0.๐@cveNotify |
|
2023-08-09 16:58:31 |
๐จ CVE-2023-4182A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability.๐@cveNotify |
|
2023-08-09 16:58:30 |
๐จ CVE-2023-4184A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219.๐@cveNotify |
|
2023-08-09 16:58:29 |
๐จ CVE-2023-20218A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]๐@cveNotify |
|
2023-08-09 16:58:26 |
๐จ CVE-2023-3749A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.๐@cveNotify |
|
2023-08-09 16:58:25 |
๐จ CVE-2023-33383Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.๐@cveNotify |
|
2023-08-09 16:58:24 |
๐จ CVE-2023-20795In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900.๐@cveNotify |
|
2023-08-09 16:58:23 |
๐จ CVE-2023-20793In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.๐@cveNotify |
|
2023-08-09 16:58:20 |
๐จ CVE-2023-3953A CWE-119: Improper Restriction of Operations within the Bounds of a MemoryBuffer vulnerability exists that could cause memory corruption when an authenticated useropens a tampered log file from GP-Pro EX.๐@cveNotify |
|
2023-08-09 16:58:19 |
๐จ CVE-2023-20801In imgsys,ย there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.๐@cveNotify |
|
2023-08-09 16:58:18 |
๐จ CVE-2020-23564File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.๐@cveNotify |
|
2023-08-09 16:58:14 |
๐จ CVE-2023-4188 SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.๐@cveNotify |
|
2023-08-09 16:58:13 |
๐จ CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.๐@cveNotify |
|
2023-08-09 16:58:12 |
๐จ CVE-2022-45788A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)๐@cveNotify |
|
2023-08-09 14:58:34 |
๐จ CVE-2023-39209Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.๐@cveNotify |
|
2023-08-09 14:58:33 |
๐จ CVE-2023-39210Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.๐@cveNotify |
|
2023-08-09 14:58:32 |
๐จ CVE-2023-39211Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.๐@cveNotify |
|
2023-08-09 14:58:31 |
๐จ CVE-2023-39212Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.๐@cveNotify |
|
2023-08-09 14:58:30 |
๐จ CVE-2023-39213Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.๐@cveNotify |
|
2023-08-09 14:58:26 |
๐จ CVE-2023-39951OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SESโs v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.๐@cveNotify |
|
2023-08-09 14:58:25 |
๐จ CVE-2023-31449An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.๐@cveNotify |
|
2023-08-09 14:58:24 |
๐จ CVE-2023-31450An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine.๐@cveNotify |
|
2023-08-09 14:58:20 |
๐จ CVE-2023-31452An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim.๐@cveNotify |
|
2023-08-09 14:58:19 |
๐จ CVE-2023-32782An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.๐@cveNotify |
|
2023-08-09 14:58:18 |
๐จ CVE-2023-24015A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.๐@cveNotify |
|
2023-08-09 14:58:14 |
๐จ CVE-2023-2905Due to a failure in validating the length of a provided MQTT_CMD_PUBLISHย parsed message with a variable length header, Cesanta Mongoose, anย embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.๐@cveNotify |
|
2023-08-09 14:58:13 |
๐จ CVE-2023-26310There is a command injection problem in the old version of the mobile phone backup app.๐@cveNotify |
|
2023-08-09 14:58:12 |
๐จ CVE-2023-37855In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.๐@cveNotify |
|
2023-08-09 13:58:20 |
๐จ CVE-2023-33365A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.๐@cveNotify |
|
2023-08-09 13:58:19 |
๐จ CVE-2023-2760An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.๐@cveNotify |
|
2023-08-09 13:58:15 |
๐จ CVE-2022-4224In multiple products of CODESYS v3 in multiple versions a remote low privileged userย could utilize this vulnerability to read and modify system files and OS resources or DoS the device.๐@cveNotify |
|
2023-08-09 13:58:14 |
๐จ CVE-2021-34600Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.๐@cveNotify |
|
2023-08-09 13:58:13 |
๐จ CVE-2023-23903An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.The whole application in rendered unusable until a console intervention.๐@cveNotify |
|
2023-08-09 13:58:12 |
๐จ CVE-2023-24015A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.๐@cveNotify |
|
2023-08-09 11:58:30 |
๐จ CVE-2018-17434A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.๐@cveNotify |
|
2023-08-09 11:58:29 |
๐จ CVE-2018-17437Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.๐@cveNotify |
|
2023-08-09 11:58:28 |
๐จ CVE-2023-24477In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.๐@cveNotify |
|
2023-08-09 11:58:24 |
๐จ CVE-2023-38208Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.๐@cveNotify |
|
2023-08-09 11:58:23 |
๐จ CVE-2022-47185Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.๐@cveNotify |
|
2023-08-09 11:58:22 |
๐จ CVE-2023-26310There is a command injection problem in the old version of the mobile phone backup app.๐@cveNotify |
|
2023-08-09 11:58:19 |
๐จ CVE-2023-33934Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.๐@cveNotify |
|
2023-08-09 11:58:18 |
๐จ CVE-2023-37856In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .๐@cveNotify |
|
2023-08-09 11:58:17 |
๐จ CVE-2023-37858In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.๐@cveNotify |
|
2023-08-09 11:58:13 |
๐จ CVE-2023-37861In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.๐@cveNotify |
|
2023-08-09 11:58:12 |
๐จ CVE-2023-37863In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10ย a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.๐@cveNotify |
|
2023-08-09 05:58:18 |
๐จ CVE-2023-38752Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.๐@cveNotify |
|
2023-08-09 05:58:14 |
๐จ CVE-2023-4243The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.๐@cveNotify |
|
2023-08-09 05:58:13 |
๐จ CVE-2023-4239The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.๐@cveNotify |
|
2023-08-09 00:58:18 |
๐จ CVE-2023-39210Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.๐@cveNotify |
|
2023-08-09 00:58:14 |
๐จ CVE-2023-39212Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.๐@cveNotify |
|
2023-08-09 00:58:13 |
๐จ CVE-2023-39214Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.๐@cveNotify |
|
2023-08-09 00:58:12 |
๐จ CVE-2023-39951OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SESโs v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.๐@cveNotify |
|
2023-08-08 22:58:25 |
๐จ CVE-2023-38494MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.๐@cveNotify |
|
2023-08-08 22:58:24 |
๐จ CVE-2023-38964Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.๐@cveNotify |
|
2023-08-08 22:58:23 |
๐จ CVE-2010-1685Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename.๐@cveNotify |
|
2023-08-08 22:58:22 |
๐จ CVE-2023-33666ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.๐@cveNotify |
|
2023-08-08 22:58:21 |
๐จ CVE-2023-0956External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.๐@cveNotify |
|
2023-08-08 22:58:17 |
๐จ CVE-2023-39112ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.๐@cveNotify |
|
2023-08-08 22:58:16 |
๐จ CVE-2023-39143PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).๐@cveNotify |
|
2023-08-08 22:58:15 |
๐จ CVE-2023-33372Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.๐@cveNotify |
|
2023-08-08 22:58:14 |
๐จ CVE-2023-33373Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.๐@cveNotify |
|
2023-08-08 19:58:30 |
๐จ CVE-2023-3329SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.๐@cveNotify |
|
2023-08-08 19:58:29 |
๐จ CVE-2023-39114ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.๐@cveNotify |
|
2023-08-08 19:58:28 |
๐จ CVE-2023-39113ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.๐@cveNotify |
|
2023-08-08 19:58:25 |
๐จ CVE-2023-39551PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.๐@cveNotify |
|
2023-08-08 19:58:24 |
๐จ CVE-2023-1935ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.๐@cveNotify |
|
2023-08-08 19:58:23 |
๐จ CVE-2023-39532SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host.Guest program running inside a Compartment with as few as no endowments can gain access to the surrounding hostโs dynamic import by using dynamic import after the spread operator, like `{...import(arbitraryModuleSpecifier)}`.On the web or in web extensions, a Content-Security-Policy following ordinary best practices likely mitigates both the risk of exfiltration and execution of arbitrary code, at least limiting the modules that the attacker can import to those that are already part of the application. However, without a Content-Security-Policy, dynamic import can be used to issue HTTP requests for either communication through the URL or for the execution of code reachable from that origin.Within an XS worker, an attacker can use the hostโs module system to the extent that the host has been configured. This typically only allows access to module code on the hostโs file system and is of limited use to an attacker.Within Node.js, the attacker gains access to Node.jsโs module system. Importing the powerful builtins is not useful except insofar as there are side-effects and tempered because dynamic import returns a promise. Spreading a promise into an object renders the promises useless. However, Node.js allows importing data URLs, so this is a clear path to arbitrary execution.Versions 0.18.7, 0.17.1, 0.16.1, 0.15.24, 0.14.5, and 0.13.5 contain a patch for this issue. Some workarounds are available. On the web, providing a suitably constrained Content-Security-Policy mitigates most of the threat. With XS, building a binary that lacks the ability to load modules at runtime mitigates the entirety of the threat. That will look like an implementation of `fxFindModule` in a file like `xsPlatform.c` that calls `fxRejectModuleFile`.๐@cveNotify |
|
2023-08-08 19:58:19 |
๐จ CVE-2023-3618A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.๐@cveNotify |
|
2023-08-08 19:58:18 |
๐จ CVE-2023-3494The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.๐@cveNotify |
|
2023-08-08 19:58:17 |
๐จ CVE-2023-3718An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.๐@cveNotify |
|
2023-08-08 19:58:14 |
๐จ CVE-2023-38758Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.๐@cveNotify |
|
2023-08-08 19:58:13 |
๐จ CVE-2023-38760SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.๐@cveNotify |
|
2023-08-08 19:58:12 |
๐จ CVE-2023-38762SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.๐@cveNotify |
|
2023-08-08 17:58:52 |
๐จ CVE-2023-37558After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559๐@cveNotify |
|
2023-08-08 17:58:51 |
๐จ CVE-2023-37551In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.๐@cveNotify |
|
2023-08-08 17:58:50 |
๐จ CVE-2023-38330OXID eShop Enterprise Edition 6.5.0 โ 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.๐@cveNotify |
|
2023-08-08 17:58:49 |
๐จ CVE-2023-24698Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.๐@cveNotify |
|
2023-08-08 17:58:45 |
๐จ CVE-2023-33756An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.๐@cveNotify |
|
2023-08-08 17:58:44 |
๐จ CVE-2023-36136PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.๐@cveNotify |
|
2023-08-08 17:58:43 |
๐จ CVE-2023-3651Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.๐@cveNotify |
|
2023-08-08 17:58:39 |
๐จ CVE-2023-3652Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11.๐@cveNotify |
|
2023-08-08 17:58:38 |
๐จ CVE-2023-3653Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11.๐@cveNotify |
|
2023-08-08 17:58:37 |
๐จ CVE-2023-38958An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.๐@cveNotify |
|
2023-08-08 17:58:36 |
๐จ CVE-2023-37497The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.๐@cveNotify |
|
2023-08-08 17:58:32 |
๐จ CVE-2023-34196In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.๐@cveNotify |
|
2023-08-08 17:58:31 |
๐จ CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.๐@cveNotify |
|
2023-08-08 17:58:30 |
๐จ CVE-2023-4133A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.๐@cveNotify |
|
2023-08-08 10:58:27 |
๐จ CVE-2023-37569This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.๐@cveNotify |
|
2023-08-08 10:58:26 |
๐จ CVE-2023-37570This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.๐@cveNotify |
|
2023-08-08 10:58:25 |
๐จ CVE-2023-3898Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.๐@cveNotify |
|
2023-08-08 10:58:23 |
๐จ CVE-2023-4009In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.๐@cveNotify |
|
2023-08-08 10:58:22 |
๐จ CVE-2023-2329The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack๐@cveNotify |
|
2023-08-08 10:58:21 |
๐จ CVE-2023-3526In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.๐@cveNotify |
|
2023-08-08 10:58:20 |
๐จ CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.๐@cveNotify |
|
2023-08-08 10:58:19 |
๐จ CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.๐@cveNotify |
|
2023-08-08 10:58:18 |
๐จ CVE-2023-3571In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.๐@cveNotify |
|
2023-08-08 10:58:17 |
๐จ CVE-2023-3572In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.๐@cveNotify |
|
2023-08-08 10:58:16 |
๐จ CVE-2023-3573In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operationsย to gain full access to the device.๐@cveNotify |
|
2023-08-08 10:58:15 |
๐จ CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.๐@cveNotify |
|
2023-08-08 10:58:14 |
๐จ CVE-2023-39977An issue was discovered in the Linux kernel before 6.3.2. There is an out-of-bounds access in relay_file_read in kernel/relay.c.๐@cveNotify |
|
2023-08-08 10:58:12 |
๐จ CVE-2023-39978ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.๐@cveNotify |
|
2023-08-08 01:58:14 |
๐จ CVE-2023-34624An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.๐@cveNotify |
|
2023-08-08 01:58:13 |
๐จ CVE-2023-32302Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.๐@cveNotify |
|
2023-08-07 23:58:30 |
๐จ CVE-2023-39525PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.๐@cveNotify |
|
2023-08-07 23:58:26 |
๐จ CVE-2023-39527PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.๐@cveNotify |
|
2023-08-07 23:58:25 |
๐จ CVE-2023-39529PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.๐@cveNotify |
|
2023-08-07 23:58:24 |
๐จ CVE-2023-39530PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.๐@cveNotify |
|
2023-08-07 23:58:20 |
๐จ CVE-2023-38955ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.๐@cveNotify |
|
2023-08-07 23:58:19 |
๐จ CVE-2023-39524PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.๐@cveNotify |
|
2023-08-07 23:58:14 |
๐จ CVE-2023-38954ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.๐@cveNotify |
|
2023-08-07 23:58:13 |
๐จ CVE-2023-36494Audit logs on F5OS-A may contain undisclosed sensitive information.ย Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.๐@cveNotify |
|
2023-08-07 20:58:30 |
๐จ CVE-2023-38412Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.๐@cveNotify |
|
2023-08-07 20:58:29 |
๐จ CVE-2023-38921Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.๐@cveNotify |
|
2023-08-07 20:58:28 |
๐จ CVE-2023-38924Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.๐@cveNotify |
|
2023-08-07 20:58:24 |
๐จ CVE-2023-38926Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.๐@cveNotify |
|
2023-08-07 20:58:23 |
๐จ CVE-2023-38930Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.๐@cveNotify |
|
2023-08-07 20:58:19 |
๐จ CVE-2023-38932Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.๐@cveNotify |
|
2023-08-07 20:58:18 |
๐จ CVE-2023-38934Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.๐@cveNotify |
|
2023-08-07 20:58:17 |
๐จ CVE-2023-38935Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.๐@cveNotify |
|
2023-08-07 20:58:14 |
๐จ CVE-2023-38936Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.๐@cveNotify |
|
2023-08-07 20:58:13 |
๐จ CVE-2023-38938Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.๐@cveNotify |
|
2023-08-07 20:58:12 |
๐จ CVE-2023-38940Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.๐@cveNotify |
|
2023-08-07 15:58:38 |
๐จ CVE-2023-0425ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolvesthe reported vulnerabilities in the product versions under maintenance.An attacker who successfully exploited one or more of these vulnerabilities could cause the product tostop or make the product inaccessible.ย Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:Freelance controllers AC 700F:ย from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;ย Freelance controllers AC 900F:ย Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.๐@cveNotify |
|
2023-08-07 15:58:37 |
๐จ CVE-2023-0426ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolvesthe reported vulnerabilities in the product versions under maintenance.An attacker who successfully exploited one or more of these vulnerabilities could cause the product tostop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:ย Freelance controllers AC 700F:ย from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;ย Freelance controllers AC 900F:ย through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.๐@cveNotify |
|
2023-08-07 15:58:36 |
๐จ CVE-2023-4192A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235.๐@cveNotify |
|
2023-08-07 15:58:35 |
๐จ CVE-2023-4193A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.๐@cveNotify |
|
2023-08-07 15:58:33 |
๐จ CVE-2022-47350In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed๐@cveNotify |
|
2023-08-07 15:58:32 |
๐จ CVE-2022-47351In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed๐@cveNotify |
|
2023-08-07 15:58:31 |
๐จ CVE-2023-33906In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-08-07 15:58:30 |
๐จ CVE-2023-33907In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-08-07 15:58:29 |
๐จ CVE-2023-33908In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-08-07 15:58:28 |
๐จ CVE-2023-33909In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-08-07 15:58:24 |
๐จ CVE-2023-33910In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-08-07 15:58:23 |
๐จ CVE-2023-33911In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-08-07 15:58:22 |
๐จ CVE-2023-33912In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges๐@cveNotify |
|
2023-08-07 15:58:21 |
๐จ CVE-2023-33913In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed๐@cveNotify |
|
2023-08-07 15:58:20 |
๐จ CVE-2022-48579UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.๐@cveNotify |
|
2023-08-07 15:58:16 |
๐จ CVE-2023-20780In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.๐@cveNotify |
|
2023-08-07 15:58:15 |
๐จ CVE-2023-20781In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS07905323.๐@cveNotify |
|
2023-08-07 15:58:14 |
๐จ CVE-2023-20782In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550103.๐@cveNotify |
|
2023-08-07 15:58:13 |
๐จ CVE-2023-20783In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905.๐@cveNotify |
|
2023-08-07 15:58:12 |
๐จ CVE-2023-20784In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989.๐@cveNotify |
|
2023-08-07 10:58:40 |
๐จ CVE-2023-38592A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.๐@cveNotify |
|
2023-08-07 10:58:38 |
๐จ CVE-2023-38599A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.๐@cveNotify |
|
2023-08-07 10:58:37 |
๐จ CVE-2023-38133The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.๐@cveNotify |
|
2023-08-07 10:58:36 |
๐จ CVE-2023-38594The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.๐@cveNotify |
|
2023-08-07 10:58:34 |
๐จ CVE-2023-38597The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.๐@cveNotify |
|
2023-08-07 10:58:33 |
๐จ CVE-2023-38572The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.๐@cveNotify |
|
2023-08-07 10:58:32 |
๐จ CVE-2023-38595The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.๐@cveNotify |
|