| 2023-03-23 23:29:44 |
π¨ CVE-2023-0027Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected deviceβs Modbus TCP Server AOI information.π@cveNotify |
|
| 2023-03-23 23:29:43 |
π¨ CVE-2023-23622Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.π@cveNotify |
|
| 2023-03-23 23:29:42 |
π¨ CVE-2023-21459Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.π@cveNotify |
|
| 2023-03-23 18:29:51 |
π¨ CVE-2023-20029A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to insufficient memory protection in the Meraki onboarding feature of an affected device. An attacker could exploit this vulnerability by modifying the Meraki registration parameters. A successful exploit could allow the attacker to elevate privileges to root.π@cveNotify |
|
| 2023-03-23 18:29:50 |
π¨ CVE-2023-20035A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory.π@cveNotify |
|
| 2023-03-23 16:30:12 |
π¨ CVE-2023-27077Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package.π@cveNotify |
|
| 2023-03-23 16:30:11 |
π¨ CVE-2023-27078A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint.π@cveNotify |
|
| 2023-03-23 16:30:10 |
π¨ CVE-2023-27135TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg.π@cveNotify |
|
| 2023-03-23 16:30:09 |
π¨ CVE-2023-28772An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow.π@cveNotify |
|
| 2023-03-23 16:30:05 |
π¨ CVE-2022-28493A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,π@cveNotify |
|
| 2023-03-23 16:30:04 |
π¨ CVE-2023-1538Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-23 16:30:03 |
π¨ CVE-2023-1536Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7.π@cveNotify |
|
| 2023-03-23 16:30:02 |
π¨ CVE-2023-1537Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-23 16:30:01 |
π¨ CVE-2023-27580CodeIgniter Shield provides authentication and authorization for the CodeIgniter 4 PHP framework. An improper implementation was found in the password storage process. All hashed passwords stored in Shield v1.0.0-beta.3 or earlier are easier to crack than expected due to the vulnerability. Therefore, they should be removed as soon as possible. If an attacker gets (1) the user's hashed password by Shield, and (2) the hashed password (SHA-384 hash without salt) from somewhere, the attacker may easily crack the user's password. Upgrade to Shield v1.0.0-beta.4 or later to fix this issue. After upgrading, all usersβ hashed passwords should be updated (saved to the database). There are no known workarounds.π@cveNotify |
|
| 2023-03-23 15:29:35 |
π¨ CVE-2023-1594A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223662 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-23 13:29:39 |
π¨ CVE-2018-25048The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device.π@cveNotify |
|
| 2023-03-23 13:29:38 |
π¨ CVE-2023-1595A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223663.π@cveNotify |
|
| 2023-03-23 13:29:37 |
π¨ CVE-2023-1592A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-223660.π@cveNotify |
|
| 2023-03-23 13:29:36 |
π¨ CVE-2023-1593A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_class. The manipulation of the argument description leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-223661 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-23 11:29:41 |
π¨ CVE-2023-1589A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/approve_delete.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223654 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-23 11:29:40 |
π¨ CVE-2023-1590A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223655.π@cveNotify |
|
| 2023-03-23 11:29:37 |
π¨ CVE-2023-1410Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.π@cveNotify |
|
| 2023-03-23 11:29:36 |
π¨ CVE-2022-22512Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network.π@cveNotify |
|
| 2023-03-23 11:29:35 |
π¨ CVE-2023-26114Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance.π@cveNotify |
|
| 2023-03-23 06:29:49 |
π¨ CVE-2023-28119The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.π@cveNotify |
|
| 2023-03-23 06:29:45 |
π¨ CVE-2023-28117Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule.π@cveNotify |
|
| 2023-03-23 06:29:44 |
π¨ CVE-2022-45003Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus.π@cveNotify |
|
| 2023-03-23 06:29:43 |
π¨ CVE-2022-45004Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page.π@cveNotify |
|
| 2023-03-23 06:29:42 |
π¨ CVE-2023-0870A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.π@cveNotify |
|
| 2023-03-23 06:29:38 |
π¨ CVE-2023-28114`cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,`cilium-cli`, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the `etcd` store used to mirror local cluster information to remote clusters. Users who have set up cluster meshes using the Cilium Helm chart are not affected by this issue. Due to an incorrect mount point specification, the settings specified by the `initContainer` that configures `etcd` users and their permissions are overwritten when using `cilium-cli` to configure a cluster mesh. An attacker who has already gained access to a valid key and certificate for an `etcd` cluster compromised in this manner could then modify state in that `etcd` cluster. This issue is patched in `cilium-cli` 0.13.2. As a workaround, one may use Cilium's Helm charts to create their cluster.π@cveNotify |
|
| 2023-03-23 06:29:37 |
π¨ CVE-2022-43863IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.π@cveNotify |
|
| 2023-03-23 06:29:36 |
π¨ CVE-2023-27054A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.π@cveNotify |
|
| 2023-03-23 06:29:35 |
π¨ CVE-2023-27060LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.π@cveNotify |
|
| 2023-03-23 01:29:43 |
π¨ CVE-2023-27100Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests.π@cveNotify |
|
| 2023-03-23 01:29:42 |
π¨ CVE-2022-43863IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.π@cveNotify |
|
| 2023-03-23 01:29:41 |
π¨ CVE-2023-27054A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module.π@cveNotify |
|
| 2023-03-23 01:29:40 |
π¨ CVE-2023-27060LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function.π@cveNotify |
|
| 2023-03-22 23:29:47 |
π¨ CVE-2023-1431The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a publicly accessible location (/wp-content/plugins/wordpress-simple-paypal-shopping-cart/includes/admin/). This makes it possible for unauthenticated attackers to view information that should be limited to administrators only and can include data like first name, last name, email, address, IP Address, and more.π@cveNotify |
|
| 2023-03-22 23:29:46 |
π¨ CVE-2023-28119The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13.π@cveNotify |
|
| 2023-03-22 23:29:43 |
π¨ CVE-2023-27224An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file.π@cveNotify |
|
| 2023-03-22 23:29:42 |
π¨ CVE-2023-28117Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule.π@cveNotify |
|
| 2023-03-22 23:29:39 |
π¨ CVE-2023-27069A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field.π@cveNotify |
|
| 2023-03-22 23:29:38 |
π¨ CVE-2023-25615Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application.π@cveNotify |
|
| 2023-03-22 23:29:37 |
π¨ CVE-2023-24279A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter of the API documentation dashboard.π@cveNotify |
|
| 2023-03-22 23:29:36 |
π¨ CVE-2023-24769Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.π@cveNotify |
|
| 2023-03-22 22:30:01 |
π¨ CVE-2023-24579McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt.π@cveNotify |
|
| 2023-03-22 22:30:00 |
π¨ CVE-2023-27041School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php.π@cveNotify |
|
| 2023-03-22 22:29:59 |
π¨ CVE-2023-28106Pimcore is an open source data and experience management platform. Prior to version 10.5.19, an attacker can use cross-site scripting to send a malicious script to an unsuspecting user. Users may upgrade to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.π@cveNotify |
|
| 2023-03-22 22:29:58 |
π¨ CVE-2023-28108Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.π@cveNotify |
|
| 2023-03-22 22:29:54 |
π¨ CVE-2021-31402The dio package 4.0.0 for Dart allows CRLF injection if the attacker controls the HTTP method string, a different vulnerability than CVE-2020-35669.π@cveNotify |
|
| 2023-03-22 22:29:53 |
π¨ CVE-2023-28104`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.π@cveNotify |
|
| 2023-03-22 22:29:52 |
π¨ CVE-2023-27010Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.π@cveNotify |
|
| 2023-03-22 22:29:51 |
π¨ CVE-2023-25617SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the public java SDK. Programs could impact the confidentiality, integrity and availability of the system.π@cveNotify |
|
| 2023-03-22 22:29:50 |
π¨ CVE-2023-22256Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 22:29:46 |
π¨ CVE-2023-22265Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 22:29:45 |
π¨ CVE-2023-0464A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.π@cveNotify |
|
| 2023-03-22 22:29:44 |
π¨ CVE-2023-21615Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π@cveNotify |
|
| 2023-03-22 22:29:43 |
π¨ CVE-2023-21616Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π@cveNotify |
|
| 2023-03-22 22:29:39 |
π¨ CVE-2023-22253Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π@cveNotify |
|
| 2023-03-22 22:29:38 |
π¨ CVE-2023-22257Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 22:29:37 |
π¨ CVE-2023-22258Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 22:29:36 |
π¨ CVE-2023-22260Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 18:30:01 |
π¨ CVE-2023-22265Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 18:30:00 |
π¨ CVE-2023-1578SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19.π@cveNotify |
|
| 2023-03-22 18:29:59 |
π¨ CVE-2023-0464A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.π@cveNotify |
|
| 2023-03-22 18:29:58 |
π¨ CVE-2023-21616Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π@cveNotify |
|
| 2023-03-22 18:29:54 |
π¨ CVE-2023-22253Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π@cveNotify |
|
| 2023-03-22 18:29:53 |
π¨ CVE-2023-22254Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π@cveNotify |
|
| 2023-03-22 18:29:52 |
π¨ CVE-2023-22257Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 18:29:51 |
π¨ CVE-2023-22258Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 18:29:50 |
π¨ CVE-2023-22260Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 18:29:46 |
π¨ CVE-2023-22261Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 18:29:45 |
π¨ CVE-2023-22263Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 18:29:44 |
π¨ CVE-2023-22264Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 18:29:43 |
π¨ CVE-2023-22266Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction.π@cveNotify |
|
| 2023-03-22 18:29:39 |
π¨ CVE-2023-22269Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.π@cveNotify |
|
| 2023-03-22 18:29:38 |
π¨ CVE-2023-25859Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-03-22 18:29:37 |
π¨ CVE-2023-25861Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-03-22 17:29:58 |
π¨ CVE-2023-1563A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/assign/assign.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223555.π@cveNotify |
|
| 2023-03-22 17:29:54 |
π¨ CVE-2023-1564A vulnerability was found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/transactions/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223556.π@cveNotify |
|
| 2023-03-22 17:29:53 |
π¨ CVE-2023-1572A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223564.π@cveNotify |
|
| 2023-03-22 17:29:52 |
π¨ CVE-2023-27637An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023.π@cveNotify |
|
| 2023-03-22 17:29:51 |
π¨ CVE-2023-27638An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.π@cveNotify |
|
| 2023-03-22 17:29:47 |
π¨ CVE-2022-34420Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.π@cveNotify |
|
| 2023-03-22 17:29:46 |
π¨ CVE-2022-34419Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.π@cveNotify |
|
| 2023-03-22 17:29:45 |
π¨ CVE-2022-34418Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.π@cveNotify |
|
| 2023-03-22 17:29:44 |
π¨ CVE-2022-34417Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.π@cveNotify |
|
| 2023-03-22 17:29:40 |
π¨ CVE-2022-34422Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.π@cveNotify |
|
| 2023-03-22 17:29:39 |
π¨ CVE-2022-34409Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.π@cveNotify |
|
| 2023-03-22 17:29:38 |
π¨ CVE-2023-26460Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identityπ@cveNotify |
|
| 2023-03-22 17:29:37 |
π¨ CVE-2023-28486Sudo before 1.9.13 does not escape control characters in log messages.π@cveNotify |
|
| 2023-03-22 15:29:57 |
π¨ CVE-2023-27638An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023.π@cveNotify |
|
| 2023-03-22 15:29:56 |
π¨ CVE-2023-24892Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerabilityπ@cveNotify |
|
| 2023-03-22 15:29:55 |
π¨ CVE-2023-25589A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise.π@cveNotify |
|
| 2023-03-22 15:29:54 |
π¨ CVE-2022-37940Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later.π@cveNotify |
|
| 2023-03-22 15:29:50 |
π¨ CVE-2023-1436An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown.π@cveNotify |
|
| 2023-03-22 15:29:49 |
π¨ CVE-2023-25069TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability.π@cveNotify |
|
| 2023-03-22 15:29:48 |
π¨ CVE-2023-27855In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution.π@cveNotify |
|
| 2023-03-22 15:29:44 |
π¨ CVE-2023-27856In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed.π@cveNotify |
|
| 2023-03-22 15:29:43 |
π¨ CVE-2022-45634An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account informationπ@cveNotify |
|
| 2023-03-22 15:29:42 |
π¨ CVE-2022-41696Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 15:29:38 |
π¨ CVE-2022-43512Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 15:29:37 |
π¨ CVE-2022-45468Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 15:29:36 |
π¨ CVE-2022-46286Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 15:29:35 |
π¨ CVE-2022-46300Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 06:29:39 |
π¨ CVE-2021-31637An issue found in UwAmp v.1.1, 1.2, 1.3, 2.0, 2.1, 2.2, 2.2.1, 3.0.0, 3.0.1, 3.0.2 allows a remote attacker to execute arbitrary code via a crafted DLL.π@cveNotify |
|
| 2023-03-22 06:29:38 |
π¨ CVE-2020-19947Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute arbitrary code via the edit parameter of the webpage.π@cveNotify |
|
| 2023-03-22 06:29:37 |
π¨ CVE-2023-28725General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.π@cveNotify |
|
| 2023-03-22 06:29:36 |
π¨ CVE-2022-41418An issue in the component BlogEngine/BlogEngine.NET/AppCode/Api/UploadController.cs of BlogEngine.NET v3.3.8.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.π@cveNotify |
|
| 2023-03-22 01:29:51 |
π¨ CVE-2022-41696Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 01:29:49 |
π¨ CVE-2022-43512Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 01:29:48 |
π¨ CVE-2022-45121Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 01:29:47 |
π¨ CVE-2022-46286Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 01:29:42 |
π¨ CVE-2022-46300Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.π@cveNotify |
|
| 2023-03-22 01:29:41 |
π¨ CVE-2023-24709An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters.π@cveNotify |
|
| 2023-03-22 01:29:40 |
π¨ CVE-2023-27250Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php.π@cveNotify |
|
| 2023-03-22 01:29:39 |
π¨ CVE-2023-26497An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute.π@cveNotify |
|
| 2023-03-22 01:29:38 |
π¨ CVE-2023-0391MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.π@cveNotify |
|
| 2023-03-21 23:30:08 |
π¨ CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-21 23:30:07 |
π¨ CVE-2023-1530Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-21 23:30:06 |
π¨ CVE-2023-1531Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-21 23:30:04 |
π¨ CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-21 23:30:03 |
π¨ CVE-2023-1533Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-21 23:30:02 |
π¨ CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-21 23:30:01 |
π¨ CVE-2022-45155An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.π@cveNotify |
|
| 2023-03-21 23:30:00 |
π¨ CVE-2023-0391MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1.π@cveNotify |
|
| 2023-03-21 23:29:59 |
π¨ CVE-2022-36429A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.π@cveNotify |
|
| 2023-03-21 23:29:58 |
π¨ CVE-2022-37337A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.π@cveNotify |
|
| 2023-03-21 23:29:57 |
π¨ CVE-2022-38452A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.π@cveNotify |
|
| 2023-03-21 23:29:56 |
π¨ CVE-2022-38458A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information.π@cveNotify |
|
| 2023-03-21 23:29:55 |
π¨ CVE-2022-45636An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.π@cveNotify |
|
| 2023-03-21 23:29:54 |
π¨ CVE-2018-25082A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403.π@cveNotify |
|
| 2023-03-21 23:29:53 |
π¨ CVE-2023-25134McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.π@cveNotify |
|
| 2023-03-21 23:29:52 |
π¨ CVE-2023-27087Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter.π@cveNotify |
|
| 2023-03-21 23:29:51 |
π¨ CVE-2023-1304An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.π@cveNotify |
|
| 2023-03-21 23:29:50 |
π¨ CVE-2023-1305An authenticated attacker can leverage an exposed βboxβ object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.π@cveNotify |
|
| 2023-03-21 23:29:49 |
π¨ CVE-2023-1306An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec.π@cveNotify |
|
| 2023-03-21 23:29:48 |
π¨ CVE-2023-25684IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597.π@cveNotify |
|
| 2023-03-21 20:29:52 |
π¨ CVE-2023-24760An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController.π@cveNotify |
|
| 2023-03-21 20:29:51 |
π¨ CVE-2023-27095Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.π@cveNotify |
|
| 2023-03-21 20:29:48 |
π¨ CVE-2022-36429A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.π@cveNotify |
|
| 2023-03-21 20:29:47 |
π¨ CVE-2022-38452A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.π@cveNotify |
|
| 2023-03-21 20:29:46 |
π¨ CVE-2022-45636An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests.π@cveNotify |
|
| 2023-03-21 20:29:42 |
π¨ CVE-2023-25134McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload.π@cveNotify |
|
| 2023-03-21 20:29:41 |
π¨ CVE-2023-23419Windows Resilient File System (ReFS) Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-21 20:29:40 |
π¨ CVE-2023-24863Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerabilityπ@cveNotify |
|
| 2023-03-20 23:29:55 |
π¨ CVE-2023-23398Microsoft Excel Spoofing Vulnerabilityπ@cveNotify |
|
| 2023-03-20 23:29:54 |
π¨ CVE-2023-23396Microsoft Excel Denial of Service Vulnerabilityπ@cveNotify |
|
| 2023-03-20 23:29:53 |
π¨ CVE-2023-23395Microsoft SharePoint Server Spoofing Vulnerabilityπ@cveNotify |
|
| 2023-03-20 23:29:49 |
π¨ CVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-20 23:29:48 |
π¨ CVE-2022-45124An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability.π@cveNotify |
|
| 2023-03-20 23:29:47 |
π¨ CVE-2023-23402Windows Media Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-20 23:29:44 |
π¨ CVE-2023-1418A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file cashconfirm.php of the component POST Parameter Handler. The manipulation of the argument transactioncode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223129 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-20 23:29:43 |
π¨ CVE-2023-1416A vulnerability classified as critical has been found in Simple Art Gallery 1.0. Affected is an unknown function of the file adminHome.php. The manipulation of the argument social_facebook leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223128.π@cveNotify |
|
| 2023-03-20 23:29:42 |
π¨ CVE-2021-3293emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file.π@cveNotify |
|
| 2023-03-20 23:29:41 |
π¨ CVE-2023-27102Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.π@cveNotify |
|
| 2023-03-20 23:29:37 |
π¨ CVE-2023-0681Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attackerβs choice using the βpageβ parameter of the βdata/console/redirectβ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179.π@cveNotify |
|
| 2023-03-20 23:29:36 |
π¨ CVE-2023-28425Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10.π@cveNotify |
|
| 2023-03-20 23:29:35 |
π¨ CVE-2023-26262An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.π@cveNotify |
|
| 2023-03-20 21:29:46 |
π¨ CVE-2023-28144KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls.π@cveNotify |
|
| 2023-03-20 21:29:45 |
π¨ CVE-2023-27234A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.π@cveNotify |
|
| 2023-03-20 21:29:41 |
π¨ CVE-2019-0881An elevation of privilege vulnerability exists when the Windows Kernel improperly handles key enumeration, aka 'Windows Kernel Elevation of Privilege Vulnerability'.π@cveNotify |
|
| 2023-03-20 21:29:40 |
π¨ CVE-2019-0863An elevation of privilege vulnerability exists in the way Windows Error Reporting (WER) handles files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'.π@cveNotify |
|
| 2023-03-20 21:29:39 |
π¨ CVE-2018-7084A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete files, or reboot the device. Workaround: Block access to the Aruba Instant web interface from all untrusted users. Resolution: Fixed in Aruba Instant 4.2.4.12, 6.5.4.11, 8.3.0.6, and 8.4.0.1π@cveNotify |
|
| 2023-03-20 21:29:38 |
π¨ CVE-2019-0841An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.π@cveNotify |
|
| 2023-03-20 20:29:57 |
π¨ CVE-2019-0810A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861.π@cveNotify |
|
| 2023-03-20 20:29:56 |
π¨ CVE-2023-23404Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-20 20:29:55 |
π¨ CVE-2023-23405Remote Procedure Call Runtime Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-20 20:29:51 |
π¨ CVE-2022-4148The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client.π@cveNotify |
|
| 2023-03-20 20:29:50 |
π¨ CVE-2023-0145The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-20 20:29:49 |
π¨ CVE-2023-0175The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-20 20:29:45 |
π¨ CVE-2023-0340The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.π@cveNotify |
|
| 2023-03-20 20:29:44 |
π¨ CVE-2023-0365The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-20 20:29:43 |
π¨ CVE-2023-0369The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-20 20:29:39 |
π¨ CVE-2023-0630The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.π@cveNotify |
|
| 2023-03-20 20:29:38 |
π¨ CVE-2023-0865The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users.π@cveNotify |
|
| 2023-03-20 20:29:37 |
π¨ CVE-2023-0875The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users.π@cveNotify |
|
| 2023-03-20 11:30:26 |
π¨ CVE-2023-1248Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.π@cveNotify |
|
| 2023-03-20 11:30:25 |
π¨ CVE-2023-1502A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-223406 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-20 11:30:24 |
π¨ CVE-2023-1503A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of the argument username/password with the input admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223407.π@cveNotify |
|
| 2023-03-20 11:30:20 |
π¨ CVE-2023-1504A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223408.π@cveNotify |
|
| 2023-03-20 11:30:19 |
π¨ CVE-2023-1505A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223409 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-20 11:30:18 |
π¨ CVE-2015-10096A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383.π@cveNotify |
|
| 2023-03-20 11:30:17 |
π¨ CVE-2022-4933A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The name of the patch is ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-20 06:30:36 |
π¨ CVE-2023-1264NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.π@cveNotify |
|
| 2023-03-20 06:30:35 |
π¨ CVE-2023-1175Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.π@cveNotify |
|
| 2023-03-20 06:30:34 |
π¨ CVE-2023-1170Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.π@cveNotify |
|
| 2023-03-20 06:30:33 |
π¨ CVE-2023-23421Windows Kernel Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-20 06:30:32 |
π¨ CVE-2023-23423Windows Kernel Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-20 06:30:31 |
π¨ CVE-2023-23420Windows Kernel Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-20 06:30:27 |
π¨ CVE-2023-23422Windows Kernel Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-20 06:30:26 |
π¨ CVE-2023-24856Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerabilityπ@cveNotify |
|
| 2023-03-20 06:30:25 |
π¨ CVE-2023-24857Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerabilityπ@cveNotify |
|
| 2023-03-20 06:30:24 |
π¨ CVE-2023-24858Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerabilityπ@cveNotify |
|
| 2023-03-20 06:30:23 |
π¨ CVE-2023-24859Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerabilityπ@cveNotify |
|
| 2023-03-19 23:29:39 |
π¨ CVE-2023-1498A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223398 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-19 23:29:38 |
π¨ CVE-2023-1499A vulnerability classified as critical was found in code-projects Simple Art Gallery 1.0. Affected by this vulnerability is an unknown functionality of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223399.π@cveNotify |
|
| 2023-03-19 23:29:37 |
π¨ CVE-2023-1500A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400.π@cveNotify |
|
| 2023-03-19 23:29:36 |
π¨ CVE-2023-1501A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223401 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-19 21:29:42 |
π¨ CVE-2023-1489A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is an unknown functionality in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375.π@cveNotify |
|
| 2023-03-19 21:29:41 |
π¨ CVE-2023-1491A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects an unknown part in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-19 21:29:37 |
π¨ CVE-2023-1493A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been rated as problematic. This issue affects some unknown processing in the library MaxProctetor64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223379.π@cveNotify |
|
| 2023-03-19 21:29:36 |
π¨ CVE-2023-1487A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects some unknown processing in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223373 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-19 21:29:35 |
π¨ CVE-2023-1488A vulnerability, which was classified as problematic, was found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. Affected is an unknown function in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-223374 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-19 18:29:36 |
π¨ CVE-2023-1496Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.π@cveNotify |
|
| 2023-03-19 06:30:02 |
π¨ CVE-2023-22591IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.π@cveNotify |
|
| 2023-03-19 06:30:01 |
π¨ CVE-2023-24229DrayTek Vigor2960 v1.5.1.4 was discovered to contain a command injection vulnerability via the mainfunction.cgi component.π@cveNotify |
|
| 2023-03-19 06:29:59 |
π¨ CVE-2022-39216Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, the reset password token is generated without any randomness parameter. This may lead to account takeover. The issue is fixed in versions 2.7.8 and 3.0.2-1.π@cveNotify |
|
| 2023-03-19 06:29:57 |
π¨ CVE-2023-25680IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032.π@cveNotify |
|
| 2023-03-19 06:29:56 |
π¨ CVE-2020-4927A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695.π@cveNotify |
|
| 2023-03-19 06:29:54 |
π¨ CVE-2023-26284IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417.π@cveNotify |
|
| 2023-03-19 06:29:53 |
π¨ CVE-2022-46774IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to incorrect default permissions which could give access to a user to actions that they should not have access to. IBM X-Force ID: 242953.π@cveNotify |
|
| 2023-03-19 06:29:52 |
π¨ CVE-2020-27507The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.π@cveNotify |
|
| 2023-03-19 06:29:50 |
π¨ CVE-2023-22876IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364.π@cveNotify |
|
| 2023-03-19 06:29:49 |
π¨ CVE-2022-46773IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.π@cveNotify |
|
| 2023-03-19 06:29:48 |
π¨ CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2π@cveNotify |
|
| 2023-03-19 06:29:47 |
π¨ CVE-2022-48423In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur.π@cveNotify |
|
| 2023-03-19 06:29:45 |
π¨ CVE-2022-48424In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur.π@cveNotify |
|
| 2023-03-19 06:29:44 |
π¨ CVE-2022-48425In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs.π@cveNotify |
|
| 2023-03-19 06:29:43 |
π¨ CVE-2023-28617org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters.π@cveNotify |
|
| 2023-03-19 06:29:42 |
π¨ CVE-2022-48422ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located.π@cveNotify |
|
| 2023-03-19 06:29:41 |
π¨ CVE-2023-26805Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify.π@cveNotify |
|
| 2023-03-19 06:29:39 |
π¨ CVE-2023-26806Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime,π@cveNotify |
|
| 2023-03-19 06:29:38 |
π¨ CVE-2023-26905An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id.π@cveNotify |
|
| 2023-03-19 06:29:37 |
π¨ CVE-2023-1495A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-19 01:29:43 |
π¨ CVE-2023-1492A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been declared as problematic. This vulnerability affects unknown code in the library MaxProc64.sys of the component IoControlCode Handler. The manipulation of the argument SystemBuffer leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223378 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-19 01:29:42 |
π¨ CVE-2023-1493A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been rated as problematic. This issue affects some unknown processing in the library MaxProctetor64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223379.π@cveNotify |
|
| 2023-03-19 01:29:41 |
π¨ CVE-2023-1494A vulnerability classified as critical has been found in IBOS 4.5.5. Affected is an unknown function of the file ApiController.php. The manipulation of the argument emailids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223380.π@cveNotify |
|
| 2023-03-19 01:29:40 |
π¨ CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.π@cveNotify |
|
| 2023-03-19 01:29:39 |
π¨ CVE-2023-1489A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is an unknown functionality in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375.π@cveNotify |
|
| 2023-03-19 01:29:38 |
π¨ CVE-2023-1490A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is some unknown functionality in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376.π@cveNotify |
|
| 2023-03-19 01:29:36 |
π¨ CVE-2023-1491A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects an unknown part in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-18 23:29:39 |
π¨ CVE-2023-1486A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects unknown code in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223372.π@cveNotify |
|
| 2023-03-18 23:29:38 |
π¨ CVE-2023-1487A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects some unknown processing in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223373 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-18 23:29:37 |
π¨ CVE-2023-28609api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication.π@cveNotify |
|
| 2023-03-18 20:29:38 |
π¨ CVE-2023-28606js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips.π@cveNotify |
|
| 2023-03-18 20:29:37 |
π¨ CVE-2023-28607js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip.π@cveNotify |
|
| 2023-03-18 13:29:36 |
π¨ CVE-2023-1483A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. The attack can be initiated remotely. VDB-223366 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-18 13:29:35 |
π¨ CVE-2023-1484A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367.π@cveNotify |
|
| 2023-03-18 11:29:37 |
π¨ CVE-2023-0361A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.π@cveNotify |
|
| 2023-03-18 11:29:36 |
π¨ CVE-2023-26113Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js.π@cveNotify |
|
| 2023-03-18 06:29:41 |
π¨ CVE-2023-25282A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp.π@cveNotify |
|
| 2023-03-18 06:29:37 |
π¨ CVE-2022-39214Combodo iTop is an open source, web-based IT service management platform. Prior to versions 2.7.8 and 3.0.2-1, a user who can log in on iTop is able to take over any account just by knowing the account's username. This issue is fixed in versions 2.7.8 and 3.0.2-1.π@cveNotify |
|
| 2023-03-18 06:29:36 |
π¨ CVE-2023-26912Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.π@cveNotify |
|
| 2023-03-18 06:29:35 |
π¨ CVE-2023-25345Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.π@cveNotify |
|
| 2023-03-18 01:29:36 |
π¨ CVE-2023-27595Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall). This vulnerability is fixed in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x, and earlier are not affected. There are no known workarounds.π@cveNotify |
|
| 2023-03-18 01:29:35 |
π¨ CVE-2023-28116Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually.π@cveNotify |
|
| 2023-03-17 22:29:36 |
π¨ CVE-2023-27594Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing.π@cveNotify |
|
| 2023-03-17 20:29:38 |
π¨ CVE-2023-27235An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.π@cveNotify |
|
| 2023-03-17 20:29:37 |
π¨ CVE-2023-24726Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page.π@cveNotify |
|
| 2023-03-17 20:29:36 |
π¨ CVE-2019-10790taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.π@cveNotify |
|
| 2023-03-17 19:29:36 |
π¨ CVE-2023-27483crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate.π@cveNotify |
|
| 2023-03-17 19:29:35 |
π¨ CVE-2023-27581github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0` and prior to version 4.4.1, this action uses the `github.head_ref` parameter in an insecure way. This vulnerability can be triggered by any user on GitHub on any workflow using the action on pull requests. They just need to create a pull request with a branch name, which can contain the attack payload. This can be used to execute code on the GitHub runners and to exfiltrate any secrets one uses in the CI pipeline. A patched action is available in version 4.4.1. No workaround is available.π@cveNotify |
|
| 2023-03-17 17:30:01 |
π¨ CVE-2023-1471The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with minimal permissions, such as a subscrber, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.π@cveNotify |
|
| 2023-03-17 17:30:00 |
π¨ CVE-2023-1472The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Actions include resetting the API key, accessing or deleting log files, and deleting cache among others.π@cveNotify |
|
| 2023-03-17 17:29:55 |
π¨ CVE-2023-1474A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file users/question_papers/manage_question_paper.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223336.π@cveNotify |
|
| 2023-03-17 17:29:54 |
π¨ CVE-2023-1475A vulnerability, which was classified as critical, has been found in SourceCodester Canteen Management System 1.0. This issue affects the function query of the file createuser.php. The manipulation of the argument uemail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223337 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-17 17:29:53 |
π¨ CVE-2023-23622Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions.π@cveNotify |
|
| 2023-03-17 17:29:52 |
π¨ CVE-2023-26040Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds.π@cveNotify |
|
| 2023-03-17 17:29:51 |
π¨ CVE-2023-1172The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π@cveNotify |
|
| 2023-03-17 17:29:47 |
π¨ CVE-2023-1469The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βpec_coupon[code]β parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.π@cveNotify |
|
| 2023-03-17 17:29:46 |
π¨ CVE-2016-15028A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847.π@cveNotify |
|
| 2023-03-17 17:29:45 |
π¨ CVE-2023-24975IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030.π@cveNotify |
|
| 2023-03-17 17:29:44 |
π¨ CVE-2021-21938A heap-based buffer overflow vulnerability exists in the Palette box parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.π@cveNotify |
|
| 2023-03-17 17:29:39 |
π¨ CVE-2023-27484crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround.π@cveNotify |
|
| 2023-03-17 17:29:38 |
π¨ CVE-2023-1369A vulnerability was found in TG Soft Vir.IT eXplorer 9.4.86.0. It has been rated as problematic. This issue affects some unknown processing in the library VIRAGTLT.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 9.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222875.π@cveNotify |
|
| 2023-03-17 17:29:37 |
π¨ CVE-2020-36670The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.π@cveNotify |
|
| 2023-03-17 17:29:36 |
π¨ CVE-2020-36669The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-17 15:29:56 |
π¨ CVE-2020-36668The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.π@cveNotify |
|
| 2023-03-17 15:29:55 |
π¨ CVE-2020-36667The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.π@cveNotify |
|
| 2023-03-17 15:29:51 |
π¨ CVE-2023-24033The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service.π@cveNotify |
|
| 2023-03-17 15:29:50 |
π¨ CVE-2023-26956onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.π@cveNotify |
|
| 2023-03-17 15:29:49 |
π¨ CVE-2023-1172The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π@cveNotify |
|
| 2023-03-17 15:29:48 |
π¨ CVE-2023-1469The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βpec_coupon[code]β parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard.π@cveNotify |
|
| 2023-03-17 15:29:44 |
π¨ CVE-2023-1463Improper Authorization in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.π@cveNotify |
|
| 2023-03-17 15:29:43 |
π¨ CVE-2023-1464A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file Users.php?f=save_user. The manipulation of the argument firstname/middlename/lastname/username/password leads to improper authentication. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223311.π@cveNotify |
|
| 2023-03-17 15:29:42 |
π¨ CVE-2023-1467A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223326 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-17 15:29:41 |
π¨ CVE-2023-1468A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipulation of the argument date_from/date_to leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-223327.π@cveNotify |
|
| 2023-03-17 15:29:37 |
π¨ CVE-2023-1439A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracker System 1.0. This issue affects some unknown processing of the file medicines/view_details.php of the component GET Parameter Handler. The manipulation of the argument GET leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223283.π@cveNotify |
|
| 2023-03-17 15:29:36 |
π¨ CVE-2023-1441A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/courses/view_course.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223285 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-17 15:29:35 |
π¨ CVE-2023-1442A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287.π@cveNotify |
|
| 2023-03-17 13:29:41 |
π¨ CVE-2023-1443A vulnerability was found in Filseclab Twister Antivirus 8. It has been declared as problematic. This vulnerability affects unknown code in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223288.π@cveNotify |
|
| 2023-03-17 13:29:40 |
π¨ CVE-2023-1444A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects some unknown processing in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223289 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-17 13:29:39 |
π¨ CVE-2023-1445A vulnerability classified as problematic has been found in Filseclab Twister Antivirus 8. Affected is an unknown function in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-223290 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-17 13:29:38 |
π¨ CVE-2023-1446A vulnerability classified as problematic was found in Watchdog Anti-Virus 1.4.214.0. Affected by this vulnerability is an unknown functionality in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223291.π@cveNotify |
|
| 2023-03-17 13:29:37 |
π¨ CVE-2023-1453A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-17 10:29:47 |
π¨ CVE-2023-1448A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-17 10:29:45 |
π¨ CVE-2023-1450A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295.π@cveNotify |
|
| 2023-03-17 10:29:44 |
π¨ CVE-2023-1451A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223296.π@cveNotify |
|
| 2023-03-17 10:29:40 |
π¨ CVE-2023-1452A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-17 10:29:39 |
π¨ CVE-2023-1453A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is some unknown functionality in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-17 10:29:37 |
π¨ CVE-2023-1455A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223300.π@cveNotify |
|
| 2023-03-17 10:29:36 |
π¨ CVE-2021-21548Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victimβs data in transit.π@cveNotify |
|
| 2023-03-17 06:29:40 |
π¨ CVE-2023-28531ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.π@cveNotify |
|
| 2023-03-17 06:29:37 |
π¨ CVE-2023-26073An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the extended emergency number list.π@cveNotify |
|
| 2023-03-17 06:29:36 |
π¨ CVE-2023-26072An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. A heap-based buffer overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Emergency number list.π@cveNotify |
|
| 2023-03-17 06:29:35 |
π¨ CVE-2023-26075An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.π@cveNotify |
|
| 2023-03-17 00:29:35 |
π¨ CVE-2023-27059A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group Name text field.π@cveNotify |
|
| 2023-03-16 21:29:47 |
π¨ CVE-2023-0349The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image and video. This could allow an attacker to view and record image and video from the camera.π@cveNotify |
|
| 2023-03-16 21:29:46 |
π¨ CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.π@cveNotify |
|
| 2023-03-16 21:29:43 |
π¨ CVE-2023-0811Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. If an adversary issues a PROGRAM AREA WRITE command to a specific memory region, they could overwrite the password. This may lead to disabling UM protections or setting a non-ASCII password (non-keyboard characters) and preventing an engineer from viewing or modifying the user program.π@cveNotify |
|
| 2023-03-16 21:29:42 |
π¨ CVE-2023-28100Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of `TIOCSTI`. If a Flatpak app is run on a Linux virtual console such as `/dev/tty1`, it can copy text from the virtual console and paste it into the command buffer, from which the command might be run after the Flatpak app has exited. Ordinary graphical terminal emulators like xterm, gnome-terminal and Konsole are unaffected. This vulnerability is specific to the Linux virtual consoles `/dev/tty1`, `/dev/tty2` and so on. A patch is available in versions 1.10.8, 1.12.8, 1.14.4, and 1.15.4. As a workaround, don't run Flatpak on a Linux virtual console. Flatpak is primarily designed to be used in a Wayland or X11 graphical environment.π@cveNotify |
|
| 2023-03-16 21:29:41 |
π¨ CVE-2023-28104`silverstripe/graphql` serves Silverstripe data as GraphQL representations. In versions 4.2.2 and 4.1.1, an attacker could use a specially crafted graphql query to execute a denial of service attack against a website which has a publicly exposed graphql endpoint. This mostly affects websites with particularly large/complex graphql schemas. Users should upgrade to `silverstripe/graphql` 4.2.3 or 4.1.2 to remedy the vulnerability.π@cveNotify |
|
| 2023-03-16 21:29:37 |
π¨ CVE-2023-28105go-used-util has commonly used utility functions for Go. Versions prior to 0.0.34 have a ZipSlip issue when using fsutil package to unzip files. When users use `zip.Unzip` to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. The issue has been fixed in version 0.0.34. There are no known workarounds.π@cveNotify |
|
| 2023-03-16 21:29:36 |
π¨ CVE-2023-28108Pimcore is an open source data and experience management platform. Prior to version 10.5.19, quoting is not done properly in UUID DAO model. There is the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the DAO class. Users should update to version 10.5.19 to receive a patch or, as a workaround, apply the patch manually.π@cveNotify |
|
| 2023-03-16 21:29:35 |
π¨ CVE-2023-28109Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use `play-with-docker.com` as an example and set the origin header in an http request as `evil-play-with-docker.com`. The domain would echo in response header, which successfully bypassed the CORS policy and retrieved basic user information. This issue has been fixed in commit ed82247c9ab7990ad76ec2bf1498c2b2830b6f1a. There are no known workarounds.π@cveNotify |
|
| 2023-03-16 19:29:40 |
π¨ CVE-2022-40531Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.π@cveNotify |
|
| 2023-03-16 17:30:03 |
π¨ CVE-2023-0219The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML.π@cveNotify |
|
| 2023-03-16 17:30:02 |
π¨ CVE-2023-0477The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP files. This is caused by incorrect file extension validation.π@cveNotify |
|
| 2023-03-16 17:30:01 |
π¨ CVE-2023-0538The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-03-16 17:30:00 |
π¨ CVE-2022-47484In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-16 17:29:59 |
π¨ CVE-2023-0073The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-16 17:29:58 |
π¨ CVE-2023-0172The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-03-16 17:29:56 |
π¨ CVE-2022-4661The Widgets for WooCommerce Products on Elementor WordPress plugin before 1.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-03-16 17:29:55 |
π¨ CVE-2023-0037The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injectionπ@cveNotify |
|
| 2023-03-16 17:29:54 |
π¨ CVE-2023-0066The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-16 17:29:53 |
π¨ CVE-2023-27900Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.π@cveNotify |
|
| 2023-03-16 17:29:52 |
π¨ CVE-2022-47454In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.π@cveNotify |
|
| 2023-03-16 17:29:51 |
π¨ CVE-2023-27899Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.π@cveNotify |
|
| 2023-03-16 17:29:50 |
π¨ CVE-2023-27898Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.π@cveNotify |
|
| 2023-03-16 17:29:49 |
π¨ CVE-2023-27577flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.π@cveNotify |
|
| 2023-03-16 17:29:48 |
π¨ CVE-2023-1391A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-16 17:29:44 |
π¨ CVE-2023-1392A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is the function save_menu. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222979.π@cveNotify |
|
| 2023-03-16 17:29:43 |
π¨ CVE-2023-1394A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been classified as critical. This affects the function mysqli_query of the file bsitemp.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222981 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-16 17:29:41 |
π¨ CVE-2023-25148A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.π@cveNotify |
|
| 2023-03-16 17:29:40 |
π¨ CVE-2023-1396A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.π@cveNotify |
|
| 2023-03-16 15:30:01 |
π¨ CVE-2023-1433A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/products/controller.php?action=add of the component Products Handler. The manipulation of the argument filename leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223215.π@cveNotify |
|
| 2023-03-16 15:30:00 |
π¨ CVE-2023-27875IBM Aspera Faspex 5.0.4 could allow an authenticated user to change other user's credentials due to improper access controls. IBM X-Force ID: 249847.π@cveNotify |
|
| 2023-03-16 15:29:59 |
π¨ CVE-2022-34376Dell PowerEdge BIOS and Dell Precision BIOS contain an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM.π@cveNotify |
|
| 2023-03-16 15:29:58 |
π¨ CVE-2022-34377Dell PowerEdge BIOS and Dell Precision BIOS contain an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service.π@cveNotify |
|
| 2023-03-16 15:29:54 |
π¨ CVE-2023-25267An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.π@cveNotify |
|
| 2023-03-16 15:29:53 |
π¨ CVE-2023-27601OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`): By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.π@cveNotify |
|
| 2023-03-16 15:29:52 |
π¨ CVE-2023-28095OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Versions prior to 3.1.7 and 3.2.4 have a potential issue in `msg_translator.c:2628` which might lead to a server crash. This issue was found while fuzzing the function `build_res_buf_from_sip_req` but could not be reproduced against a running instance of OpenSIPS. This issue could not be exploited against a running instance of OpenSIPS since no public function was found to make use of this vulnerable code. Even in the case of exploitation through unknown vectors, it is highly unlikely that this issue would lead to anything other than Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.π@cveNotify |
|
| 2023-03-16 15:29:51 |
π¨ CVE-2023-28096OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `{"jsonrpc": "2.0","method": "log_le`. This malformed message was tested against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption over time. To abuse this memory leak, attackers need to reach the management interface (MI) which typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying systemβs availability. No authentication is typically required to reproduce this issue. On the other hand, memory leaks may occur in other areas of OpenSIPS where the cJSON library is used for parsing JSON objects. The issue has been fixed in versions 3.1.8 and 3.2.5.π@cveNotify |
|
| 2023-03-16 15:29:47 |
π¨ CVE-2022-4313A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.π@cveNotify |
|
| 2023-03-16 15:29:46 |
π¨ CVE-2023-1421A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.π@cveNotify |
|
| 2023-03-16 15:29:45 |
π¨ CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2π@cveNotify |
|
| 2023-03-16 15:29:44 |
π¨ CVE-2023-28097OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.π@cveNotify |
|
| 2023-03-16 15:29:40 |
π¨ CVE-2023-28098OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www_authorize()` . Versions 3.1.7 and 3.2.4 contain a fix.π@cveNotify |
|
| 2023-03-16 15:29:39 |
π¨ CVE-2023-28099OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, if `ds_is_in_list()` is used with an invalid IP address string (`NULL` is illegal input), OpenSIPS will attempt to print a string from a random address (stack garbage), which could lead to a crash. All users of `ds_is_in_list()` without the `$si` variable as 1st parameter could be affected by this vulnerability to a larger, lesser or no extent at all, depending if the data passed to the function is a valid IPv4 or IPv6 address string or not. Fixes will are available starting with the 3.1.9 and 3.2.6 minor releases. There are no known workarounds.π@cveNotify |
|
| 2023-03-16 15:29:38 |
π¨ CVE-2023-28337When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden βforceFWUpdateβ parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.π@cveNotify |
|
| 2023-03-16 15:29:37 |
π¨ CVE-2022-46773IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.π@cveNotify |
|
| 2023-03-16 12:29:36 |
π¨ CVE-2023-24571Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution.π@cveNotify |
|
| 2023-03-16 10:29:38 |
π¨ CVE-2022-1586An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.π@cveNotify |
|
| 2023-03-16 10:29:37 |
π¨ CVE-2022-1587An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.π@cveNotify |
|
| 2023-03-16 10:29:36 |
π¨ CVE-2019-20454An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. The flaw occurs in do_extuni_no_utf in pcre2_jit_compile.c.π@cveNotify |
|
| 2023-03-16 06:29:47 |
π¨ CVE-2023-27084Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter.π@cveNotify |
|
| 2023-03-16 06:29:46 |
π¨ CVE-2023-27095Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module.π@cveNotify |
|
| 2023-03-16 06:29:44 |
π¨ CVE-2023-25280OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp.π@cveNotify |
|
| 2023-03-16 06:29:40 |
π¨ CVE-2023-25281A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp.π@cveNotify |
|
| 2023-03-16 06:29:39 |
π¨ CVE-2023-28486Sudo before 1.9.13 does not escape control characters in log messages.π@cveNotify |
|
| 2023-03-16 06:29:38 |
π¨ CVE-2023-28487Sudo before 1.9.13 does not escape control characters in sudoreplay output.π@cveNotify |
|
| 2023-03-16 06:29:37 |
π¨ CVE-2023-28466do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).π@cveNotify |
|
| 2023-03-16 00:29:58 |
π¨ CVE-2022-4313A vulnerability was reported where through modifying the scan variables, an authenticated user in Tenable products, that has Scan Policy Configuration roles, could manipulate audit policy variables to execute arbitrary commands on credentialed scan targets.π@cveNotify |
|
| 2023-03-16 00:29:54 |
π¨ CVE-2023-1389TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web management interface. Specifically, the country parameter of the write operation was not sanitized before being used in a call to popen(), allowing an unauthenticated attacker to inject commands, which would be run as root, with a simple POST request.π@cveNotify |
|
| 2023-03-16 00:29:53 |
π¨ CVE-2023-1421A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a malicious state parameter.π@cveNotify |
|
| 2023-03-16 00:29:52 |
π¨ CVE-2023-24468Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2π@cveNotify |
|
| 2023-03-16 00:29:51 |
π¨ CVE-2023-28097OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.9 and 3.2.6, a malformed SIP message containing a large _Content-Length_ value and a specially crafted Request-URI causes a segmentation fault in OpenSIPS. This issue occurs when a large amount of shared memory using the `-m` flag was allocated to OpenSIPS, such as 10 GB of RAM. On the test system, this issue occurred when shared memory was set to `2362` or higher. This issue is fixed in versions 3.1.9 and 3.2.6. The only workaround is to guarantee that the Content-Length value of input messages is never larger than `2147483647`.π@cveNotify |
|
| 2023-03-16 00:29:50 |
π¨ CVE-2023-28098OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, a specially crafted Authorization header causes OpenSIPS to crash or behave in an unexpected way due to a bug in the function `parse_param_name()` . This issue was discovered while performing coverage guided fuzzing of the function parse_msg. The AddressSanitizer identified that the issue occurred in the function `q_memchr()` which is being called by the function `parse_param_name()`. This issue may cause erratic program behaviour or a server crash. It affects configurations containing functions that make use of the affected code, such as the function `www_authorize()` . Versions 3.1.7 and 3.2.4 contain a fix.π@cveNotify |
|
| 2023-03-16 00:29:46 |
π¨ CVE-2023-28337When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden βforceFWUpdateβ parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the device.π@cveNotify |
|
| 2023-03-16 00:29:45 |
π¨ CVE-2023-28338Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a βContent-Typeβ of βmultipartboundary=β will result in the request body being written to β/tmp/mulipartFileβ on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting in the device becoming unusable until it is rebooted.π@cveNotify |
|
| 2023-03-16 00:29:44 |
π¨ CVE-2023-28460A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.π@cveNotify |
|
| 2023-03-16 00:29:43 |
π¨ CVE-2023-28461Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."π@cveNotify |
|
| 2023-03-16 00:29:39 |
π¨ CVE-2023-25267An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI.π@cveNotify |
|
| 2023-03-16 00:29:38 |
π¨ CVE-2023-27600OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`). By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue is patched in versions 3.1.7 and 3.2.4.π@cveNotify |
|
| 2023-03-16 00:29:37 |
π¨ CVE-2023-27601OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, OpenSIPS crashes when a malformed SDP body is received and is processed by the `delete_sdp_line` function in the sipmsgops module. This issue can be reproduced by calling the function with an SDP body that does not terminate by a line feed (i.e. `\n`). The vulnerability was found while performing black-box fuzzing against an OpenSIPS server running a configuration that made use of the functions `codec_delete_except_re` and `codec_delete_re`. The same issue was also discovered while performing coverage guided fuzzing on the function `codec_delete_except_re`. The crash happens because the function `delete_sdp_line` expects that an SDP line is terminated by a line feed (`\n`): By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. Due to the sanity check that is performed in the `del_lump` function, exploitation of this issue will generate an `abort` in the lumps processing function, resulting in a Denial of Service. This issue has been fixed in versions 3.1.7 and 3.2.4.π@cveNotify |
|
| 2023-03-16 00:29:36 |
π¨ CVE-2023-28096OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. The memory leak was detected in the function `parse_mi_request` while performing coverage-guided fuzzing. This issue can be reproduced by sending multiple requests of the form `{"jsonrpc": "2.0","method": "log_le`. This malformed message was tested against an instance of OpenSIPS via FIFO transport layer and was found to increase the memory consumption over time. To abuse this memory leak, attackers need to reach the management interface (MI) which typically should only be exposed on trusted interfaces. In cases where the MI is exposed to the internet without authentication, abuse of this issue will lead to memory exhaustion which may affect the underlying systemβs availability. No authentication is typically required to reproduce this issue. On the other hand, memory leaks may occur in other areas of OpenSIPS where the cJSON library is used for parsing JSON objects. The issue has been fixed in versions 3.1.8 and 3.2.5.π@cveNotify |
|
| 2023-03-15 23:29:58 |
π¨ CVE-2023-22591IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710.π@cveNotify |
|
| 2023-03-15 23:29:57 |
π¨ CVE-2023-26484KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler (the KubeVirt node-daemon) is running, the virt-handler service account can be used to modify all node specs. This can be misused to lure-in system-level-privileged components which can, for instance, read all secrets on the cluster, or can exec into pods on other nodes. This way, a compromised node can be used to elevate privileges beyond the node until potentially having full privileged access to the whole cluster. The simplest way to exploit this, once a user could compromise a specific node, is to set with the virt-handler service account all other nodes to unschedulable and simply wait until system-critical components with high privileges appear on its node. No patches are available as of time of publication. As a workaround, gatekeeper users can add a webhook which will block the `virt-handler` service account to modify the spec of a node.π@cveNotify |
|
| 2023-03-15 23:29:56 |
π¨ CVE-2023-27596OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the `stream_process` function. This issue was discovered during coverage guided fuzzing of the function `codec_delete_except_re`. By abusing this vulnerability, an attacker is able to crash the server. It affects configurations containing functions that rely on the affected code, such as the function `codec_delete_except_re`. This issue has been fixed in version 3.1.8 and 3.2.5.π@cveNotify |
|
| 2023-03-15 23:29:55 |
π¨ CVE-2023-27597OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.8 and 3.2.5, when a specially crafted SIP message is processed by the function `rewrite_ruri`, a crash occurs due to a segmentation fault. This issue causes the server to crash. It affects configurations containing functions that make use of the affected code, such as the function `setport`. This issue has been fixed in version 3.1.8 and 3.2.5.π@cveNotify |
|
| 2023-03-15 23:29:52 |
π¨ CVE-2023-27598OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed `Via` header to OpenSIPS triggers a segmentation fault when the function `calc_tag_suffix` is called. A specially crafted `Via` header, which is deemed correct by the parser, will pass uninitialized strings to the function `MD5StringArray` which leads to the crash. Abuse of this vulnerability leads to Denial of Service due to a crash. Since the uninitialized string points to memory location `0x0`, no further exploitation appears to be possible. No special network privileges are required to perform this attack, as long as the OpenSIPS configuration makes use of functions such as `sl_send_reply` or `sl_gen_totag` that trigger the vulnerable code. This issue has been fixed in versions 3.1.7 and 3.2.4.π@cveNotify |
|
| 2023-03-15 23:29:51 |
π¨ CVE-2023-27599OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Prior to versions 3.1.7 and 3.2.4, when the function `append_hf` handles a SIP message with a malformed To header, a call to the function `abort()` is performed, resulting in a crash. This is due to the following check in `data_lump.c:399` in the function `anchor_lump`. An attacker abusing this vulnerability will crash OpenSIPS leading to Denial of Service. It affects configurations containing functions that make use of the affected code, such as the function `append_hf`. This issue has been fixed in versions 3.1.7 and 3.2.4.π@cveNotify |
|
| 2023-03-15 23:29:50 |
π¨ CVE-2023-28450An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.π@cveNotify |
|
| 2023-03-15 23:29:49 |
π¨ CVE-2023-1355NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.π@cveNotify |
|
| 2023-03-15 23:29:45 |
π¨ CVE-2023-1353A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852.π@cveNotify |
|
| 2023-03-15 23:29:44 |
π¨ CVE-2022-33244Transient DOS due to reachable assertion in modem during MIB reception and SIB timeoutπ@cveNotify |
|
| 2023-03-15 23:29:43 |
π¨ CVE-2020-27507The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact.π@cveNotify |
|
| 2023-03-15 23:29:42 |
π¨ CVE-2022-46773IBM Robotic Process Automation 21.0.0 - 21.0.7 and 23.0.0 is vulnerable to client-side validation bypass for credential pools. Invalid credential pools may be created as a result. IBM X-Force ID: 242951.π@cveNotify |
|
| 2023-03-15 23:29:39 |
π¨ CVE-2023-25344An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function.π@cveNotify |
|
| 2023-03-15 23:29:38 |
π¨ CVE-2023-25345Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags.π@cveNotify |
|
| 2023-03-15 23:29:37 |
π¨ CVE-2023-26912Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate button.π@cveNotify |
|
| 2023-03-15 23:29:36 |
π¨ CVE-2023-27903Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.π@cveNotify |
|
| 2023-03-15 21:29:57 |
π¨ CVE-2022-43874IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, 6.2, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239963.π@cveNotify |
|
| 2023-03-15 19:30:00 |
π¨ CVE-2022-33272Transient DOS in modem due to reachable assertion.π@cveNotify |
|
| 2023-03-15 19:29:59 |
π¨ CVE-2023-1352A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851.π@cveNotify |
|
| 2023-03-15 19:29:58 |
π¨ CVE-2023-1351A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-15 19:29:57 |
π¨ CVE-2023-1349A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-15 19:29:56 |
π¨ CVE-2023-1350A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.π@cveNotify |
|
| 2023-03-15 19:29:55 |
π¨ CVE-2022-33278Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.π@cveNotify |
|
| 2023-03-15 19:29:53 |
π¨ CVE-2022-33309Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.π@cveNotify |
|
| 2023-03-15 19:29:52 |
π¨ CVE-2021-2173Vulnerability in the Recovery component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA Level Account privilege with network access via Oracle Net to compromise Recovery. While the vulnerability is in Recovery, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Recovery accessible data. CVSS 3.1 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).π@cveNotify |
|
| 2023-03-15 19:29:51 |
π¨ CVE-2022-33242Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.π@cveNotify |
|
| 2023-03-15 19:29:50 |
π¨ CVE-2022-25655Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.π@cveNotify |
|
| 2023-03-15 19:29:49 |
π¨ CVE-2022-25694Memory corruption in Modem due to usage of Out-of-range pointer offset in UIMπ@cveNotify |
|
| 2023-03-15 19:29:48 |
π¨ CVE-2022-22075Information Disclosure in Graphics during GPU context switch.π@cveNotify |
|
| 2023-03-15 19:29:47 |
π¨ CVE-2022-25705Memory corruption in modem due to integer overflow to buffer overflow while handling APDU responseπ@cveNotify |
|
| 2023-03-15 19:29:46 |
π¨ CVE-2022-25709Memory corruption in modem due to use of out of range pointer offset while processing qmi msgπ@cveNotify |
|
| 2023-03-15 19:29:45 |
π¨ CVE-2022-33213Memory corruption in modem due to buffer overflow while processing a PPP packetπ@cveNotify |
|
| 2023-03-15 19:29:44 |
π¨ CVE-2022-47474In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-15 19:29:43 |
π¨ CVE-2022-47475In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-15 19:29:41 |
π¨ CVE-2022-47476In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-15 19:29:40 |
π¨ CVE-2022-47478In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-15 17:30:09 |
π¨ CVE-2023-0100In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.π@cveNotify |
|
| 2023-03-15 17:30:07 |
π¨ CVE-2023-27102Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc.π@cveNotify |
|
| 2023-03-15 17:30:06 |
π¨ CVE-2023-27103Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc.π@cveNotify |
|
| 2023-03-15 17:30:04 |
π¨ CVE-2023-27781jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c.π@cveNotify |
|
| 2023-03-15 17:30:02 |
π¨ CVE-2022-45155An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-go_modules versions prior to 0.6.1.π@cveNotify |
|
| 2023-03-15 17:30:01 |
π¨ CVE-2023-1072An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.π@cveNotify |
|
| 2023-03-15 17:29:59 |
π¨ CVE-2023-0050An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.π@cveNotify |
|
| 2023-03-15 17:29:58 |
π¨ CVE-2023-26110All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.π@cveNotify |
|
| 2023-03-15 17:29:56 |
π¨ CVE-2022-4331An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.π@cveNotify |
|
| 2023-03-15 17:29:55 |
π¨ CVE-2023-26109All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.π@cveNotify |
|
| 2023-03-15 17:29:53 |
π¨ CVE-2023-26957onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.π@cveNotify |
|
| 2023-03-15 17:29:52 |
π¨ CVE-2023-0839Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.π@cveNotify |
|
| 2023-03-15 17:29:50 |
π¨ CVE-2022-4289An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.π@cveNotify |
|
| 2023-03-15 17:29:49 |
π¨ CVE-2023-1084An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.π@cveNotify |
|
| 2023-03-15 17:29:47 |
π¨ CVE-2023-0223An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.π@cveNotify |
|
| 2023-03-15 17:29:46 |
π¨ CVE-2023-27475Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.π@cveNotify |
|
| 2023-03-15 17:29:44 |
π¨ CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.π@cveNotify |
|
| 2023-03-15 17:29:42 |
π¨ CVE-2023-27486xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.π@cveNotify |
|
| 2023-03-15 17:29:41 |
π¨ CVE-2023-26948onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.π@cveNotify |
|
| 2023-03-15 14:29:58 |
π¨ CVE-2022-48111A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.π@cveNotify |
|
| 2023-03-15 14:29:57 |
π¨ CVE-2023-27986emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.π@cveNotify |
|
| 2023-03-15 14:29:56 |
π¨ CVE-2021-33360An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).π@cveNotify |
|
| 2023-03-15 14:29:53 |
π¨ CVE-2023-27985emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.π@cveNotify |
|
| 2023-03-15 14:29:52 |
π¨ CVE-2023-0090The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.π@cveNotify |
|
| 2023-03-15 14:29:51 |
π¨ CVE-2023-0845Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.π@cveNotify |
|
| 2023-03-15 14:29:50 |
π¨ CVE-2023-0746The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting.π@cveNotify |
|
| 2023-03-15 14:29:49 |
π¨ CVE-2023-26261In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15.π@cveNotify |
|
| 2023-03-15 14:29:45 |
π¨ CVE-2023-1291A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-15 14:29:44 |
π¨ CVE-2023-1292A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function delete_client of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222646 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-15 14:29:43 |
π¨ CVE-2023-1286Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.π@cveNotify |
|
| 2023-03-15 14:29:39 |
π¨ CVE-2022-45155An Improper Handling of Exceptional Conditions vulnerability in obs-service-go_modules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim.This issue affects:SUSE openSUSE Factoryobs-service-go_modules versions prior to 0.6.1.π@cveNotify |
|
| 2023-03-15 14:29:38 |
π¨ CVE-2023-0089The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.π@cveNotify |
|
| 2023-03-15 14:29:37 |
π¨ CVE-2023-27476OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details.π@cveNotify |
|
| 2023-03-15 14:29:36 |
π¨ CVE-2023-25695Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.π@cveNotify |
|
| 2023-03-15 13:29:47 |
π¨ CVE-2023-25695Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.π@cveNotify |
|
| 2023-03-15 11:29:49 |
π¨ CVE-2023-27239Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet.π@cveNotify |
|
| 2023-03-15 11:29:48 |
π¨ CVE-2023-27234A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application.π@cveNotify |
|
| 2023-03-15 11:29:47 |
π¨ CVE-2023-27235An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file.π@cveNotify |
|
| 2023-03-15 06:30:31 |
π¨ CVE-2023-28371In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. directory traversal.π@cveNotify |
|
| 2023-03-15 06:30:30 |
π¨ CVE-2023-27757An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file.π@cveNotify |
|
| 2023-03-15 06:30:27 |
π¨ CVE-2023-1338The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.π@cveNotify |
|
| 2023-03-15 06:30:25 |
π¨ CVE-2023-1339The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.π@cveNotify |
|
| 2023-03-15 06:30:23 |
π¨ CVE-2023-1335The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.π@cveNotify |
|
| 2023-03-15 06:30:21 |
π¨ CVE-2023-1336The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.π@cveNotify |
|
| 2023-03-15 06:30:19 |
π¨ CVE-2023-1337The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.π@cveNotify |
|
| 2023-03-15 06:30:17 |
π¨ CVE-2023-1333The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.π@cveNotify |
|
| 2023-03-15 06:30:13 |
π¨ CVE-2023-1334The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.π@cveNotify |
|
| 2023-03-15 06:30:12 |
π¨ CVE-2023-1127Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.π@cveNotify |
|
| 2023-03-15 06:30:10 |
π¨ CVE-2023-27320Sudo before 1.9.13p2 has a double free in the per-command chroot feature.π@cveNotify |
|
| 2023-03-15 06:30:09 |
π¨ CVE-2018-2844Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.36 and Prior to 5.2.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).π@cveNotify |
|
| 2023-03-15 06:30:06 |
π¨ CVE-2020-14394An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.π@cveNotify |
|
| 2023-03-15 06:30:04 |
π¨ CVE-2022-1050A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.π@cveNotify |
|
| 2023-03-15 06:30:01 |
π¨ CVE-2021-3592An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the bootp_input() function and could occur while processing a udp packet that is smaller than the size of the 'bootp_t' structure. A malicious guest could use this flaw to leak 10 bytes of uninitialized heap memory from the host. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.π@cveNotify |
|
| 2023-03-15 06:29:58 |
π¨ CVE-2021-3593An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp6_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.π@cveNotify |
|
| 2023-03-15 06:29:54 |
π¨ CVE-2021-3594An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the udp_input() function and could occur while processing a udp packet that is smaller than the size of the 'udphdr' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.π@cveNotify |
|
| 2023-03-15 06:29:52 |
π¨ CVE-2021-3595An invalid pointer initialization issue was found in the SLiRP networking implementation of QEMU. The flaw exists in the tftp_input() function and could occur while processing a udp packet that is smaller than the size of the 'tftp_t' structure. This issue may lead to out-of-bounds read access or indirect host memory disclosure to the guest. The highest threat from this vulnerability is to data confidentiality. This flaw affects libslirp versions prior to 4.6.0.π@cveNotify |
|
| 2023-03-15 06:29:51 |
π¨ CVE-2020-29130slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.π@cveNotify |
|
| 2023-03-15 01:29:51 |
π¨ CVE-2023-1327Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web management interface by resetting the admin password.π@cveNotify |
|
| 2023-03-14 23:30:13 |
π¨ CVE-2023-26262An issue was discovered in Sitecore XP/XM 10.3. As an authenticated Sitecore user, a unrestricted language file upload vulnerability exists the can lead to direct code execution on the content management (CM) server.π@cveNotify |
|
| 2023-03-14 23:30:12 |
π¨ CVE-2023-26511A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows taking control of the affected system.π@cveNotify |
|
| 2023-03-14 23:30:11 |
π¨ CVE-2023-27590Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.π@cveNotify |
|
| 2023-03-14 23:30:10 |
π¨ CVE-2023-27587ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, then it will include the full URL of the request. The request URL contains the Google Cloud API key. This has been patched in commit 8533b01. Upgrading should be accompanied by deleting the current GCP API key and issuing a new one. There are no known workarounds.π@cveNotify |
|
| 2023-03-14 23:30:09 |
π¨ CVE-2022-48111A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.π@cveNotify |
|
| 2023-03-14 23:30:06 |
π¨ CVE-2022-4315An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.π@cveNotify |
|
| 2023-03-14 23:30:05 |
π¨ CVE-2023-22890SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.π@cveNotify |
|
| 2023-03-14 23:30:04 |
π¨ CVE-2023-23760A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.π@cveNotify |
|
| 2023-03-14 23:30:03 |
π¨ CVE-2021-4331The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).π@cveNotify |
|
| 2023-03-14 23:29:59 |
π¨ CVE-2021-4333The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-14 23:29:58 |
π¨ CVE-2023-24282An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.π@cveNotify |
|
| 2023-03-14 23:29:57 |
π¨ CVE-2023-28343OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in models/management_model.php.π@cveNotify |
|
| 2023-03-14 23:29:53 |
π¨ CVE-2021-33351Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.π@cveNotify |
|
| 2023-03-14 23:29:52 |
π¨ CVE-2021-33353Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.π@cveNotify |
|
| 2023-03-14 23:29:51 |
π¨ CVE-2023-24781Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.π@cveNotify |
|
| 2023-03-14 23:29:50 |
π¨ CVE-2022-4931The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.π@cveNotify |
|
| 2023-03-14 21:29:51 |
π¨ CVE-2023-25230loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF).π@cveNotify |
|
| 2023-03-14 21:29:50 |
π¨ CVE-2023-25605A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.π@cveNotify |
|
| 2023-03-14 18:30:01 |
π¨ CVE-2023-22847Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.π@cveNotify |
|
| 2023-03-14 18:30:00 |
π¨ CVE-2023-25363A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely.π@cveNotify |
|
| 2023-03-14 18:29:59 |
π¨ CVE-2023-1278A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.π@cveNotify |
|
| 2023-03-14 18:29:58 |
π¨ CVE-2023-23388Windows Bluetooth Driver Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:54 |
π¨ CVE-2023-23389Microsoft Defender Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:53 |
π¨ CVE-2023-23383Service Fabric Explorer Spoofing Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:52 |
π¨ CVE-2023-21708Remote Procedure Call Runtime Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:51 |
π¨ CVE-2023-23394Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:50 |
π¨ CVE-2023-23385Windows Point-to-Point Protocol over Ethernet (PPPoE) Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:46 |
π¨ CVE-2023-23392HTTP Protocol Stack Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:45 |
π¨ CVE-2023-23393Windows BrokerInfrastructure Service Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:44 |
π¨ CVE-2023-23397Microsoft Outlook Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:40 |
π¨ CVE-2023-23407Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:39 |
π¨ CVE-2023-23396Microsoft Excel Denial of Service Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:38 |
π¨ CVE-2023-23408Azure Apache AmbariΒ Spoofing Vulnerabilityπ@cveNotify |
|
| 2023-03-14 18:29:37 |
π¨ CVE-2023-23409Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerabilityπ@cveNotify |
|
| 2023-03-14 17:29:55 |
π¨ CVE-2022-41939knative.dev/func is is a client library and CLI enabling the development and deployment of Kubernetes functions. Developers using a malicious or compromised third-party buildpack could expose their registry credentials or local docker socket to a malicious `lifecycle` container. This issues has been patched in PR #1442, and is part of release 1.8.1. This issue only affects users who are using function buildpacks from third-parties; pinning the builder image to a specific content-hash with a valid `lifecycle` image will also mitigate the attack.π@cveNotify |
|
| 2023-03-14 17:29:54 |
π¨ CVE-2020-10749A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that allows malicious containers in Kubernetes clusters to perform man-in-the-middle (MitM) attacks. A malicious container can exploit this flaw by sending rogue IPv6 router advertisements to the host or other containers, to redirect traffic to the malicious container.π@cveNotify |
|
| 2023-03-14 17:29:53 |
π¨ CVE-2022-2837A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.π@cveNotify |
|
| 2023-03-14 17:29:52 |
π¨ CVE-2023-27088feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.π@cveNotify |
|
| 2023-03-14 17:29:49 |
π¨ CVE-2022-40676A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.π@cveNotify |
|
| 2023-03-14 17:29:48 |
π¨ CVE-2022-41328A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.π@cveNotify |
|
| 2023-03-14 17:29:47 |
π¨ CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.π@cveNotify |
|
| 2023-03-14 17:29:43 |
π¨ CVE-2023-1296HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workloadβs variables. Fixed in 1.4.6 and 1.5.1.π@cveNotify |
|
| 2023-03-14 17:29:42 |
π¨ CVE-2023-1391A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/ab.php. The manipulation of the argument img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222978 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-14 17:29:41 |
π¨ CVE-2023-1394A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. It has been classified as critical. This affects the function mysqli_query of the file bsitemp.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222981 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-14 17:29:37 |
π¨ CVE-2023-1396A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/traveller_details.php. The manipulation of the argument address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222983.π@cveNotify |
|
| 2023-03-14 17:29:36 |
π¨ CVE-2023-1398A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/upload. The manipulation leads to path traversal: '../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222985 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-14 17:29:35 |
π¨ CVE-2023-27073A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request.π@cveNotify |
|
| 2023-03-14 12:29:45 |
π¨ CVE-2022-4557Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection. This issue affects Smartpower Web: before 23.01.01.π@cveNotify |
|
| 2023-03-14 12:29:40 |
π¨ CVE-2023-27498SAP Host Agent (SAPOSCOL) - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about the server. It can also make a particular service temporarily unavailableπ@cveNotify |
|
| 2023-03-14 12:29:39 |
π¨ CVE-2023-27500An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO to over-write system files. In this attack, no data can be read but potentially critical OS files can be over-written making the system unavailable.π@cveNotify |
|
| 2023-03-14 12:29:38 |
π¨ CVE-2023-27501SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information provided by users, thus exploiting a directory traversal flaw in an available service to delete system files. In this attack, no data can be read but potentially critical OS files can be deleted making the system unavailable, causing significant impact on both availability and integrityπ@cveNotify |
|
| 2023-03-14 12:29:37 |
π¨ CVE-2023-27893An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable.π@cveNotify |
|
| 2023-03-13 06:29:57 |
π¨ CVE-2023-20626In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.π@cveNotify |
|
| 2023-03-13 06:29:56 |
π¨ CVE-2023-20627In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585.π@cveNotify |
|
| 2023-03-13 06:29:55 |
π¨ CVE-2023-20632In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628506; Issue ID: ALPS07628506.π@cveNotify |
|
| 2023-03-13 06:29:54 |
π¨ CVE-2023-20633In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508.π@cveNotify |
|
| 2023-03-13 06:29:50 |
π¨ CVE-2023-20636In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593.π@cveNotify |
|
| 2023-03-13 06:29:49 |
π¨ CVE-2023-27210Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.π@cveNotify |
|
| 2023-03-13 06:29:48 |
π¨ CVE-2023-27213Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.π@cveNotify |
|
| 2023-03-13 06:29:44 |
π¨ CVE-2023-20637In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588.π@cveNotify |
|
| 2023-03-13 06:29:43 |
π¨ CVE-2023-27203Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php.π@cveNotify |
|
| 2023-03-13 06:29:42 |
π¨ CVE-2023-27204Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.π@cveNotify |
|
| 2023-03-13 06:29:38 |
π¨ CVE-2023-27207Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.π@cveNotify |
|
| 2023-03-13 06:29:37 |
π¨ CVE-2023-27211A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.π@cveNotify |
|
| 2023-03-13 06:29:36 |
π¨ CVE-2023-27206A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.π@cveNotify |
|
| 2023-03-12 17:29:52 |
π¨ CVE-2016-15028A vulnerability was found in ICEPAY REST-API-NET 0.9. It has been declared as problematic. Affected by this vulnerability is the function RestClient of the file Classes/RestClient.cs of the component Checksum Validation. The manipulation leads to improper validation of integrity check value. The attack can be launched remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is 61f6b8758e5c971abff5f901cfa9f231052b775f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222847.π@cveNotify |
|
| 2023-03-12 11:29:56 |
π¨ CVE-2023-1360A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863.π@cveNotify |
|
| 2023-03-12 11:29:55 |
π¨ CVE-2023-1357A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222860.π@cveNotify |
|
| 2023-03-12 11:29:54 |
π¨ CVE-2023-1358A vulnerability, which was classified as critical, was found in SourceCodester Gadget Works Online Ordering System 1.0. This affects an unknown part of the file /philosophy/admin/login.php of the component POST Parameter Handler. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222861 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-12 11:29:53 |
π¨ CVE-2023-1359A vulnerability has been found in SourceCodester Gadget Works Online Ordering System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /philosophy/admin/user/controller.php?action=add of the component Add New User. The manipulation of the argument U_NAME leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222862 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-12 07:30:05 |
π¨ CVE-2021-46875An issue was discovered in eZ Platform Ibexa Kernel before 1.3.1.1. An XSS attack can occur because JavaScript code can be uploaded in a .html or .js file.π@cveNotify |
|
| 2023-03-12 07:30:04 |
π¨ CVE-2021-46876An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.π@cveNotify |
|
| 2023-03-12 07:30:02 |
π¨ CVE-2022-48365An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.π@cveNotify |
|
| 2023-03-12 07:30:00 |
π¨ CVE-2022-48366An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.π@cveNotify |
|
| 2023-03-12 07:29:59 |
π¨ CVE-2022-48367An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.π@cveNotify |
|
| 2023-03-12 07:29:58 |
π¨ CVE-2020-19824An issue in MPV v.0.29.1 fixed in v0.30 allows attackers to execute arbitrary code and crash program via the ao_c parameter.π@cveNotify |
|
| 2023-03-12 02:30:27 |
π¨ CVE-2020-27754In IntensityCompare() of /magick/quantize.c, there are calls to PixelPacketIntensity() which could return overflowed values to the caller when ImageMagick processes a crafted input file. To mitigate this, the patch introduces and uses the ConstrainPixelIntensity() function, which forces the pixel intensities to be within the proper bounds in the event of an overflow. This flaw affects ImageMagick versions prior to 6.9.10-69 and 7.0.8-69.π@cveNotify |
|
| 2023-03-12 02:30:26 |
π¨ CVE-2020-25675In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets was causing undefined behavior in the form of integer overflow and out-of-range values as reported by UndefinedBehaviorSanitizer. Such issues could cause a negative impact to application availability or other problems related to undefined behavior, in cases where ImageMagick processes untrusted input data. The upstream patch introduces functionality to constrain the pixel offsets and prevent these issues. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:25 |
π¨ CVE-2020-27756In ParseMetaGeometry() of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses multiplication in addition to the function `PerceptibleReciprocal()` in order to prevent such divide-by-zero conditions. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:24 |
π¨ CVE-2020-27750A flaw was found in ImageMagick in MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` and math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.π@cveNotify |
|
| 2023-03-12 02:30:20 |
π¨ CVE-2020-25674WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availability when a specially crafted input file is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68.π@cveNotify |
|
| 2023-03-12 02:30:19 |
π¨ CVE-2020-25666There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:18 |
π¨ CVE-2020-27757A floating point math calculation in ScaleAnyToQuantum() of /MagickCore/quantum-private.h could lead to undefined behavior in the form of a value outside the range of type unsigned long long. The flaw could be triggered by a crafted input file under certain conditions when it is processed by ImageMagick. Red Hat Product Security marked this as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68.π@cveNotify |
|
| 2023-03-12 02:30:17 |
π¨ CVE-2020-29599ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized and it was therefore possible to inject additional shell commands via coders/pdf.c.π@cveNotify |
|
| 2023-03-12 02:30:16 |
π¨ CVE-2020-27776A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:12 |
π¨ CVE-2020-27774A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:11 |
π¨ CVE-2020-27775A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:10 |
π¨ CVE-2020-27772A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:09 |
π¨ CVE-2020-27767A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:05 |
π¨ CVE-2020-27771In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:04 |
π¨ CVE-2020-27766A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69.π@cveNotify |
|
| 2023-03-12 02:30:03 |
π¨ CVE-2020-27765A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0.π@cveNotify |
|
| 2023-03-12 02:30:02 |
π¨ CVE-2020-27763A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68.π@cveNotify |
|
| 2023-03-12 00:29:38 |
π¨ CVE-2023-1355NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.π@cveNotify |
|
| 2023-03-12 00:29:37 |
π¨ CVE-2013-10021A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739.π@cveNotify |
|
| 2023-03-11 20:29:38 |
π¨ CVE-2023-1353A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852.π@cveNotify |
|
| 2023-03-11 20:29:37 |
π¨ CVE-2023-1354A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-11 14:29:36 |
π¨ CVE-2023-1351A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-11 12:29:46 |
π¨ CVE-2023-1349A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-11 12:29:44 |
π¨ CVE-2023-1350A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.π@cveNotify |
|
| 2023-03-11 12:29:43 |
π¨ CVE-2022-4645LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.π@cveNotify |
|
| 2023-03-11 12:29:42 |
π¨ CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.π@cveNotify |
|
| 2023-03-11 12:29:40 |
π¨ CVE-2023-22895The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.π@cveNotify |
|
| 2023-03-11 12:29:39 |
π¨ CVE-2022-43272DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.π@cveNotify |
|
| 2023-03-11 12:29:38 |
π¨ CVE-2022-41323In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.π@cveNotify |
|
| 2023-03-11 12:29:37 |
π¨ CVE-2022-31081HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected.π@cveNotify |
|
| 2023-03-11 06:29:59 |
π¨ CVE-2022-4265The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated userπ@cveNotify |
|
| 2023-03-11 06:29:58 |
π¨ CVE-2023-1197Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.π@cveNotify |
|
| 2023-03-11 06:29:56 |
π¨ CVE-2023-1200A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388.π@cveNotify |
|
| 2023-03-11 06:29:55 |
π¨ CVE-2023-24789jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.π@cveNotify |
|
| 2023-03-11 06:29:54 |
π¨ CVE-2023-0328The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).π@cveNotify |
|
| 2023-03-11 06:29:53 |
π¨ CVE-2023-0212The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-11 06:29:51 |
π¨ CVE-2023-24999HashiCorp Vault and Vault Enterpriseβs approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.π@cveNotify |
|
| 2023-03-11 06:29:50 |
π¨ CVE-2022-25655Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.π@cveNotify |
|
| 2023-03-11 06:29:49 |
π¨ CVE-2022-40530Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.π@cveNotify |
|
| 2023-03-11 06:29:48 |
π¨ CVE-2022-40539Memory corruption in Automotive Android OS due to improper validation of array index.π@cveNotify |
|
| 2023-03-11 06:29:46 |
π¨ CVE-2022-47457In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.π@cveNotify |
|
| 2023-03-11 06:29:45 |
π¨ CVE-2022-47459In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.π@cveNotify |
|
| 2023-03-11 06:29:44 |
π¨ CVE-2022-47462In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.π@cveNotify |
|
| 2023-03-11 06:29:43 |
π¨ CVE-2022-47471In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 06:29:42 |
π¨ CVE-2022-47474In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 06:29:40 |
π¨ CVE-2022-47475In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 06:29:39 |
π¨ CVE-2022-47476In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 06:29:38 |
π¨ CVE-2022-47477In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 06:29:37 |
π¨ CVE-2022-47478In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 06:29:36 |
π¨ CVE-2022-47479In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 00:29:48 |
π¨ CVE-2022-40530Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.π@cveNotify |
|
| 2023-03-11 00:29:47 |
π¨ CVE-2022-47457In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.π@cveNotify |
|
| 2023-03-11 00:29:43 |
π¨ CVE-2022-47462In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.π@cveNotify |
|
| 2023-03-11 00:29:42 |
π¨ CVE-2022-47474In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 00:29:41 |
π¨ CVE-2022-47475In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 00:29:37 |
π¨ CVE-2022-47477In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 00:29:36 |
π¨ CVE-2022-47479In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-11 00:29:35 |
π¨ CVE-2022-47480In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.π@cveNotify |
|
| 2023-03-10 21:31:30 |
π¨ CVE-2023-1333The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.π@cveNotify |
|
| 2023-03-10 21:31:29 |
π¨ CVE-2023-1334The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.π@cveNotify |
|
| 2023-03-10 21:31:28 |
π¨ CVE-2023-1335The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.π@cveNotify |
|
| 2023-03-10 21:31:27 |
π¨ CVE-2023-1336The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.π@cveNotify |
|
| 2023-03-10 21:31:26 |
π¨ CVE-2023-1337The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.π@cveNotify |
|
| 2023-03-10 21:31:21 |
π¨ CVE-2023-1338The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.π@cveNotify |
|
| 2023-03-10 21:31:20 |
π¨ CVE-2023-1339The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.π@cveNotify |
|
| 2023-03-10 21:31:19 |
π¨ CVE-2023-1341The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-10 21:31:18 |
π¨ CVE-2023-1342The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-10 21:31:13 |
π¨ CVE-2023-1343The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-10 21:31:12 |
π¨ CVE-2023-1344The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-10 21:31:11 |
π¨ CVE-2023-1345The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-10 21:31:10 |
π¨ CVE-2023-22751There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-10 21:31:05 |
π¨ CVE-2023-22752There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-10 21:31:04 |
π¨ CVE-2023-22754There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-10 21:31:03 |
π¨ CVE-2023-22755There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-10 21:31:02 |
π¨ CVE-2023-22756There are buffer overflow vulnerabilities in multiple underlying operating system processes that could lead to unauthenticated remote code execution by sending specially crafted packets via the PAPI protocol. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-10 19:30:00 |
π¨ CVE-2023-1131A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-10 19:29:59 |
π¨ CVE-2022-46501Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.π@cveNotify |
|
| 2023-03-10 19:29:58 |
π¨ CVE-2022-35645IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and IBM Maximo Application Suite 8.8 and 8.9 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 230958.π@cveNotify |
|
| 2023-03-10 19:29:57 |
π¨ CVE-2023-1157A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Affected is the function elf_parser::Elf_parser::get_segments of the file elf_parser.cpp. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-222222 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-10 19:29:56 |
π¨ CVE-2023-1130A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222105 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-10 19:29:55 |
π¨ CVE-2023-25221Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.π@cveNotify |
|
| 2023-03-10 19:29:54 |
π¨ CVE-2023-24758libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π@cveNotify |
|
| 2023-03-10 19:29:53 |
π¨ CVE-2023-1149Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0.π@cveNotify |
|
| 2023-03-10 19:29:52 |
π¨ CVE-2023-24757libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π@cveNotify |
|
| 2023-03-10 19:29:50 |
π¨ CVE-2023-24756libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π@cveNotify |
|
| 2023-03-10 19:29:46 |
π¨ CVE-2023-24755libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π@cveNotify |
|
| 2023-03-10 19:29:45 |
π¨ CVE-2023-24754libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π@cveNotify |
|
| 2023-03-10 19:29:44 |
π¨ CVE-2022-41044Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-10 19:29:43 |
π¨ CVE-2022-41045Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerabilityπ@cveNotify |
|
| 2023-03-10 19:29:39 |
π¨ CVE-2022-41047Microsoft ODBC Driver Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-10 19:29:38 |
π¨ CVE-2022-41048Microsoft ODBC Driver Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-10 19:29:37 |
π¨ CVE-2022-41049Windows Mark of the Web Security Feature Bypass Vulnerabilityπ@cveNotify |
|
| 2023-03-10 19:29:36 |
π¨ CVE-2022-41052Windows Graphics Component Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-03-10 18:29:57 |
π¨ CVE-2023-1322A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.π@cveNotify |
|
| 2023-03-10 18:29:56 |
π¨ CVE-2023-27161Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.π@cveNotify |
|
| 2023-03-10 18:29:55 |
π¨ CVE-2023-27164An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.π@cveNotify |
|
| 2023-03-10 18:29:54 |
π¨ CVE-2023-20053A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.π@cveNotify |
|
| 2023-03-10 18:29:50 |
π¨ CVE-2023-20014A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DNS requests. An attacker could exploit this vulnerability by sending a continuous stream of DNS requests to an affected device. A successful exploit could allow the attacker to cause the coredns service to stop working or cause the device to reload, resulting in a DoS condition.π@cveNotify |
|
| 2023-03-10 18:29:49 |
π¨ CVE-2022-23240Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.π@cveNotify |
|
| 2023-03-10 18:29:48 |
π¨ CVE-2023-20651In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576.π@cveNotify |
|
| 2023-03-10 18:29:44 |
π¨ CVE-2023-20649In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607.π@cveNotify |
|
| 2023-03-10 18:29:43 |
π¨ CVE-2023-20644In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603.π@cveNotify |
|
| 2023-03-10 18:29:42 |
π¨ CVE-2023-20647In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628547; Issue ID: ALPS07628547.π@cveNotify |
|
| 2023-03-10 18:29:38 |
π¨ CVE-2023-20645In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609.π@cveNotify |
|
| 2023-03-10 18:29:37 |
π¨ CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".π@cveNotify |
|
| 2023-03-10 18:29:36 |
π¨ CVE-2022-48111A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.π@cveNotify |
|
| 2023-03-10 12:29:47 |
π¨ CVE-2023-1308A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/adminlog.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222696.π@cveNotify |
|
| 2023-03-10 12:29:46 |
π¨ CVE-2023-1310A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222698 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-10 12:29:45 |
π¨ CVE-2023-1311A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699.π@cveNotify |
|
| 2023-03-10 07:30:11 |
π¨ CVE-2023-1155The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.π@cveNotify |
|
| 2023-03-10 07:30:10 |
π¨ CVE-2021-3854Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.π@cveNotify |
|
| 2023-03-10 07:30:09 |
π¨ CVE-2023-26053Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue.π@cveNotify |
|
| 2023-03-10 07:30:08 |
π¨ CVE-2023-0053SAUTER Controls Nova 200β220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.π@cveNotify |
|
| 2023-03-10 07:30:04 |
π¨ CVE-2023-25806OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. There is an observable discrepancy in the authentication response time between calls where the user provided exists and calls where it does not. This issue only affects calls using the internal basic identity provider (IdP), and not other externally configured IdPs. Patches were released in versions 1.3.9 and 2.6.0, there are no workarounds.π@cveNotify |
|
| 2023-03-10 07:30:03 |
π¨ CVE-2023-20085A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script in the context of the affected interface or access sensitive, browser-based information.π@cveNotify |
|
| 2023-03-10 07:30:02 |
π¨ CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.π@cveNotify |
|
| 2023-03-10 07:29:58 |
π¨ CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).π@cveNotify |
|
| 2023-03-10 07:29:57 |
π¨ CVE-2023-0461There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307cπ@cveNotify |
|
| 2023-03-10 07:29:56 |
π¨ CVE-2022-29718Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.π@cveNotify |
|
| 2023-03-10 07:29:55 |
π¨ CVE-2020-5001IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 192953.π@cveNotify |
|
| 2023-03-10 07:29:52 |
π¨ CVE-2020-5026IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662.π@cveNotify |
|
| 2023-03-10 07:29:51 |
π¨ CVE-2023-25544Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. A NetWorker server user with remote access to NetWorker clients may potentially exploit this vulnerability and may launch target-specific attacks.π@cveNotify |
|
| 2023-03-10 07:29:50 |
π¨ CVE-2023-26281IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. IBM X-Force ID: 248296.π@cveNotify |
|
| 2023-03-10 02:29:42 |
π¨ CVE-2022-41727An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.π@cveNotify |
|
| 2023-03-10 02:29:41 |
π¨ CVE-2023-27294Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar event, which would then be executed in other users' browsers if they browse to that event. This could result in stealing session tokens from users with higher permission levels or forcing users to make actions without their knowledge.π@cveNotify |
|
| 2023-03-10 02:29:38 |
π¨ CVE-2023-27293Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an authenticated user reviews the candidate's submission. This could be used to steal other usersβ cookies and force users to make actions without their knowledge.π@cveNotify |
|
| 2023-03-10 02:29:37 |
π¨ CVE-2021-34125An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.π@cveNotify |
|
| 2023-03-10 02:29:36 |
π¨ CVE-2022-3767Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.π@cveNotify |
|
| 2023-03-09 23:29:57 |
π¨ CVE-2023-20049A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.π@cveNotify |
|
| 2023-03-09 23:29:56 |
π¨ CVE-2022-3381An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sitesπ@cveNotify |
|
| 2023-03-09 23:29:55 |
π¨ CVE-2022-4289An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.π@cveNotify |
|
| 2023-03-09 23:29:54 |
π¨ CVE-2023-0223An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.π@cveNotify |
|
| 2023-03-09 23:29:50 |
π¨ CVE-2023-27202Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php.π@cveNotify |
|
| 2023-03-09 23:29:49 |
π¨ CVE-2023-27204Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.π@cveNotify |
|
| 2023-03-09 23:29:48 |
π¨ CVE-2023-27205Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php.π@cveNotify |
|
| 2023-03-09 23:29:44 |
π¨ CVE-2023-27206A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.π@cveNotify |
|
| 2023-03-09 23:29:43 |
π¨ CVE-2023-27208A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.π@cveNotify |
|
| 2023-03-09 23:29:42 |
π¨ CVE-2023-27210Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.π@cveNotify |
|
| 2023-03-09 23:29:41 |
π¨ CVE-2023-27211A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.π@cveNotify |
|
| 2023-03-09 23:29:37 |
π¨ CVE-2023-27213Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.π@cveNotify |
|
| 2023-03-09 23:29:36 |
π¨ CVE-2023-27483crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate.π@cveNotify |
|
| 2023-03-09 23:29:35 |
π¨ CVE-2023-27484crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround.π@cveNotify |
|
| 2023-03-09 21:29:53 |
π¨ CVE-2023-1180A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.π@cveNotify |
|
| 2023-03-09 21:29:52 |
π¨ CVE-2023-26486Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.π@cveNotify |
|
| 2023-03-09 21:29:51 |
π¨ CVE-2022-4317An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects.π@cveNotify |
|
| 2023-03-09 21:29:47 |
π¨ CVE-2023-0483An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site.π@cveNotify |
|
| 2023-03-09 21:29:46 |
π¨ CVE-2023-1287An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.π@cveNotify |
|
| 2023-03-09 21:29:42 |
π¨ CVE-2023-1288An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions.π@cveNotify |
|
| 2023-03-09 21:29:41 |
π¨ CVE-2022-29056A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.π@cveNotify |
|
| 2023-03-09 21:29:40 |
π¨ CVE-2023-1290A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Affected by this issue is some unknown functionality of the file admin/clients/view_client.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222644.π@cveNotify |
|
| 2023-03-09 21:29:37 |
π¨ CVE-2023-1291A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-09 21:29:36 |
π¨ CVE-2023-1293A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647.π@cveNotify |
|
| 2023-03-09 21:29:35 |
π¨ CVE-2023-26208A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.π@cveNotify |
|
| 2023-03-09 20:29:37 |
π¨ CVE-2023-1287An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.π@cveNotify |
|
| 2023-03-09 20:29:36 |
π¨ CVE-2023-25573metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-03-09 14:29:52 |
π¨ CVE-2023-1286Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.π@cveNotify |
|
| 2023-03-09 11:29:57 |
π¨ CVE-2023-27985emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.π@cveNotify |
|
| 2023-03-09 11:29:56 |
π¨ CVE-2023-27986emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.π@cveNotify |
|
| 2023-03-09 11:29:55 |
π¨ CVE-2023-1251Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.π@cveNotify |
|
| 2023-03-09 07:29:59 |
π¨ CVE-2023-26110All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.π@cveNotify |
|
| 2023-03-09 07:29:58 |
π¨ CVE-2023-26948onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.π@cveNotify |
|
| 2023-03-09 07:29:55 |
π¨ CVE-2023-0507Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible due to map attributions weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include a map attribution containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.π@cveNotify |
|
| 2023-03-09 07:29:54 |
π¨ CVE-2022-45608An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).π@cveNotify |
|
| 2023-03-09 07:29:53 |
π¨ CVE-2023-23000In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.π@cveNotify |
|
| 2023-03-09 01:30:07 |
π¨ CVE-2022-3162Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.π@cveNotify |
|
| 2023-03-09 01:30:06 |
π¨ CVE-2023-0460The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main Appβs ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious appβs ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store.π@cveNotify |
|
| 2023-03-09 01:30:05 |
π¨ CVE-2023-0594Grafana is an open-source platform for monitoring and observability. Starting with the 7.0 branch, Grafana had a stored XSS vulnerability in the trace view visualization. The stored XSS vulnerability was possible due the value of a span's attributes/resources were not properly sanitized and this will be rendered when the span's attributes/resources are expanded. An attacker needs to have the Editor role in order to change the value of a trace view visualization to contain JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.21, 9.2.13 and 9.3.8 to receive a fix.π@cveNotify |
|
| 2023-03-09 01:30:01 |
π¨ CVE-2023-25931Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.π@cveNotify |
|
| 2023-03-09 01:30:00 |
π¨ CVE-2018-25081** DISPUTED ** Bitwarden through 2023.2.1 offers password auto-fill within a cross-domain IFRAME element. NOTE: the vendor's position is that there have been important legitimate cross-domain configurations (e.g., an apple.com IFRAME element on the icloud.com website) and that "Auto-fill on page load" is not enabled by default.π@cveNotify |
|
| 2023-03-09 01:29:59 |
π¨ CVE-2023-23501The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory..π@cveNotify |
|
| 2023-03-09 01:29:55 |
π¨ CVE-2023-23496The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.π@cveNotify |
|
| 2023-03-09 01:29:54 |
π¨ CVE-2023-23497A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. An app may be able to gain root privileges.π@cveNotify |
|
| 2023-03-09 01:29:53 |
π¨ CVE-2022-4007A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.π@cveNotify |
|
| 2023-03-09 01:29:49 |
π¨ CVE-2023-0030A use-after-free flaw was found in the Linux kernelβs nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.π@cveNotify |
|
| 2023-03-09 01:29:48 |
π¨ CVE-2023-23498A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account.π@cveNotify |
|
| 2023-03-09 01:29:47 |
π¨ CVE-2023-23499This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.3. An app may be able to access user-sensitive data.π@cveNotify |
|
| 2023-03-08 23:29:50 |
π¨ CVE-2021-33351Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.π@cveNotify |
|
| 2023-03-08 23:29:49 |
π¨ CVE-2021-33352An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.π@cveNotify |
|
| 2023-03-08 23:29:46 |
π¨ CVE-2021-33353Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.π@cveNotify |
|
| 2023-03-08 23:29:45 |
π¨ CVE-2023-24777Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.π@cveNotify |
|
| 2023-03-08 23:29:44 |
π¨ CVE-2023-22889SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.π@cveNotify |
|
| 2023-03-08 23:29:43 |
π¨ CVE-2023-22890SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.π@cveNotify |
|
| 2023-03-08 23:29:39 |
π¨ CVE-2023-22892There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.π@cveNotify |
|
| 2023-03-08 23:29:38 |
π¨ CVE-2023-24782Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.π@cveNotify |
|
| 2023-03-08 23:29:37 |
π¨ CVE-2023-27477wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.π@cveNotify |
|
| 2023-03-08 22:29:52 |
π¨ CVE-2023-1276A vulnerability, which was classified as critical, has been found in SUL1SS_shop. This issue affects some unknown processing of the file application\merch\controller\Order.php. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222599.π@cveNotify |
|
| 2023-03-08 22:29:48 |
π¨ CVE-2023-1277A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600.π@cveNotify |
|
| 2023-03-08 22:29:47 |
π¨ CVE-2023-1278A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.π@cveNotify |
|
| 2023-03-08 22:29:46 |
π¨ CVE-2023-23760A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.π@cveNotify |
|
| 2023-03-08 22:29:45 |
π¨ CVE-2023-26956onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.π@cveNotify |
|
| 2023-03-08 22:29:44 |
π¨ CVE-2023-27486xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`.π@cveNotify |
|
| 2023-03-08 22:29:40 |
π¨ CVE-2023-1275A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-08 22:29:39 |
π¨ CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.π@cveNotify |
|
| 2023-03-08 22:29:38 |
π¨ CVE-2023-24773Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.π@cveNotify |
|
| 2023-03-08 20:30:04 |
π¨ CVE-2022-3884Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.π@cveNotify |
|
| 2023-03-08 20:30:03 |
π¨ CVE-2023-22995In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.π@cveNotify |
|
| 2023-03-08 20:30:02 |
π¨ CVE-2023-1275A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-08 20:29:59 |
π¨ CVE-2023-27482homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.π@cveNotify |
|
| 2023-03-08 20:29:58 |
π¨ CVE-2022-43945The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:Hπ@cveNotify |
|
| 2023-03-08 20:29:57 |
π¨ CVE-2023-1080The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βtabβ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-08 20:29:53 |
π¨ CVE-2022-46712A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges.π@cveNotify |
|
| 2023-03-08 20:29:52 |
π¨ CVE-2023-25768A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.π@cveNotify |
|
| 2023-03-08 20:29:51 |
π¨ CVE-2023-1055A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.π@cveNotify |
|
| 2023-03-08 20:29:48 |
π¨ CVE-2015-10086A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.π@cveNotify |
|
| 2023-03-08 20:29:47 |
π¨ CVE-2023-24830Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3.π@cveNotify |
|
| 2023-03-08 20:29:46 |
π¨ CVE-2023-26041Nextcloud Talk is a fully on-premises audio/video and chat communication service. When cron jobs were misconfigured and therefore messages are not expired, the API would still return them while they were then hidden by the frontend code. It is recommended that the Nextcloud Talk is upgraded to 15.0.3. There are no workaround available.π@cveNotify |
|
| 2023-03-08 18:29:50 |
π¨ CVE-2023-23524A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, tvOS 16.3.2, watchOS 9.3.1. Processing a maliciously crafted certificate may lead to a denial-of-service.π@cveNotify |
|
| 2023-03-08 18:29:43 |
π¨ CVE-2022-3792Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GullsEye GullsEye terminal operating system allows SQL Injection.This issue affects GullsEye terminal operating system: from unspecified before 5.0.13.π@cveNotify |
|
| 2023-03-08 18:29:42 |
π¨ CVE-2022-22668A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.π@cveNotify |
|
| 2023-03-08 16:29:56 |
π¨ CVE-2023-1214Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-08 16:29:55 |
π¨ CVE-2023-1215Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-08 16:29:54 |
π¨ CVE-2023-1217Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-08 16:29:53 |
π¨ CVE-2023-1218Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-08 16:29:50 |
π¨ CVE-2023-1219Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-03-08 16:29:49 |
π¨ CVE-2023-1221Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)π@cveNotify |
|
| 2023-03-08 16:29:48 |
π¨ CVE-2023-1223Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)π@cveNotify |
|
| 2023-03-08 16:29:44 |
π¨ CVE-2023-1224Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)π@cveNotify |
|
| 2023-03-08 16:29:43 |
π¨ CVE-2023-1225Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)π@cveNotify |
|
| 2023-03-08 16:29:42 |
π¨ CVE-2023-1228Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)π@cveNotify |
|
| 2023-03-08 16:29:38 |
π¨ CVE-2023-1230Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)π@cveNotify |
|
| 2023-03-08 16:29:37 |
π¨ CVE-2023-1232Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)π@cveNotify |
|
| 2023-03-08 16:29:36 |
π¨ CVE-2023-1233Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low)π@cveNotify |
|
| 2023-03-07 22:29:49 |
π¨ CVE-2023-27480XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually.π@cveNotify |
|
| 2023-03-07 22:29:48 |
π¨ CVE-2023-27485thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.π@cveNotify |
|
| 2023-03-07 22:29:44 |
π¨ CVE-2020-9846A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.π@cveNotify |
|
| 2023-03-07 22:29:43 |
π¨ CVE-2023-24249An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file.π@cveNotify |
|
| 2023-03-07 22:29:42 |
π¨ CVE-2023-1048A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.π@cveNotify |
|
| 2023-03-07 22:29:38 |
π¨ CVE-2022-48284A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.π@cveNotify |
|
| 2023-03-07 22:29:37 |
π¨ CVE-2022-48283A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.π@cveNotify |
|
| 2023-03-07 22:29:36 |
π¨ CVE-2023-26091The frp_form_answers (aka Forms Export) extension before 3.1.2, and 4.x before 4.0.2, for TYPO3 allows XSS via saved emails.π@cveNotify |
|
| 2023-03-07 20:29:36 |
π¨ CVE-2023-25605A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.π@cveNotify |
|
| 2023-03-07 18:29:55 |
π¨ CVE-2023-26039ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an OS Command Injection via daemonControl() in (/web/api/app/Controller/HostController.php). Any authenticated user can construct an api command to execute any shell command as the web user. This issue is patched in versions 1.36.33 and 1.37.33.π@cveNotify |
|
| 2023-03-07 18:29:54 |
π¨ CVE-2023-25816Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available.π@cveNotify |
|
| 2023-03-07 18:29:53 |
π¨ CVE-2021-4332The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.π@cveNotify |
|
| 2023-03-07 18:29:49 |
π¨ CVE-2021-4333The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-07 18:29:48 |
π¨ CVE-2022-4932The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.π@cveNotify |
|
| 2023-03-07 18:29:47 |
π¨ CVE-2023-1254A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484.π@cveNotify |
|
| 2023-03-07 18:29:43 |
π¨ CVE-2023-26953onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.π@cveNotify |
|
| 2023-03-07 18:29:42 |
π¨ CVE-2023-25690Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.π@cveNotify |
|
| 2023-03-07 18:29:41 |
π¨ CVE-2023-27522HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.π@cveNotify |
|
| 2023-03-07 18:29:37 |
π¨ CVE-2023-26780CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection.π@cveNotify |
|
| 2023-03-07 18:29:36 |
π¨ CVE-2016-15024A vulnerability was found in doomsider shadow. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. Attacking locally is a requirement. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 3332c5ba9ec3014ddc74e2147190a050eee97bc0. It is recommended to apply a patch to fix this issue. VDB-221478 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-07 15:30:03 |
π¨ CVE-2021-3329Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stackπ@cveNotify |
|
| 2023-03-07 15:29:59 |
π¨ CVE-2020-36667The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.π@cveNotify |
|
| 2023-03-07 15:29:58 |
π¨ CVE-2020-36668The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.π@cveNotify |
|
| 2023-03-07 15:29:57 |
π¨ CVE-2020-36669The JetBackup β WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-07 15:29:56 |
π¨ CVE-2021-44197Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.π@cveNotify |
|
| 2023-03-07 15:29:51 |
π¨ CVE-2021-4330The Envato Elements & Download and Template Kit β Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit β Import and versions up to and including 2.0.10 of Envato Elements & Download.π@cveNotify |
|
| 2023-03-07 15:29:50 |
π¨ CVE-2023-23109In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.π@cveNotify |
|
| 2023-03-07 15:29:49 |
π¨ CVE-2023-26955onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.π@cveNotify |
|
| 2023-03-07 15:29:48 |
π¨ CVE-2023-1237Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 15:29:47 |
π¨ CVE-2023-1238Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 15:29:46 |
π¨ CVE-2023-1239Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 15:29:45 |
π¨ CVE-2023-1240Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 15:29:44 |
π¨ CVE-2023-1241Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 15:29:42 |
π¨ CVE-2023-1242Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 15:29:41 |
π¨ CVE-2023-1243Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 15:29:39 |
π¨ CVE-2023-1244Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 15:29:37 |
π¨ CVE-2023-1245Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 15:29:36 |
π¨ CVE-2022-3760Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.π@cveNotify |
|
| 2023-03-07 12:29:52 |
π¨ CVE-2023-1247Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.π@cveNotify |
|
| 2023-03-07 12:29:49 |
π¨ CVE-2022-3760Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.π@cveNotify |
|
| 2023-03-07 12:29:48 |
π¨ CVE-2023-1237Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 12:29:47 |
π¨ CVE-2023-1239Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 12:29:46 |
π¨ CVE-2023-1240Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 12:29:43 |
π¨ CVE-2023-1241Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 12:29:42 |
π¨ CVE-2023-1242Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 12:29:41 |
π¨ CVE-2023-1244Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 12:29:40 |
π¨ CVE-2023-1245Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π@cveNotify |
|
| 2023-03-07 07:29:54 |
π¨ CVE-2023-22895The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product.π@cveNotify |
|
| 2023-03-07 07:29:53 |
π¨ CVE-2022-37454The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.π@cveNotify |
|
| 2023-03-07 07:29:51 |
π¨ CVE-2021-35370An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.π@cveNotify |
|
| 2023-03-07 07:29:50 |
π¨ CVE-2023-26103Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for splitting the Connection/Upgrade header. A specially crafted Connection/Upgrade header can be used to significantly slow down a web socket server.π@cveNotify |
|
| 2023-03-07 07:29:49 |
π¨ CVE-2022-40237IBM MQ for HPE NonStop 8.1.0 is vulnerable to a denial of service attack due to an error within the CCDT and channel synchronization logic. IBM X-Force ID: 235727.π@cveNotify |
|
| 2023-03-07 07:29:48 |
π¨ CVE-2023-22860IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.π@cveNotify |
|
| 2023-03-07 07:29:47 |
π¨ CVE-2022-44310In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.π@cveNotify |
|
| 2023-03-07 07:29:45 |
π¨ CVE-2023-23205An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.π@cveNotify |
|
| 2023-03-07 07:29:44 |
π¨ CVE-2023-26104All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.π@cveNotify |
|
| 2023-03-07 07:29:43 |
π¨ CVE-2023-25821Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available.π@cveNotify |
|
| 2023-03-07 07:29:42 |
π¨ CVE-2023-1033Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11.π@cveNotify |
|
| 2023-03-07 07:29:41 |
π¨ CVE-2021-35290File Upload vulnerability in balerocms-src 0.8.3 allows remote attackers to run arbitrary code via rich text editor on /admin/main/mod-blog page.π@cveNotify |
|
| 2023-03-07 07:29:40 |
π¨ CVE-2023-0481In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.π@cveNotify |
|
| 2023-03-07 07:29:39 |
π¨ CVE-2023-22847Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.π@cveNotify |
|
| 2023-03-07 07:29:38 |
π¨ CVE-2023-23554Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.π@cveNotify |
|
| 2023-03-07 02:30:51 |
π¨ CVE-2017-20181A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.π@cveNotify |
|
| 2023-03-07 02:30:49 |
π¨ CVE-2023-1211SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.π@cveNotify |
|
| 2023-03-07 02:30:48 |
π¨ CVE-2023-1212Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.π@cveNotify |
|
| 2023-03-07 02:30:46 |
π¨ CVE-2022-36369Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-07 02:30:45 |
π¨ CVE-2008-10004A vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-07 02:30:44 |
π¨ CVE-2019-8720A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.π@cveNotify |
|
| 2023-03-07 02:30:42 |
π¨ CVE-2021-20251A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.π@cveNotify |
|
| 2023-03-07 02:30:41 |
π¨ CVE-2021-36402In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.π@cveNotify |
|
| 2023-03-07 02:30:39 |
π¨ CVE-2021-36403In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.π@cveNotify |
|
| 2023-03-07 02:30:38 |
π¨ CVE-2022-3277An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.π@cveNotify |
|
| 2023-03-07 02:30:33 |
π¨ CVE-2022-3424A use-after-free flaw was found in the Linux kernelβs SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.π@cveNotify |
|
| 2023-03-07 02:30:31 |
π¨ CVE-2022-3707A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.π@cveNotify |
|
| 2023-03-07 02:30:30 |
π¨ CVE-2022-3854A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.π@cveNotify |
|
| 2023-03-07 02:30:27 |
π¨ CVE-2022-3857A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.π@cveNotify |
|
| 2023-03-07 02:30:26 |
π¨ CVE-2022-45141Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).π@cveNotify |
|
| 2023-03-07 02:30:24 |
π¨ CVE-2022-45142The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.π@cveNotify |
|
| 2023-03-07 02:30:22 |
π¨ CVE-2022-4134A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.π@cveNotify |
|
| 2023-03-07 02:30:20 |
π¨ CVE-2022-4904A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.π@cveNotify |
|
| 2023-03-07 02:30:15 |
π¨ CVE-2023-0330A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.π@cveNotify |
|
| 2023-03-07 02:30:11 |
π¨ CVE-2023-27891rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.π@cveNotify |
|
| 2023-03-06 22:30:02 |
π¨ CVE-2023-23939Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue.π@cveNotify |
|
| 2023-03-06 22:30:00 |
π¨ CVE-2023-26054BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`.π@cveNotify |
|
| 2023-03-06 22:29:59 |
π¨ CVE-2023-27472quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-03-06 22:29:58 |
π¨ CVE-2023-1026The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by category as long as those posts are published. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.π@cveNotify |
|
| 2023-03-06 22:29:57 |
π¨ CVE-2023-1027The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.π@cveNotify |
|
| 2023-03-06 22:29:56 |
π¨ CVE-2022-32570Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 22:29:54 |
π¨ CVE-2022-36348Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 22:29:53 |
π¨ CVE-2022-36794Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.π@cveNotify |
|
| 2023-03-06 22:29:52 |
π¨ CVE-2023-1028The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-03-06 22:29:51 |
π¨ CVE-2023-25431An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.π@cveNotify |
|
| 2023-03-06 22:29:48 |
π¨ CVE-2022-37329Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 22:29:47 |
π¨ CVE-2023-25432An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.π@cveNotify |
|
| 2023-03-06 22:29:46 |
π¨ CVE-2022-21163Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 22:29:44 |
π¨ CVE-2022-27808Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 22:29:43 |
π¨ CVE-2023-20932In onCreatePreferences of EditInfoFragment.java, there is a possible way to read contacts belonging to other users due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-248251018π@cveNotify |
|
| 2023-03-06 22:29:42 |
π¨ CVE-2022-36397Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 22:29:40 |
π¨ CVE-2022-33972Incorrect calculation in microcode keying mechanism for some 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable information disclosure via local access.π@cveNotify |
|
| 2023-03-06 22:29:39 |
π¨ CVE-2023-20933In several functions of MediaCodec.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-245860753π@cveNotify |
|
| 2023-03-06 22:29:38 |
π¨ CVE-2023-20934In resolveAttributionSource of ServiceUtilities.cpp, there is a possible way to disable the microphone privacy indicator due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-258672042π@cveNotify |
|
| 2023-03-06 22:29:37 |
π¨ CVE-2023-20939In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981π@cveNotify |
|
| 2023-03-06 20:30:03 |
π¨ CVE-2021-33224File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file.π@cveNotify |
|
| 2023-03-06 20:30:02 |
π¨ CVE-2023-25692Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.π@cveNotify |
|
| 2023-03-06 20:30:01 |
π¨ CVE-2022-34157Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 20:30:00 |
π¨ CVE-2023-25691Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0.π@cveNotify |
|
| 2023-03-06 20:29:56 |
π¨ CVE-2023-25169discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually.π@cveNotify |
|
| 2023-03-06 20:29:55 |
π¨ CVE-2023-23296Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault.π@cveNotify |
|
| 2023-03-06 20:29:54 |
π¨ CVE-2023-1009A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 20:29:53 |
π¨ CVE-2022-46440ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.π@cveNotify |
|
| 2023-03-06 20:29:49 |
π¨ CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.π@cveNotify |
|
| 2023-03-06 20:29:48 |
π¨ CVE-2022-45697Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory.π@cveNotify |
|
| 2023-03-06 20:29:47 |
π¨ CVE-2022-30704Improper initialization in the Intel(R) TXT SINIT ACM for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 20:29:43 |
π¨ CVE-2022-32231Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 20:29:42 |
π¨ CVE-2022-34849Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access.π@cveNotify |
|
| 2023-03-06 20:29:41 |
π¨ CVE-2022-26888Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.π@cveNotify |
|
| 2023-03-06 20:29:40 |
π¨ CVE-2021-33104Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.π@cveNotify |
|
| 2023-03-06 17:29:43 |
π¨ CVE-2023-24124Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-06 17:29:42 |
π¨ CVE-2023-24125Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-06 17:29:41 |
π¨ CVE-2023-24122Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-06 17:29:40 |
π¨ CVE-2023-24123Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-06 15:30:08 |
π¨ CVE-2022-4265The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated userπ@cveNotify |
|
| 2023-03-06 15:30:07 |
π¨ CVE-2022-4328The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the serverπ@cveNotify |
|
| 2023-03-06 15:30:06 |
π¨ CVE-2023-0063The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-06 15:30:05 |
π¨ CVE-2023-0064The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-06 15:30:04 |
π¨ CVE-2023-0065The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-06 15:30:00 |
π¨ CVE-2023-0068The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-06 15:29:59 |
π¨ CVE-2023-0069The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-06 15:29:58 |
π¨ CVE-2023-0076The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-06 15:29:57 |
π¨ CVE-2023-0078The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege usersπ@cveNotify |
|
| 2023-03-06 15:29:56 |
π¨ CVE-2023-0165The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-06 15:29:52 |
π¨ CVE-2023-0212The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-06 15:29:51 |
π¨ CVE-2023-0328The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).π@cveNotify |
|
| 2023-03-06 15:29:50 |
π¨ CVE-2022-32764Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-06 15:29:49 |
π¨ CVE-2023-0034The JetWidgets For Elementor WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-03-06 15:29:44 |
π¨ CVE-2019-14372In Libav 12.3, there is an infinite loop in the function wv_read_block_header() in the file wvdec.c.π@cveNotify |
|
| 2023-03-06 15:29:43 |
π¨ CVE-2017-20180A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 15:29:42 |
π¨ CVE-2022-3284Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.π@cveNotify |
|
| 2023-03-06 15:29:41 |
π¨ CVE-2022-4862Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.π@cveNotify |
|
| 2023-03-06 14:29:37 |
π¨ CVE-2022-2178Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saysis Computer Starcities. This issue affects Starcities: before 1.1.π@cveNotify |
|
| 2023-03-06 14:29:36 |
π¨ CVE-2022-3284Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.π@cveNotify |
|
| 2023-03-06 14:29:35 |
π¨ CVE-2022-4862Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.π@cveNotify |
|
| 2023-03-06 12:29:53 |
π¨ CVE-2023-0839Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.π@cveNotify |
|
| 2023-03-06 12:29:52 |
π¨ CVE-2023-1184A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356.π@cveNotify |
|
| 2023-03-06 12:29:51 |
π¨ CVE-2023-1185A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 12:29:50 |
π¨ CVE-2023-1186A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 12:29:49 |
π¨ CVE-2023-1187A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359.π@cveNotify |
|
| 2023-03-06 12:29:47 |
π¨ CVE-2023-1188A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is an unknown function in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360.π@cveNotify |
|
| 2023-03-06 12:29:46 |
π¨ CVE-2023-1189A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-222361 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 12:29:45 |
π¨ CVE-2023-1190A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 12:29:43 |
π¨ CVE-2023-1191A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363.π@cveNotify |
|
| 2023-03-06 12:29:42 |
π¨ CVE-2015-10093A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 12:29:40 |
π¨ CVE-2023-22856A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.π@cveNotify |
|
| 2023-03-06 12:29:39 |
π¨ CVE-2023-22857A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.π@cveNotify |
|
| 2023-03-06 12:29:38 |
π¨ CVE-2023-22858An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.π@cveNotify |
|
| 2023-03-06 12:29:36 |
π¨ CVE-2015-10092A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324.π@cveNotify |
|
| 2023-03-06 06:29:51 |
π¨ CVE-2022-44875KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.π@cveNotify |
|
| 2023-03-06 06:29:47 |
π¨ CVE-2023-26106All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.π@cveNotify |
|
| 2023-03-06 06:29:46 |
π¨ CVE-2023-26107All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.π@cveNotify |
|
| 2023-03-06 06:29:45 |
π¨ CVE-2023-26108Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.π@cveNotify |
|
| 2023-03-06 06:29:44 |
π¨ CVE-2023-23313Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.π@cveNotify |
|
| 2023-03-06 06:29:40 |
π¨ CVE-2023-27560Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.π@cveNotify |
|
| 2023-03-06 06:29:39 |
π¨ CVE-2021-32852Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.π@cveNotify |
|
| 2023-03-06 06:29:38 |
π¨ CVE-2022-4928A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The name of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 06:29:37 |
π¨ CVE-2022-4929A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The name of the patch is fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 06:29:36 |
π¨ CVE-2015-10091A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 02:29:46 |
π¨ CVE-2015-10090A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320.π@cveNotify |
|
| 2023-03-06 02:29:42 |
π¨ CVE-2023-22336Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.π@cveNotify |
|
| 2023-03-06 02:29:41 |
π¨ CVE-2023-22419Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.π@cveNotify |
|
| 2023-03-06 02:29:40 |
π¨ CVE-2023-22421Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.π@cveNotify |
|
| 2023-03-06 02:29:37 |
π¨ CVE-2023-22424Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.π@cveNotify |
|
| 2023-03-06 02:29:36 |
π¨ CVE-2023-22438Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.π@cveNotify |
|
| 2023-03-06 02:29:35 |
π¨ CVE-2023-25077Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.π@cveNotify |
|
| 2023-03-06 00:29:41 |
π¨ CVE-2023-26510Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.π@cveNotify |
|
| 2023-03-06 00:29:40 |
π¨ CVE-2023-27635debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.)π@cveNotify |
|
| 2023-03-06 00:29:39 |
π¨ CVE-2023-27641The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.π@cveNotify |
|
| 2023-03-06 00:29:38 |
π¨ CVE-2006-10001A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-06 00:29:37 |
π¨ CVE-2014-125092A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The name of the patch is e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323.π@cveNotify |
|
| 2023-03-06 00:29:36 |
π¨ CVE-2023-0734Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.π@cveNotify |
|
| 2023-03-05 22:29:38 |
π¨ CVE-2022-4927A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.π@cveNotify |
|
| 2023-03-05 22:29:37 |
π¨ CVE-2023-25719ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to execute malicious queries or as a denial-of-service vector. NOTE: this CVE Record is only about the parameters, such as the h parameter (this CVE Record is not about the separate issue of signed executable files that are supposed to have unique configurations across customers' installations).π@cveNotify |
|
| 2023-03-05 22:29:36 |
π¨ CVE-2021-40241xfig 3.2.7 is vulnerable to Buffer Overflow.π@cveNotify |
|
| 2023-03-05 19:29:35 |
π¨ CVE-2023-1181Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7.π@cveNotify |
|
| 2023-03-05 16:29:37 |
π¨ CVE-2015-10089A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291.π@cveNotify |
|
| 2023-03-05 12:29:37 |
π¨ CVE-2023-1179A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-05 12:29:36 |
π¨ CVE-2023-1180A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.π@cveNotify |
|
| 2023-03-05 06:29:40 |
π¨ CVE-2015-10088A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267.π@cveNotify |
|
| 2023-03-05 06:29:39 |
π¨ CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.π@cveNotify |
|
| 2023-03-05 06:29:38 |
π¨ CVE-2022-41323In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression.π@cveNotify |
|
| 2023-03-05 06:29:37 |
π¨ CVE-2008-10002A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The name of the patch is 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-05 06:29:36 |
π¨ CVE-2008-10003A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288.π@cveNotify |
|
| 2023-03-05 00:29:40 |
π¨ CVE-2014-125091A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268.π@cveNotify |
|
| 2023-03-04 21:29:46 |
π¨ CVE-2023-24751libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π@cveNotify |
|
| 2023-03-04 21:29:45 |
π¨ CVE-2023-24754libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π@cveNotify |
|
| 2023-03-04 21:29:44 |
π¨ CVE-2023-24755libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π@cveNotify |
|
| 2023-03-04 21:29:41 |
π¨ CVE-2023-24756libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.π@cveNotify |
|
| 2023-03-04 21:29:40 |
π¨ CVE-2023-25221Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.π@cveNotify |
|
| 2023-03-04 21:29:39 |
π¨ CVE-2020-36665A vulnerability was found in ArtesΓ£os SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-04 19:29:41 |
π¨ CVE-2020-36664A vulnerability has been found in ArtesΓ£os SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232.π@cveNotify |
|
| 2023-03-04 18:29:43 |
π¨ CVE-2023-1175Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.π@cveNotify |
|
| 2023-03-04 12:29:41 |
π¨ CVE-2020-36663A vulnerability, which was classified as problematic, was found in ArtesΓ£os SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231.π@cveNotify |
|
| 2023-03-04 07:30:16 |
π¨ CVE-2023-0230The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-03-04 07:30:14 |
π¨ CVE-2023-25233Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.π@cveNotify |
|
| 2023-03-04 07:30:13 |
π¨ CVE-2023-22998In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).π@cveNotify |
|
| 2023-03-04 07:30:12 |
π¨ CVE-2023-27292An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters.π@cveNotify |
|
| 2023-03-04 07:30:11 |
π¨ CVE-2023-27295Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. An attacker can exploit this issue by creating a dummy page that executes Javascript in an authenticated user's session when visited.π@cveNotify |
|
| 2023-03-04 07:30:10 |
π¨ CVE-2023-25234Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface.π@cveNotify |
|
| 2023-03-04 07:30:09 |
π¨ CVE-2023-25231Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface.π@cveNotify |
|
| 2023-03-04 07:30:05 |
π¨ CVE-2023-24128Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2 parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-04 07:30:04 |
π¨ CVE-2023-24129Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-04 07:30:03 |
π¨ CVE-2023-24130Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-04 07:30:02 |
π¨ CVE-2023-24131Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-04 07:30:01 |
π¨ CVE-2023-24133Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-04 07:29:57 |
π¨ CVE-2023-22767Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-04 07:29:56 |
π¨ CVE-2023-22768Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-04 07:29:55 |
π¨ CVE-2023-22763Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-04 07:29:54 |
π¨ CVE-2023-22764Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-04 07:29:53 |
π¨ CVE-2023-22765Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-04 07:29:48 |
π¨ CVE-2023-22762Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.π@cveNotify |
|
| 2023-03-04 07:29:43 |
π¨ CVE-2023-0331The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary files from the server.π@cveNotify |
|
| 2023-03-03 23:29:57 |
π¨ CVE-2023-23313Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.π@cveNotify |
|
| 2023-03-03 23:29:56 |
π¨ CVE-2023-26488OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.π@cveNotify |
|
| 2023-03-03 23:29:55 |
π¨ CVE-2023-26492Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.π@cveNotify |
|
| 2023-03-03 23:29:51 |
π¨ CVE-2022-46560D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan2Settings module.π@cveNotify |
|
| 2023-03-03 23:29:50 |
π¨ CVE-2022-46562D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module.π@cveNotify |
|
| 2023-03-03 23:29:46 |
π¨ CVE-2022-46566D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module.π@cveNotify |
|
| 2023-03-03 23:29:45 |
π¨ CVE-2022-46569D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Key parameter in the SetWLanRadioSecurity module.π@cveNotify |
|
| 2023-03-03 23:29:44 |
π¨ CVE-2022-46570D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetWan3Settings module.π@cveNotify |
|
| 2023-03-03 23:29:41 |
π¨ CVE-2022-37130In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerabilityπ@cveNotify |
|
| 2023-03-03 23:29:40 |
π¨ CVE-2018-20177rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution.π@cveNotify |
|
| 2023-03-03 23:29:39 |
π¨ CVE-2018-11516The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.π@cveNotify |
|
| 2023-03-03 21:29:43 |
π¨ CVE-2019-13513In Delta Industrial Automation DOPSoft, Version 4.00.06.15 and prior, processing a specially crafted project file may trigger multiple out-of-bounds read vulnerabilities, which may allow information disclosure, remote code execution, or crash of the application.π@cveNotify |
|
| 2023-03-03 21:29:42 |
π¨ CVE-2018-2028IBM Maximo Asset Management 7.6 could allow a an authenticated user to replace a target page with a phishing site which could allow the attacker to obtain highly sensitive information. IBM X-Force ID: 155554.π@cveNotify |
|
| 2023-03-03 20:30:13 |
π¨ CVE-2022-36537ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.π@cveNotify |
|
| 2023-03-03 20:30:12 |
π¨ CVE-2022-0480A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.π@cveNotify |
|
| 2023-03-03 20:30:11 |
π¨ CVE-2022-41322In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.π@cveNotify |
|
| 2023-03-03 20:30:10 |
π¨ CVE-2009-1956Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.π@cveNotify |
|
| 2023-03-03 20:30:09 |
π¨ CVE-2020-18693Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attackers to execute arbitrary code by injecting malicious code into the 'Title' field of the component '/admin/news'.π@cveNotify |
|
| 2023-03-03 20:30:05 |
π¨ CVE-2019-13111A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 allows an attacker to cause a denial of service (large heap allocation followed by a very long running loop) via a crafted WEBP image file.π@cveNotify |
|
| 2023-03-03 20:30:04 |
π¨ CVE-2019-14347Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script.π@cveNotify |
|
| 2023-03-03 20:30:03 |
π¨ CVE-2020-27784A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free().π@cveNotify |
|
| 2023-03-03 20:30:02 |
π¨ CVE-2019-14529OpenEMR before 5.0.2 allows SQL Injection in interface/forms/eye_mag/save.php.π@cveNotify |
|
| 2023-03-03 20:30:01 |
π¨ CVE-2019-14524An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465.π@cveNotify |
|
| 2023-03-03 20:29:57 |
π¨ CVE-2015-7559It was found that the Apache ActiveMQ client before 5.15.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.π@cveNotify |
|
| 2023-03-03 20:29:56 |
π¨ CVE-2019-14459nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c that can be abused in order to crash the process remotely (denial of service).π@cveNotify |
|
| 2023-03-03 20:29:55 |
π¨ CVE-2019-15141WriteTIFFImage in coders/tiff.c in ImageMagick 7.0.8-43 Q16 allows attackers to cause a denial-of-service (application crash resulting from a heap-based buffer over-read) via a crafted TIFF image file, related to TIFFRewriteDirectory, TIFFWriteDirectory, TIFFWriteDirectorySec, and TIFFWriteDirectoryTagColormap in tif_dirwrite.c of LibTIFF. NOTE: this occurs because of an incomplete fix for CVE-2019-11597.π@cveNotify |
|
| 2023-03-03 20:29:54 |
π¨ CVE-2019-13512Fuji Electric FRENIC Loader 3.5.0.0 and prior is vulnerable to an out-of-bounds read vulnerability, which may allow an attacker to read limited information from the device.π@cveNotify |
|
| 2023-03-03 20:29:53 |
π¨ CVE-2019-15108An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.π@cveNotify |
|
| 2023-03-03 20:29:49 |
π¨ CVE-2019-3417All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system.π@cveNotify |
|
| 2023-03-03 20:29:48 |
π¨ CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.π@cveNotify |
|
| 2023-03-03 20:29:47 |
π¨ CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.π@cveNotify |
|
| 2023-03-03 20:29:46 |
π¨ CVE-2022-48285loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.π@cveNotify |
|
| 2023-03-03 18:29:53 |
π¨ CVE-2022-2837A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains (TLD) to a pod they control by creating projects and namespaces that match the TLD.π@cveNotify |
|
| 2023-03-03 18:29:49 |
π¨ CVE-2022-41862In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.π@cveNotify |
|
| 2023-03-03 18:29:48 |
π¨ CVE-2022-4645LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.π@cveNotify |
|
| 2023-03-03 18:29:47 |
π¨ CVE-2023-20061Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. π@cveNotify |
|
| 2023-03-03 18:29:46 |
π¨ CVE-2023-20062Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. π@cveNotify |
|
| 2023-03-03 18:29:45 |
π¨ CVE-2023-20069 A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. π@cveNotify |
|
| 2023-03-03 18:29:41 |
π¨ CVE-2023-20078Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. π@cveNotify |
|
| 2023-03-03 18:29:40 |
π¨ CVE-2023-20079Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. π@cveNotify |
|
| 2023-03-03 18:29:39 |
π¨ CVE-2023-20088 A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition. π@cveNotify |
|
| 2023-03-03 18:29:38 |
π¨ CVE-2023-20104 A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending an arbitrary file to a user and persuading that user to browse to a specific URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. π@cveNotify |
|
| 2023-03-03 18:29:37 |
π¨ CVE-2023-26604systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.π@cveNotify |
|
| 2023-03-03 16:30:16 |
π¨ CVE-2020-11077In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.π@cveNotify |
|
| 2023-03-03 16:30:15 |
π¨ CVE-2023-24081Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the reason and location fields of the visits listing page.π@cveNotify |
|
| 2023-03-03 16:30:14 |
π¨ CVE-2020-13388An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.π@cveNotify |
|
| 2023-03-03 16:30:12 |
π¨ CVE-2022-24697Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of β-- conf=β to inject any operating system command into the command line parameters. This vulnerability affects Kylin 2 version 2.6.5 and earlier, Kylin 3 version 3.1.2 and earlier, and Kylin 4 version 4.0.1 and earlier.π@cveNotify |
|
| 2023-03-03 16:30:10 |
π¨ CVE-2020-28367Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.π@cveNotify |
|
| 2023-03-03 16:30:09 |
π¨ CVE-2019-16255Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.π@cveNotify |
|
| 2023-03-03 16:30:07 |
π¨ CVE-2019-14246In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to discover phpMyAdmin passwords (of any user in /etc/passwd) via an attacker account.π@cveNotify |
|
| 2023-03-03 16:30:06 |
π¨ CVE-2019-14245In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete databases (such as oauthv2) from the server via an attacker account.π@cveNotify |
|
| 2023-03-03 16:30:05 |
π¨ CVE-2019-18676An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme.π@cveNotify |
|
| 2023-03-03 16:30:03 |
π¨ CVE-2019-14513Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.π@cveNotify |
|
| 2023-03-03 16:30:01 |
π¨ CVE-2021-4325A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-03 16:30:00 |
π¨ CVE-2022-38779An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.π@cveNotify |
|
| 2023-03-03 16:29:59 |
π¨ CVE-2023-20855VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.π@cveNotify |
|
| 2023-03-03 16:29:58 |
π¨ CVE-2023-20858VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.π@cveNotify |
|
| 2023-03-03 16:29:57 |
π¨ CVE-2020-35137** DISPUTED ** The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. NOTE: Vendor states that this is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, they do not plan change to make any changes to this feature.π@cveNotify |
|
| 2023-03-03 16:29:53 |
π¨ CVE-2022-45551An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint.π@cveNotify |
|
| 2023-03-03 16:29:52 |
π¨ CVE-2022-45552An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.π@cveNotify |
|
| 2023-03-03 16:29:51 |
π¨ CVE-2022-45553An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.π@cveNotify |
|
| 2023-03-03 16:29:50 |
π¨ CVE-2023-27560Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop with composite primefields.π@cveNotify |
|
| 2023-03-03 16:29:49 |
π¨ CVE-2023-0577Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.π@cveNotify |
|
| 2023-03-03 11:29:54 |
π¨ CVE-2023-1165A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-03 11:29:53 |
π¨ CVE-2023-0577Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.π@cveNotify |
|
| 2023-03-03 11:29:49 |
π¨ CVE-2023-0578Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05.π@cveNotify |
|
| 2023-03-03 11:29:48 |
π¨ CVE-2023-1162A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-03 11:29:47 |
π¨ CVE-2023-1163A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259.π@cveNotify |
|
| 2023-03-03 11:29:46 |
π¨ CVE-2023-27560Math/PrimeField.php in phpseclib through 2.0.41 has an infinite loop with composite primefields.π@cveNotify |
|
| 2023-03-03 07:29:59 |
π¨ CVE-2019-14443An issue was discovered in Libav 12.3. Division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv.π@cveNotify |
|
| 2023-03-03 07:29:57 |
π¨ CVE-2019-14442In mpc8_read_header in libavformat/mpc8.c in Libav 12.3, an input file can result in an avio_seek infinite loop and hang, with 100% CPU consumption. Attackers could leverage this vulnerability to cause a denial of service via a crafted file.π@cveNotify |
|
| 2023-03-03 07:29:56 |
π¨ CVE-2020-12000The affected product is vulnerable to the handling of serialized data. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.π@cveNotify |
|
| 2023-03-03 07:29:54 |
π¨ CVE-2019-14431In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message.π@cveNotify |
|
| 2023-03-03 07:29:52 |
π¨ CVE-2020-13964An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.π@cveNotify |
|
| 2023-03-03 07:29:51 |
π¨ CVE-2020-13428A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.π@cveNotify |
|
| 2023-03-03 07:29:49 |
π¨ CVE-2020-0202In onHandleIntent of TraceService.java, there is a possible bypass of developer settings requirements for capturing system traces due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-11 Android ID: A-142936525π@cveNotify |
|
| 2023-03-03 07:29:48 |
π¨ CVE-2020-0215In onCreate of ConfirmConnectActivity.java, there is a possible leak of Bluetooth information due to a permissions bypass. This could lead to local escalation of privilege that exposes a pairing Bluetooth MAC address with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1 Android ID: A-140417248π@cveNotify |
|
| 2023-03-03 01:29:53 |
π¨ CVE-2022-26841Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access.π@cveNotify |
|
| 2023-03-03 01:29:52 |
π¨ CVE-2022-26843Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.π@cveNotify |
|
| 2023-03-03 01:29:48 |
π¨ CVE-2023-26242afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.π@cveNotify |
|
| 2023-03-03 01:29:47 |
π¨ CVE-2014-125089A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-03 01:29:46 |
π¨ CVE-2022-40633A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks.π@cveNotify |
|
| 2023-03-03 01:29:44 |
π¨ CVE-2023-26265The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.π@cveNotify |
|
| 2023-03-03 01:29:43 |
π¨ CVE-2015-10082A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499.π@cveNotify |
|
| 2023-03-03 01:29:42 |
π¨ CVE-2023-26266In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.π@cveNotify |
|
| 2023-03-03 01:29:41 |
π¨ CVE-2015-10085A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-03-02 23:29:54 |
π¨ CVE-2023-25158GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.π@cveNotify |
|
| 2023-03-02 23:29:53 |
π¨ CVE-2023-25657Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being βdjangoβ for the Django built-in template engine, and the second being βjinjaβ for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict βchangeβ (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.*π@cveNotify |
|
| 2023-03-02 23:29:52 |
π¨ CVE-2023-0656A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash.π@cveNotify |
|
| 2023-03-02 23:29:51 |
π¨ CVE-2023-1101SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes.π@cveNotify |
|
| 2023-03-02 23:29:47 |
π¨ CVE-2022-41073Windows Print Spooler Elevation of Privilege Vulnerability.π@cveNotify |
|
| 2023-03-02 23:29:46 |
π¨ CVE-2022-41091Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.π@cveNotify |
|
| 2023-03-02 23:29:45 |
π¨ CVE-2022-41128Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.π@cveNotify |
|
| 2023-03-02 23:29:43 |
π¨ CVE-2022-41040Microsoft Exchange Server Elevation of Privilege Vulnerability.π@cveNotify |
|
| 2023-03-02 23:29:39 |
π¨ CVE-2022-41082Microsoft Exchange Server Remote Code Execution Vulnerability.π@cveNotify |
|
| 2023-03-02 23:29:38 |
π¨ CVE-2023-25810Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-03-02 23:29:37 |
π¨ CVE-2022-46501Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function.π@cveNotify |
|
| 2023-03-02 23:29:36 |
π¨ CVE-2023-22381A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a Windows based runner. To exploit this vulnerability, an attacker would need existing permission to control the value of environment variables for use with GitHub Actions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.8.0 and was fixed in versions 3.4.15, 3.5.12, 3.6.8, 3.7.5. This vulnerability was reported via the GitHub Bug Bounty program.π@cveNotify |
|
| 2023-03-02 22:30:24 |
π¨ CVE-2023-26471XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`.π@cveNotify |
|
| 2023-03-02 22:30:19 |
π¨ CVE-2023-26472XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having edit right. The issue has been patched in XWiki 14.9, 14.4.6, and 13.10.10. An available workaround is to fix the bug in the page `IconThemesCode.IconThemeSheet` by applying a modification from commit 48caf7491595238af2b531026a614221d5d61f38.π@cveNotify |
|
| 2023-03-02 22:30:13 |
π¨ CVE-2023-26473XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.π@cveNotify |
|
| 2023-03-02 22:30:09 |
π¨ CVE-2023-26474XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.π@cveNotify |
|
| 2023-03-02 22:30:05 |
π¨ CVE-2023-26475XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade.π@cveNotify |
|
| 2023-03-02 22:30:01 |
π¨ CVE-2023-26476XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`.π@cveNotify |
|
| 2023-03-02 22:29:58 |
π¨ CVE-2023-0949Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.π@cveNotify |
|
| 2023-03-02 22:29:57 |
π¨ CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.π@cveNotify |
|
| 2023-03-02 22:29:55 |
π¨ CVE-2023-24108MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.π@cveNotify |
|
| 2023-03-02 22:29:53 |
π¨ CVE-2023-24107hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.π@cveNotify |
|
| 2023-03-02 22:29:52 |
π¨ CVE-2023-0947Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.π@cveNotify |
|
| 2023-03-02 22:29:51 |
π¨ CVE-2022-44216Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.π@cveNotify |
|
| 2023-03-02 22:29:44 |
π¨ CVE-2021-32851Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1π@cveNotify |
|
| 2023-03-02 22:29:41 |
π¨ CVE-2021-32850jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6.π@cveNotify |
|
| 2023-03-02 20:29:49 |
π¨ CVE-2021-42521There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.π@cveNotify |
|
| 2023-03-02 20:29:48 |
π¨ CVE-2019-3418All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by cross-site scripting vulnerability (XSS). Due to incomplete input validation, an authorized user can exploit this vulnerability to execute malicious scripts.π@cveNotify |
|
| 2023-03-02 20:29:47 |
π¨ CVE-2019-15081OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages.π@cveNotify |
|
| 2023-03-02 20:29:45 |
π¨ CVE-2018-17790Prospecta Master Data Online (MDO) 2.0 has Stored XSS.π@cveNotify |
|
| 2023-03-02 20:29:44 |
π¨ CVE-2019-14934An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write.π@cveNotify |
|
| 2023-03-02 20:29:43 |
π¨ CVE-2019-14980In ImageMagick 7.x before 7.0.8-42 and 6.x before 6.9.10-42, there is a use after free vulnerability in the UnmapBlob function that allows an attacker to cause a denial of service by sending a crafted file.π@cveNotify |
|
| 2023-03-02 20:29:41 |
π¨ CVE-2019-13417Search Guard versions before 24.0 had an issue that field caps and mapping API leak field names (but not values) for fields which are not allowed for the user when field level security (FLS) is activated.π@cveNotify |
|
| 2023-03-02 20:29:40 |
π¨ CVE-2019-13418Search Guard versions before 24.0 had an issue that values of string arrays in documents are not properly anonymized.π@cveNotify |
|
| 2023-03-02 20:29:39 |
π¨ CVE-2019-15052The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007.π@cveNotify |
|
| 2023-03-02 20:29:38 |
π¨ CVE-2019-15120The Kunena extension before 5.1.14 for Joomla! allows XSS via BBCode.π@cveNotify |
|
| 2023-03-02 18:29:38 |
π¨ CVE-2023-22920A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. A remote attacker could leverage this vulnerability to access an affected device using Telnet.π@cveNotify |
|
| 2023-03-02 18:29:37 |
π¨ CVE-2023-22984A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.π@cveNotify |
|
| 2023-03-02 16:29:50 |
π¨ CVE-2022-34843Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-02 16:29:48 |
π¨ CVE-2022-32575Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-02 16:29:47 |
π¨ CVE-2022-36398Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-02 16:29:46 |
π¨ CVE-2022-36278Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-02 16:29:44 |
π¨ CVE-2022-34153Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-02 16:29:43 |
π¨ CVE-2023-23315The PrestaShop e-commerce platform module stripejs contains a Blind SQL injection vulnerability up to version 4.5.5. The method `stripejsValidationModuleFrontController::initContent()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.π@cveNotify |
|
| 2023-03-02 16:29:41 |
π¨ CVE-2023-27372SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.π@cveNotify |
|
| 2023-03-02 16:29:40 |
π¨ CVE-2021-33226** DISPUTED ** Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval inputπ@cveNotify |
|
| 2023-03-02 16:29:39 |
π¨ CVE-2022-41973multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.π@cveNotify |
|
| 2023-03-02 16:29:37 |
π¨ CVE-2022-41974multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.π@cveNotify |
|
| 2023-03-02 16:29:36 |
π¨ CVE-2022-29523Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.π@cveNotify |
|
| 2023-03-02 16:16:50 |
https://t.me/malwr |
|
| 2023-03-02 13:29:44 |
π¨ CVE-2021-3854Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection. This issue affects Useroam Hotspot: before 5.1.0.15.π@cveNotify |
|
| 2023-03-02 12:29:43 |
π¨ CVE-2021-45478Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.This issue affects Library Automation System: before 19.2.π@cveNotify |
|
| 2023-03-02 12:29:42 |
π¨ CVE-2021-45479Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2.π@cveNotify |
|
| 2023-03-02 12:29:41 |
π¨ CVE-2023-1151A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163.π@cveNotify |
|
| 2023-03-02 07:29:57 |
π¨ CVE-2023-0196NVIDIA CUDA Toolkit SDK contains a bug in cuobjdump, where a local user running the tool against an ill-formed binary may cause a null- pointer dereference, which may result in a limited denial of service.π@cveNotify |
|
| 2023-03-02 07:29:56 |
π¨ CVE-2023-0228Improper Authentication vulnerability in ABB Symphony Plus S+ Operations allows Man in the Middle Attack.This issue affects Symphony Plus S+ Operations: from 2.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2.π@cveNotify |
|
| 2023-03-02 07:29:55 |
π¨ CVE-2023-1106Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3.π@cveNotify |
|
| 2023-03-02 07:29:54 |
π¨ CVE-2023-1107Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.π@cveNotify |
|
| 2023-03-02 07:29:51 |
π¨ CVE-2023-0739Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4.π@cveNotify |
|
| 2023-03-02 07:29:50 |
π¨ CVE-2023-0678Missing Authorization in GitHub repository phpipam/phpipam prior to v1.5.1.π@cveNotify |
|
| 2023-03-02 07:29:49 |
π¨ CVE-2023-0566Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in froxlor/froxlor prior to 2.0.10.π@cveNotify |
|
| 2023-03-02 07:29:48 |
π¨ CVE-2023-0298Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.π@cveNotify |
|
| 2023-03-02 07:29:44 |
π¨ CVE-2022-4803Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.π@cveNotify |
|
| 2023-03-02 07:29:43 |
π¨ CVE-2023-0053SAUTER Controls Nova 200β220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system.π@cveNotify |
|
| 2023-03-02 07:29:39 |
π¨ CVE-2023-26046teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.π@cveNotify |
|
| 2023-03-02 07:29:38 |
π¨ CVE-2022-4798Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.π@cveNotify |
|
| 2023-03-02 07:29:37 |
π¨ CVE-2022-4811Incorrect Authorization in GitHub repository usememos/memos prior to 0.9.1.π@cveNotify |
|
| 2023-03-02 00:29:50 |
π¨ CVE-2020-5026IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 193662.π@cveNotify |
|
| 2023-03-02 00:29:49 |
π¨ CVE-2023-22738vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Assigning existing users to a different organizations is currently possible. It may lead to unintended access: if a user from organization A is accidentally assigned to organization B, they will retain their permissions and therefore might be able to access stuff they should not be allowed to access. This issue is patched in version 3.8.0.π@cveNotify |
|
| 2023-03-02 00:29:48 |
π¨ CVE-2023-24117Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-02 00:29:44 |
π¨ CVE-2023-24119Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-02 00:29:43 |
π¨ CVE-2023-24120Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wrlEn_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-02 00:29:42 |
π¨ CVE-2023-24122Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-02 00:29:38 |
π¨ CVE-2023-24123Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-02 00:29:37 |
π¨ CVE-2023-24125Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey2_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-02 00:29:36 |
π¨ CVE-2023-24127Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1 parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-01 22:30:04 |
π¨ CVE-2023-24129Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey4 parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-01 22:30:03 |
π¨ CVE-2023-24130Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-01 22:30:01 |
π¨ CVE-2023-24131Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey1_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-01 22:30:00 |
π¨ CVE-2023-24132Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-01 22:29:59 |
π¨ CVE-2023-24133Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey_5g parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-01 22:29:57 |
π¨ CVE-2023-24134Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepkey3 parameter at /goform/WifiBasicSet.π@cveNotify |
|
| 2023-03-01 22:29:56 |
π¨ CVE-2022-3162Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.π@cveNotify |
|
| 2023-03-01 22:29:55 |
π¨ CVE-2022-3294Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.π@cveNotify |
|
| 2023-03-01 22:29:53 |
π¨ CVE-2022-48309A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.π@cveNotify |
|
| 2023-03-01 22:29:52 |
π¨ CVE-2022-48310An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.π@cveNotify |
|
| 2023-03-01 22:29:51 |
π¨ CVE-2022-4901Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the victim.π@cveNotify |
|
| 2023-03-01 22:29:49 |
π¨ CVE-2023-1127Divide By Zero in GitHub repository vim/vim prior to 9.0.1367.π@cveNotify |
|
| 2023-03-01 22:29:48 |
π¨ CVE-2023-23000In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.π@cveNotify |
|
| 2023-03-01 22:29:46 |
π¨ CVE-2023-1097Baicells EG7035-M11 devices with firmware through BCE-ODU-1.0.8 are vulnerable to improper code exploitation via HTTP GET command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods have been tested and validated by a 3rd party analyst and have been confirmed exploitable special thanks to Lionel Musonza for the discovery.π@cveNotify |
|
| 2023-03-01 22:29:45 |
π¨ CVE-2022-34864Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-03-01 22:29:43 |
π¨ CVE-2022-1652Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.π@cveNotify |
|
| 2023-03-01 22:29:41 |
π¨ CVE-2022-1786A use-after-free flaw was found in the Linux kernelβs io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.π@cveNotify |
|
| 2023-03-01 22:29:40 |
π¨ CVE-2022-0995An out-of-bounds (OOB) memory write flaw was found in the Linux kernelβs watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.π@cveNotify |
|
| 2023-03-01 22:29:39 |
π¨ CVE-2022-0998An integer overflow flaw was found in the Linux kernelβs virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.π@cveNotify |
|
| 2023-03-01 22:29:37 |
π¨ CVE-2022-0500A flaw was found in unrestricted eBPF usage by the BPF_BTF_LOAD, leading to a possible out-of-bounds memory write in the Linux kernelβs BPF subsystem due to the way a user loads BTF. This flaw allows a local user to crash or escalate their privileges on the system.π@cveNotify |
|
| 2023-03-01 20:30:07 |
π¨ CVE-2020-15175In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in β/files/β. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2.π@cveNotify |
|
| 2023-03-01 20:30:06 |
π¨ CVE-2020-5421In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.π@cveNotify |
|
| 2023-03-01 20:30:05 |
π¨ CVE-2015-5361Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.? Note that the ftps-extensions option is not enabled by default.π@cveNotify |
|
| 2023-03-01 20:30:04 |
π¨ CVE-2022-3594A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211363.π@cveNotify |
|
| 2023-03-01 20:30:03 |
π¨ CVE-2018-19615Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted userΓ’??s web browser to gain access to the affected device.π@cveNotify |
|
| 2023-03-01 20:29:58 |
π¨ CVE-2020-5511PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page.π@cveNotify |
|
| 2023-03-01 20:29:57 |
π¨ CVE-2019-10433Jenkins Dingding[??] Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.π@cveNotify |
|
| 2023-03-01 20:29:56 |
π¨ CVE-2019-1566The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.π@cveNotify |
|
| 2023-03-01 20:29:55 |
π¨ CVE-2019-11119Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.π@cveNotify |
|
| 2023-03-01 20:29:51 |
π¨ CVE-2022-40232IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.π@cveNotify |
|
| 2023-03-01 20:29:50 |
π¨ CVE-2021-32848Octobox is software for managing GitHub notifications. Prior to pull request (PR) 2807, a user of the system can provide a specifically crafted search query string that will trigger a ReDoS vulnerability. This issue is fixed in PR 2807.π@cveNotify |
|
| 2023-03-01 20:29:49 |
π¨ CVE-2023-0460The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. This allows the client app to remotely load code from YouTube Main App by retrieving the Main Appβs ClassLoader. A potential vulnerability in the binding logic used by the client SDK where the SDK ends up calling bindService() on a malicious app rather than YT Main App. This creates a vulnerability where the SDK can load the malicious appβs ClassLoader instead, allowing the malicious app to load arbitrary code into the calling app whenever the embedded SDK is invoked. In order to trigger this vulnerability, an attacker must masquerade the Youtube app and install it on a device, have a second app that uses the Embedded player and typically distribute both to the victim outside of the Play Store.π@cveNotify |
|
| 2023-03-01 20:29:48 |
π¨ CVE-2022-30632Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.π@cveNotify |
|
| 2023-03-01 20:29:44 |
π¨ CVE-2022-30633Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.π@cveNotify |
|
| 2023-03-01 20:29:43 |
π¨ CVE-2019-6116In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.π@cveNotify |
|
| 2023-03-01 20:29:42 |
π¨ CVE-2019-6128The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.π@cveNotify |
|
| 2023-03-01 20:29:41 |
π¨ CVE-2022-30631Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.π@cveNotify |
|
| 2023-03-01 15:29:43 |
π¨ CVE-2023-1115Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.π@cveNotify |
|
| 2023-03-01 15:29:42 |
π¨ CVE-2023-1116Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.π@cveNotify |
|
| 2023-03-01 15:29:41 |
π¨ CVE-2023-1117Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.π@cveNotify |
|
| 2023-03-01 15:29:40 |
π¨ CVE-2021-34164Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.π@cveNotify |
|
| 2023-03-01 15:29:39 |
π¨ CVE-2021-46853Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.π@cveNotify |
|
| 2023-03-01 15:29:38 |
π¨ CVE-2022-39353xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. xmldom parses XML that is not well-formed because it contains multiple top level elements, and adds all root nodes to the `childNodes` collection of the `Document`, without reporting any error or throwing. This breaks the assumption that there is only a single root node in the tree, which led to issuance of CVE-2022-39299 as it is a potential issue for dependents. Update to @xmldom/xmldom@~0.7.7, @xmldom/xmldom@~0.8.4 (dist-tag latest) or @xmldom/xmldom@>=0.9.0-beta.4 (dist-tag next). As a workaround, please one of the following approaches depending on your use case: instead of searching for elements in the whole DOM, only search in the `documentElement`or reject a document with a document that has more then 1 `childNode`.π@cveNotify |
|
| 2023-03-01 07:30:11 |
π¨ CVE-2022-4564A vulnerability classified as problematic has been found in University of Central Florida Materia up to 9.0.0. This affects the function before of the file fuel/app/classes/controller/api.php of the component API Controller. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 9.0.1-alpha1 is able to address this issue. The name of the patch is af259115d2e8f17068e61902151ee8a9dbac397b. It is recommended to upgrade the affected component. The identifier VDB-215973 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-01 07:30:10 |
π¨ CVE-2017-18559The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues.π@cveNotify |
|
| 2023-03-01 07:30:09 |
π¨ CVE-2015-9297The events-manager plugin before 5.6 for WordPress has XSS.π@cveNotify |
|
| 2023-03-01 07:30:08 |
π¨ CVE-2022-4560A vulnerability was found in Joget up to 7.0.31. It has been rated as problematic. This issue affects the function getInternalJsCssLib of the file wflow-core/src/main/java/org/joget/plugin/enterprise/UniversalTheme.java of the component wflow-core. The manipulation of the argument key leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 7.0.32 is able to address this issue. The name of the patch is ecf8be8f6f0cb725c18536ddc726d42a11bdaa1b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-215963.π@cveNotify |
|
| 2023-03-01 07:30:07 |
π¨ CVE-2022-4525A vulnerability has been found in National Sleep Research Resource sleepdata.org up to 58.x and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 59.0.0.rc is able to address this issue. The name of the patch is da44a3893b407087829b006d09339780919714cd. It is recommended to upgrade the affected component. The identifier VDB-215905 was assigned to this vulnerability.π@cveNotify |
|
| 2023-03-01 07:30:02 |
π¨ CVE-2022-4524A vulnerability, which was classified as problematic, was found in Roots soil Plugin up to 4.0.x. Affected is the function language_attributes of the file src/Modules/CleanUpModule.php. The manipulation of the argument language leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.1.0 is able to address this issue. The name of the patch is 0c9151e00ab047da253e5cdbfccb204dd423269d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-215904.π@cveNotify |
|
| 2023-03-01 07:30:01 |
π¨ CVE-2014-10377The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php.π@cveNotify |
|
| 2023-03-01 07:30:00 |
π¨ CVE-2016-10884The simple-membership plugin before 3.3.3 for WordPress has multiple CSRF issues.π@cveNotify |
|
| 2023-03-01 07:29:59 |
π¨ CVE-2015-9308The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature.π@cveNotify |
|
| 2023-03-01 07:29:55 |
π¨ CVE-2015-9307The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature.π@cveNotify |
|
| 2023-03-01 07:29:53 |
π¨ CVE-2022-45378** UNSUPPPORTED WHEN ASSIGNED **In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π@cveNotify |
|
| 2023-03-01 07:29:52 |
π¨ CVE-2017-1002157modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.π@cveNotify |
|
| 2023-03-01 07:29:51 |
π¨ CVE-2017-1002152Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.π@cveNotify |
|
| 2023-03-01 07:29:47 |
π¨ CVE-2023-1103Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.π@cveNotify |
|
| 2023-03-01 07:29:46 |
π¨ CVE-2023-1104Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3.π@cveNotify |
|
| 2023-03-01 07:29:45 |
π¨ CVE-2023-1105External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.π@cveNotify |
|
| 2023-03-01 07:29:44 |
π¨ CVE-2022-38725An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.π@cveNotify |
|
| 2023-03-01 07:29:43 |
π¨ CVE-2021-25298Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/cloud-vm/cloud-vm.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command injection on the Nagios XI server.π@cveNotify |
|
| 2023-03-01 02:30:05 |
π¨ CVE-2023-1059A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824.π@cveNotify |
|
| 2023-03-01 02:30:03 |
π¨ CVE-2023-1067Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18.π@cveNotify |
|
| 2023-03-01 02:30:02 |
π¨ CVE-2023-24364Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel.π@cveNotify |
|
| 2023-03-01 02:30:00 |
π¨ CVE-2023-24651Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page.π@cveNotify |
|
| 2023-03-01 02:29:59 |
π¨ CVE-2023-24652Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function.π@cveNotify |
|
| 2023-03-01 02:29:57 |
π¨ CVE-2023-24653Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function.π@cveNotify |
|
| 2023-03-01 02:29:56 |
π¨ CVE-2023-24654Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function.π@cveNotify |
|
| 2023-03-01 02:29:54 |
π¨ CVE-2023-24656Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function.π@cveNotify |
|
| 2023-03-01 02:29:53 |
π¨ CVE-2022-38220An XSS vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.1 that may allow remote injection of arbitrary web script or HTML.π@cveNotify |
|
| 2023-03-01 02:29:51 |
π¨ CVE-2023-0847The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. If the protocol has been compiled using default settings, this will only grant the attacker access to allocated but unused memory. However, if it was configured using non-default settings, there is the possibility that exploiting this vulnerability could lead to system crashes and remote code execution.π@cveNotify |
|
| 2023-03-01 02:29:50 |
π¨ CVE-2022-26579PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability.π@cveNotify |
|
| 2023-03-01 02:29:48 |
π¨ CVE-2022-26580PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow the execution of specific command injections on selected binaries in the ADB daemon shell service. The attacker must have physical USB access to the device in order to exploit this vulnerability.π@cveNotify |
|
| 2023-03-01 02:29:47 |
π¨ CVE-2022-26581PAX A930 device with PayDroid_7.1.1_Virgo_V04.3.26T1_20210419 can allow an unauthorized attacker to perform privileged actions through the execution of specific binaries listed in ADB daemon. The attacker must have physical USB access to the device in order to exploit this vulnerability.π@cveNotify |
|
| 2023-03-01 02:29:45 |
π¨ CVE-2022-26582The systool_server in PAX Technology A930 PayDroid 7.1.1 Virgo V04.4.02 20211201 fails to check for dollar signs or backticks in user supplied commands, leading to to arbitrary command execution as root.π@cveNotify |
|
| 2023-03-01 02:29:44 |
π¨ CVE-2022-23239Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows administrative users to perform a Stored Cross-Site Scripting (XSS) attack.π@cveNotify |
|
| 2023-03-01 02:29:42 |
π¨ CVE-2022-23240Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.11P1 are susceptible to a vulnerability which allows unauthorized users to update EMS Subscriptions via unspecified vectors.π@cveNotify |
|
| 2023-03-01 02:29:41 |
π¨ CVE-2022-47075An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.π@cveNotify |
|
| 2023-03-01 02:29:39 |
π¨ CVE-2022-47076An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to view sensitive information via DisplayParallelLogData.aspx.π@cveNotify |
|
| 2023-03-01 02:29:38 |
π¨ CVE-2023-1095In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.π@cveNotify |
|
| 2023-03-01 02:29:37 |
π¨ CVE-2023-25575API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Resource properties secured with the `security` option of the `ApiPlatform\Metadata\ApiProperty` attribute can be disclosed to unauthorized users. The problem affects most serialization formats, including raw JSON, which is enabled by default when installing API Platform. Custom serialization formats may also be impacted. Only collection endpoints are affected by the issue, item endpoints are not. The JSON-LD format is not affected by the issue. The result of the security rule is only executed for the first item of the collection. The result of the rule is then cached and reused for the next items. This bug can leak data to unauthorized users when the rule depends on the value of a property of the item. This bug can also hide properties that should be displayed to authorized users. This issue impacts the 2.7, 3.0 and 3.1 branches. Please upgrade to versions 2.7.10, 3.0.12 or 3.1.3. As a workaround, replace the `cache_key` of the context array of the Serializer inside a custom normalizer that works on objects if the security option of the `ApiPlatform\Metadata\ApiProperty` attribute is used.π@cveNotify |
|
| 2023-03-01 00:29:46 |
π¨ CVE-2022-36537ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.π@cveNotify |
|
| 2023-03-01 00:29:45 |
π¨ CVE-2023-1100A vulnerability classified as critical has been found in SourceCodester Online Catering Reservation System 1.0. This affects an unknown part of the file /reservation/add_message.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222003.π@cveNotify |
|
| 2023-03-01 00:29:44 |
π¨ CVE-2023-22996In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device.π@cveNotify |
|
| 2023-03-01 00:29:41 |
π¨ CVE-2023-22997In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).π@cveNotify |
|
| 2023-03-01 00:29:40 |
π¨ CVE-2023-0339Relative Path Traversal vulnerability in ForgeRock Access Management Web Policy Agent allows Authentication Bypass. This issue affects Access Management Web Policy Agent: all versions up to 5.10.1π@cveNotify |
|
| 2023-03-01 00:29:39 |
π¨ CVE-2023-0511Relative Path Traversal vulnerability in ForgeRock Access Management Java Policy Agent allows Authentication Bypass. This issue affects Access Management Java Policy Agent: all versions up to 5.10.1π@cveNotify |
|
| 2023-02-28 22:30:09 |
π¨ CVE-2023-21593Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-28 22:30:08 |
π¨ CVE-2018-20822LibSass 3.5.4 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Complex_Selector::perform in ast.hpp and Sass::Inspect::operator in inspect.cpp).π@cveNotify |
|
| 2023-02-28 22:30:07 |
π¨ CVE-2018-20821The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service (uncontrolled recursion in Sass::Parser::parse_css_variable_value in parser.cpp).π@cveNotify |
|
| 2023-02-28 22:30:06 |
π¨ CVE-2019-1010257An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. A URL can be constructed which allows overriding the PDF file's path leading to any PDF whose path is known and which is readable to the web server can be downloaded. The file will be deleted after download if the web server has permission to do so. For PHP versions before 5.3, any file can be read by null terminating the string left of the file extension.π@cveNotify |
|
| 2023-02-28 22:30:05 |
π¨ CVE-2019-10269BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.π@cveNotify |
|
| 2023-02-28 22:30:04 |
π¨ CVE-2019-6284In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::alternatives in prelexer.hpp.π@cveNotify |
|
| 2023-02-28 22:30:03 |
π¨ CVE-2019-7222The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.π@cveNotify |
|
| 2023-02-28 22:30:01 |
π¨ CVE-2019-7664In elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).π@cveNotify |
|
| 2023-02-28 22:30:00 |
π¨ CVE-2019-6283In LibSass 3.5.5, a heap-based buffer over-read exists in Sass::Prelexer::parenthese_scope in prelexer.hpp.π@cveNotify |
|
| 2023-02-28 22:29:59 |
π¨ CVE-2018-20584JasPer 2.0.14 allows remote attackers to cause a denial of service (application hang) via an attempted conversion to the jp2 format.π@cveNotify |
|
| 2023-02-28 22:29:55 |
π¨ CVE-2018-1000876binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f.π@cveNotify |
|
| 2023-02-28 22:29:54 |
π¨ CVE-2021-26277The framework service handles pendingIntent incorrectly, allowing a malicious application with certain privileges to perform privileged actions.π@cveNotify |
|
| 2023-02-28 22:29:53 |
π¨ CVE-2022-43579IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 238684.π@cveNotify |
|
| 2023-02-28 22:29:52 |
π¨ CVE-2023-1017An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.π@cveNotify |
|
| 2023-02-28 22:29:51 |
π¨ CVE-2023-1065This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. It does not expose the user of the integration to any direct security risk and no user data can be leaked. To exploit the vulnerability the attacker does not need to be authenticated to Snyk but does need to know the target's Integration ID (which may or may not be the same as the Organization ID, although this is an unpredictable UUID in either case).π@cveNotify |
|
| 2023-02-28 22:29:47 |
π¨ CVE-2023-27371GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. This allows an attacker to remotely send a malicious HTTP POST packet that includes one or more '\0' bytes in a multipart/form-data boundary field, which - assuming a specific heap layout - will result in an out-of-bounds read and a crash in the find_boundary() function.π@cveNotify |
|
| 2023-02-28 22:29:46 |
π¨ CVE-2023-27372SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.π@cveNotify |
|
| 2023-02-28 22:29:45 |
π¨ CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".π@cveNotify |
|
| 2023-02-28 22:29:44 |
π¨ CVE-2022-41723A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.π@cveNotify |
|
| 2023-02-28 22:29:43 |
π¨ CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).π@cveNotify |
|
| 2023-02-28 19:30:05 |
π¨ CVE-2020-16093In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.π@cveNotify |
|
| 2023-02-28 19:30:03 |
π¨ CVE-2020-21676A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.π@cveNotify |
|
| 2023-02-28 19:30:02 |
π¨ CVE-2020-4051In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.π@cveNotify |
|
| 2023-02-28 19:30:01 |
π¨ CVE-2019-14744In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.π@cveNotify |
|
| 2023-02-28 19:30:00 |
π¨ CVE-2022-41722A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".π@cveNotify |
|
| 2023-02-28 19:29:59 |
π¨ CVE-2022-41723A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.π@cveNotify |
|
| 2023-02-28 19:29:57 |
π¨ CVE-2022-41724Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).π@cveNotify |
|
| 2023-02-28 19:29:56 |
π¨ CVE-2022-41725A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.π@cveNotify |
|
| 2023-02-28 19:29:55 |
π¨ CVE-2022-41727An attacker can craft a malformed TIFF image which will consume a significant amount of memory when passed to DecodeConfig. This could lead to a denial of service.π@cveNotify |
|
| 2023-02-28 19:29:54 |
π¨ CVE-2023-1018An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.π@cveNotify |
|
| 2023-02-28 19:29:53 |
π¨ CVE-2023-25431An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer_0/admins/assessments/course/course-update.php.π@cveNotify |
|
| 2023-02-28 19:29:52 |
π¨ CVE-2023-25432An issue was discovered in Online Reviewer Management System v1.0. There is a SQL injection that can directly issue instructions to the background database system via reviewer_0/admins/assessments/course/course-update.php.π@cveNotify |
|
| 2023-02-28 19:29:50 |
π¨ CVE-2023-27320Sudo before 1.9.13p2 has a double free in the per-command chroot feature.π@cveNotify |
|
| 2023-02-28 19:29:49 |
π¨ CVE-2016-15005CSRF tokens are generated using math/rand, which is not a cryptographically secure random number generator, allowing an attacker to predict values and bypass CSRF protections with relatively few requests.π@cveNotify |
|
| 2023-02-28 19:29:48 |
π¨ CVE-2018-3717connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.π@cveNotify |
|
| 2023-02-28 19:29:47 |
π¨ CVE-2018-3718serve node module suffers from Improper Handling of URL Encoding by permitting access to ignored files if a filename is URL encoded.π@cveNotify |
|
| 2023-02-28 19:29:45 |
π¨ CVE-2018-3714node-srv node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path.π@cveNotify |
|
| 2023-02-28 19:29:44 |
π¨ CVE-2021-33226Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.π@cveNotify |
|
| 2023-02-28 19:29:43 |
π¨ CVE-2018-3713angular-http-server node module suffers from a Path Traversal vulnerability due to lack of validation of possibleFilename, which allows a malicious user to read content of any file with known path.π@cveNotify |
|
| 2023-02-28 19:29:42 |
π¨ CVE-2018-3711Fastify node module before 0.38.0 is vulnerable to a denial-of-service attack by sending a request with "Content-Type: application/json" and a very large payload.π@cveNotify |
|
| 2023-02-28 17:30:12 |
π¨ CVE-2023-0461There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege. There is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock. When CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable. The setsockopt TCP_ULP operation does not require any privilege. We recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307cπ@cveNotify |
|
| 2023-02-28 17:30:11 |
π¨ CVE-2021-33391An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.π@cveNotify |
|
| 2023-02-28 17:30:10 |
π¨ CVE-2022-20803A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.π@cveNotify |
|
| 2023-02-28 17:30:08 |
π¨ CVE-2019-12523An issue was discovered in Squid before 4.9. When handling a URN request, a corresponding HTTP request is made. This HTTP request doesn't go through the access checks that incoming HTTP requests go through. This causes all access checks to be bypassed and allows access to restricted HTTP servers, e.g., an attacker can connect to HTTP servers that only listen on localhost.π@cveNotify |
|
| 2023-02-28 17:30:07 |
π¨ CVE-2019-12422Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.π@cveNotify |
|
| 2023-02-28 17:30:06 |
π¨ CVE-2023-24044** DISPUTED ** A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."π@cveNotify |
|
| 2023-02-28 17:30:05 |
π¨ CVE-2023-24785An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature.π@cveNotify |
|
| 2023-02-28 17:30:04 |
π¨ CVE-2019-17533Mat_VarReadNextInfo4 in mat4.c in MATIO 1.5.17 omits a certain '\0' character, leading to a heap-based buffer over-read in strdup_vprintf when uninitialized memory is accessed.π@cveNotify |
|
| 2023-02-28 17:30:02 |
π¨ CVE-2023-26020Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.This issue affects CrafterCMS v4.0 from 4.0.0 through 4.0.1, and v3.1 from 3.1.0 through 3.1.26.π@cveNotify |
|
| 2023-02-28 17:30:01 |
π¨ CVE-2018-16981stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function.π@cveNotify |
|
| 2023-02-28 17:30:00 |
π¨ CVE-2018-25012A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().π@cveNotify |
|
| 2023-02-28 17:29:59 |
π¨ CVE-2019-9918An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Input does not get validated and queries are not written in a way to prevent SQL injection. Therefore arbitrary SQL-Statements can be executed in the database.π@cveNotify |
|
| 2023-02-28 17:29:58 |
π¨ CVE-2017-5546The freelist-randomization feature in mm/slab.c in the Linux kernel 4.8.x and 4.9.x before 4.9.5 allows local users to cause a denial of service (duplicate freelist entries and system crash) or possibly have unspecified other impact in opportunistic circumstances by leveraging the selection of a large value for a random number.π@cveNotify |
|
| 2023-02-28 17:29:57 |
π¨ CVE-2021-37373** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st generation firmware 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue.π@cveNotify |
|
| 2023-02-28 17:29:56 |
π¨ CVE-2022-2873An out-of-bounds memory access flaw was found in the Linux kernel Intelβs iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.π@cveNotify |
|
| 2023-02-28 17:29:52 |
π¨ CVE-2013-4843Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors.π@cveNotify |
|
| 2023-02-28 17:29:51 |
π¨ CVE-2022-2318There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.π@cveNotify |
|
| 2023-02-28 17:29:50 |
π¨ CVE-2022-27778A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.π@cveNotify |
|
| 2023-02-28 17:29:49 |
π¨ CVE-2022-3649A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfs_new_inode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211992.π@cveNotify |
|
| 2023-02-28 17:29:48 |
π¨ CVE-2022-1973A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.π@cveNotify |
|
| 2023-02-28 16:29:55 |
π¨ CVE-2019-16056An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.π@cveNotify |
|
| 2023-02-28 16:29:51 |
π¨ CVE-2022-0637There was an open redirection vulnerability pollbot, which was used in https://pollbot.services.mozilla.com/ and https://pollbot.stage.mozaws.net/ An attacker could have redirected anyone to malicious sites.π@cveNotify |
|
| 2023-02-28 16:29:50 |
π¨ CVE-2023-1022The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.π@cveNotify |
|
| 2023-02-28 16:29:49 |
π¨ CVE-2023-1023The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change sitemap-related settings of the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.π@cveNotify |
|
| 2023-02-28 16:29:46 |
π¨ CVE-2023-1024The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.π@cveNotify |
|
| 2023-02-28 16:29:45 |
π¨ CVE-2023-1027The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.π@cveNotify |
|
| 2023-02-28 16:29:44 |
π¨ CVE-2023-1080The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βtabβ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-02-28 16:29:40 |
π¨ CVE-2020-36652Incorrect Default Permissions vulnerability in Hitachi Automation Director on Linux, Hitachi Infrastructure Analytics Advisor on Linux (Hitachi Infrastructure Analytics Advisor, Analytics probe server components), Hitachi Ops Center Automator on Linux, Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer, Analyzer probe server components), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Automation Director: from 8.2.0-00 through 10.6.1-00; Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.0.0-00; Hitachi Ops Center Automator: before 10.9.1-00; Hitachi Ops Center Analyzer: before 10.9.1-00; Hitachi Ops Center Viewpoint: before 10.9.1-00.π@cveNotify |
|
| 2023-02-28 16:29:39 |
π¨ CVE-2022-4895Improper Certificate Validation vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component) allows Man in the Middle Attack.This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.1-00.π@cveNotify |
|
| 2023-02-28 16:29:38 |
π¨ CVE-2021-22283Improper Initialization vulnerability in ABB Relion protection relays - 611 series, ABB Relion protection relays - 615 series IEC 4.0 FP1, ABB Relion protection relays - 615 series CN 4.0 FP1, ABB Relion protection relays - 615 series IEC 5.0, ABB Relion protection relays - 615 series IEC 5.0 FP1, ABB Relion protection relays - 620 series IEC/CN 2.0, ABB Relion protection relays - 620 series IEC/CN 2.0 FP1, ABB Relion protection relays - REX640 PCL1, ABB Relion protection relays - REX640 PCL2, ABB Relion protection relays - REX640 PCL3, ABB Relion protection relays - RER615, ABB Remote Monitoring and Control - REC615, ABB Merging Unit- SMU615 allows Communication Channel Manipulation.This issue affects Relion protection relays - 611 series: from 1.0.0 before 2.0.3; Relion protection relays - 615 series IEC 4.0 FP1: from 4.1.0 before 4.1.9; Relion protection relays - 615 series CN 4.0 FP1: from 4.1.0 before 4.1.8; Relion protection relays - 615 series IEC 5.0: from 5.0.0 before 5.0.12; Relion protection relays - 615 series IEC 5.0 FP1: from 5.1.0 before 5.1.20; Relion protection relays - 620 series IEC/CN 2.0: from 2.0.0 before 2.0.11; Relion protection relays - 620 series IEC/CN 2.0 FP1: from 2.1.0 before 2.1.15; Relion protection relays - REX640 PCL1: from 1.0.0 before 1.0.8; Relion protection relays - REX640 PCL2: from 1.1.0 before 1.1.4; Relion protection relays - REX640 PCL3: from 1.2.0 before 1.2.1; Relion protection relays - RER615: from 2.0.0 before 2.0.3; Remote Monitoring and Control - REC615: from 1.0.0 before 2.0.3; Merging Unit- SMU615: from 1.0.0 before 1.0.2.π@cveNotify |
|
| 2023-02-28 12:30:46 |
π¨ CVE-2023-26609ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.π@cveNotify |
|
| 2023-02-28 12:30:45 |
π¨ CVE-2023-26602ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.π@cveNotify |
|
| 2023-02-28 07:31:04 |
π¨ CVE-2023-26235JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.π@cveNotify |
|
| 2023-02-28 07:31:03 |
π¨ CVE-2022-4385The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu orderπ@cveNotify |
|
| 2023-02-28 07:31:02 |
π¨ CVE-2022-4386The Intuitive Custom Post Order WordPress plugin before 3.1.4 lacks CSRF protection in its update-menu-order ajax action, allowing an attacker to trick any user to change the menu order via a CSRF attackπ@cveNotify |
|
| 2023-02-28 07:30:58 |
π¨ CVE-2023-0929Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-02-28 07:30:57 |
π¨ CVE-2023-0932Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)π@cveNotify |
|
| 2023-02-28 07:30:53 |
π¨ CVE-2023-0933Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)π@cveNotify |
|
| 2023-02-28 07:30:52 |
π¨ CVE-2023-0966A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=orders/view_order. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221635.π@cveNotify |
|
| 2023-02-28 07:30:51 |
π¨ CVE-2023-0429The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π@cveNotify |
|
| 2023-02-28 07:30:47 |
π¨ CVE-2023-0380The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-28 07:30:46 |
π¨ CVE-2023-0428The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.π@cveNotify |
|
| 2023-02-28 02:29:36 |
π¨ CVE-2015-10086A vulnerability, which was classified as critical, was found in OpenCycleCompass server-php. Affected is an unknown function of the file api1/login.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is fa0d9bcf81c711a88172ad0d37a842f029ac3782. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221808.π@cveNotify |
|
| 2023-02-27 23:29:36 |
π¨ CVE-2023-24258SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. This vulnerability allows attackers to execute arbitrary code via a crafted POST request.π@cveNotify |
|
| 2023-02-27 23:29:35 |
π¨ CVE-2023-26043GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. GeoNode is vulnerable to an XML External Entity (XXE) injection in the style upload functionality of GeoServer leading to Arbitrary File Read. This issue has been patched in version 4.0.3.π@cveNotify |
|
| 2023-02-27 22:29:58 |
π¨ CVE-2020-9846A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs.π@cveNotify |
|
| 2023-02-27 22:29:57 |
π¨ CVE-2022-46712A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges.π@cveNotify |
|
| 2023-02-27 22:29:56 |
π¨ CVE-2021-46841This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 3.5.0 for Android. An attacker in a privileged network position can track a user's activity.π@cveNotify |
|
| 2023-02-27 22:29:55 |
π¨ CVE-2022-22668A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A malicious application may be able to leak sensitive user information.π@cveNotify |
|
| 2023-02-27 22:29:54 |
π¨ CVE-2022-32846A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.π@cveNotify |
|
| 2023-02-27 22:29:52 |
π¨ CVE-2022-32836This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data.π@cveNotify |
|
| 2023-02-27 22:29:51 |
π¨ CVE-2022-32902A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences.π@cveNotify |
|
| 2023-02-27 22:29:50 |
π¨ CVE-2022-32855A logic issue was addressed with improved state management. This issue is fixed in iOS 15.6 and iPadOS 15.6. A user may be able to view restricted content from the lock screen.π@cveNotify |
|
| 2023-02-27 22:29:49 |
π¨ CVE-2022-32891The issue was addressed with improved UI handling. This issue is fixed in Safari 16, tvOS 16, watchOS 9, iOS 16. Visiting a website that frames malicious content may lead to UI spoofing.π@cveNotify |
|
| 2023-02-27 22:29:48 |
π¨ CVE-2022-32896This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. A user may be able to view sensitive user information.π@cveNotify |
|
| 2023-02-27 22:29:47 |
π¨ CVE-2022-32900A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges.π@cveNotify |
|
| 2023-02-27 22:29:46 |
π¨ CVE-2022-32949This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.π@cveNotify |
|
| 2023-02-27 22:29:45 |
π¨ CVE-2022-42797An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges.π@cveNotify |
|
| 2023-02-27 22:29:44 |
π¨ CVE-2022-46713A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system.π@cveNotify |
|
| 2023-02-27 22:29:43 |
π¨ CVE-2022-46704A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to modify protected parts of the file system.π@cveNotify |
|
| 2023-02-27 22:29:39 |
π¨ CVE-2023-23496The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.π@cveNotify |
|
| 2023-02-27 22:29:38 |
π¨ CVE-2022-46723This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A remote user may be able to write arbitrary files.π@cveNotify |
|
| 2023-02-27 22:29:37 |
π¨ CVE-2023-23501The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory..π@cveNotify |
|
| 2023-02-27 22:29:36 |
π¨ CVE-2023-23502An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, tvOS 16.3, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to determine kernel memory layout.π@cveNotify |
|
| 2023-02-27 18:29:57 |
π¨ CVE-2019-13575A SQL injection vulnerability exists in WPEverest Everest Forms plugin for WordPress through 1.4.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/evf-entry-functions.phpπ@cveNotify |
|
| 2023-02-27 18:29:56 |
π¨ CVE-2019-0179Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.π@cveNotify |
|
| 2023-02-27 18:29:52 |
π¨ CVE-2019-0177Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.π@cveNotify |
|
| 2023-02-27 18:29:51 |
π¨ CVE-2019-0180Insufficient password protection in the attestation database for Open CIT may allow an authenticated user to potentially enable information disclosure via local access.π@cveNotify |
|
| 2023-02-27 18:29:50 |
π¨ CVE-2019-11766dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffer over-read in the D6_OPTION_PD_EXCLUDE feature.π@cveNotify |
|
| 2023-02-27 18:29:46 |
π¨ CVE-2023-0535The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-27 18:29:45 |
π¨ CVE-2023-0543The Arigato Autoresponder and Newsletter WordPress plugin before 2.1.7.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.π@cveNotify |
|
| 2023-02-27 18:29:41 |
π¨ CVE-2023-23157A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullname parameter on the enquiry page.π@cveNotify |
|
| 2023-02-27 18:29:40 |
π¨ CVE-2022-4757The List Pages Shortcode WordPress plugin before 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π@cveNotify |
|
| 2023-02-27 16:29:48 |
π¨ CVE-2023-23108In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc.π@cveNotify |
|
| 2023-02-27 16:29:47 |
π¨ CVE-2023-23109In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv.π@cveNotify |
|
| 2023-02-27 16:29:46 |
π¨ CVE-2023-22945In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.π@cveNotify |
|
| 2023-02-27 16:29:45 |
π¨ CVE-2022-4422This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.π@cveNotify |
|
| 2023-02-27 16:29:44 |
π¨ CVE-2023-22909An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow.π@cveNotify |
|
| 2023-02-27 16:29:42 |
π¨ CVE-2023-22911An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context.π@cveNotify |
|
| 2023-02-27 16:29:41 |
π¨ CVE-2022-34908An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data.π@cveNotify |
|
| 2023-02-27 16:29:40 |
π¨ CVE-2022-34909An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.π@cveNotify |
|
| 2023-02-27 16:29:39 |
π¨ CVE-2022-34910An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It uses a local database to store data and accounts. However, the password is stored in cleartext. Therefore, an attacker can retrieve the passwords of other users that used the same device.π@cveNotify |
|
| 2023-02-27 16:29:38 |
π¨ CVE-2023-24206Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function.π@cveNotify |
|
| 2023-02-27 13:29:54 |
π¨ CVE-2023-1053A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical. This issue affects some unknown processing of the file view_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221819.π@cveNotify |
|
| 2023-02-27 13:29:53 |
π¨ CVE-2023-1056A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221821 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-27 13:29:48 |
π¨ CVE-2023-1058A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221823.π@cveNotify |
|
| 2023-02-27 13:29:47 |
π¨ CVE-2023-1059A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221824.π@cveNotify |
|
| 2023-02-27 13:29:46 |
π¨ CVE-2023-1061A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221825 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-27 13:29:45 |
π¨ CVE-2023-1062A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221826 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-27 13:29:41 |
π¨ CVE-2023-1063A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221827.π@cveNotify |
|
| 2023-02-27 13:29:40 |
π¨ CVE-2023-22636An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.π@cveNotify |
|
| 2023-02-27 13:29:39 |
π¨ CVE-2023-26609ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.π@cveNotify |
|
| 2023-02-27 13:29:38 |
π¨ CVE-2023-26257An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.π@cveNotify |
|
| 2023-02-27 11:29:37 |
π¨ CVE-2023-22636An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request.π@cveNotify |
|
| 2023-02-27 11:29:36 |
π¨ CVE-2022-31405MV iDigital Clinic Enterprise (iDCE) 1.0 stores passwords in cleartext.π@cveNotify |
|
| 2023-02-27 07:29:59 |
π¨ CVE-2023-26257An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Dynamic memory is not released after it is allocated in dlt-control-common.c.π@cveNotify |
|
| 2023-02-27 07:29:58 |
π¨ CVE-2022-36231pdf_info 0.5.3 is vulnerable to Command Execution because the Ruby code uses backticks instead of Open3.π@cveNotify |
|
| 2023-02-27 07:29:57 |
π¨ CVE-2022-45544** DISPUTED ** Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.π@cveNotify |
|
| 2023-02-27 07:29:55 |
π¨ CVE-2023-0795LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3488, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.π@cveNotify |
|
| 2023-02-27 07:29:53 |
π¨ CVE-2023-0796LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3592, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.π@cveNotify |
|
| 2023-02-27 07:29:52 |
π¨ CVE-2023-0797LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6921, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.π@cveNotify |
|
| 2023-02-27 07:29:51 |
π¨ CVE-2023-0798LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3400, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.π@cveNotify |
|
| 2023-02-27 07:29:50 |
π¨ CVE-2023-0799LibTIFF 4.4.0 has an out-of-bounds read in tiffcrop in tools/tiffcrop.c:3701, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit afaabc3e.π@cveNotify |
|
| 2023-02-27 07:29:49 |
π¨ CVE-2023-0800LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-27 07:29:48 |
π¨ CVE-2023-0801LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-27 07:29:46 |
π¨ CVE-2023-0802LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-27 07:29:45 |
π¨ CVE-2023-0803LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-27 07:29:44 |
π¨ CVE-2023-0804LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-27 07:29:43 |
π¨ CVE-2022-37032An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead to a segmentation fault and denial of service. This occurs in bgp_capability_msg_parse in bgpd/bgp_packet.c.π@cveNotify |
|
| 2023-02-27 07:29:42 |
π¨ CVE-2023-26609ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field.π@cveNotify |
|
| 2023-02-27 01:29:37 |
π¨ CVE-2023-26605In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid.π@cveNotify |
|
| 2023-02-27 01:29:36 |
π¨ CVE-2023-26606In the Linux kernel 6.0.8, there is a use-after-free in ntfs_trim_fs in fs/ntfs3/bitmap.c.π@cveNotify |
|
| 2023-02-27 01:29:35 |
π¨ CVE-2023-26607In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.π@cveNotify |
|
| 2023-02-26 22:29:36 |
π¨ CVE-2023-26602ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.π@cveNotify |
|
| 2023-02-26 18:29:37 |
π¨ CVE-2023-1047A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-26 18:29:36 |
π¨ CVE-2023-1048A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.π@cveNotify |
|
| 2023-02-26 16:29:43 |
π¨ CVE-2023-1043A vulnerability was found in MuYuCMS 2.2. It has been classified as problematic. Affected is an unknown function of the file /editor/index.php. The manipulation of the argument dir_path leads to relative path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221802 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-26 16:29:42 |
π¨ CVE-2023-1044A vulnerability was found in MuYuCMS 2.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /editor/index.php. The manipulation of the argument file_path leads to relative path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221803.π@cveNotify |
|
| 2023-02-26 16:29:41 |
π¨ CVE-2023-1045A vulnerability was found in MuYuCMS 2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin.php/accessory/filesdel.html. The manipulation of the argument filedelur leads to relative path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221804.π@cveNotify |
|
| 2023-02-26 16:29:40 |
π¨ CVE-2023-1046A vulnerability classified as critical has been found in MuYuCMS 2.2. This affects an unknown part of the file /admin.php/update/getFile.html. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221805 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-26 16:29:38 |
π¨ CVE-2023-1047A vulnerability classified as critical was found in TechPowerUp RealTemp 3.7.0.0. This vulnerability affects unknown code in the library WinRing0x64.sys. The manipulation leads to improper initialization. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-221806 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-26 16:29:37 |
π¨ CVE-2023-1048A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5. This issue affects some unknown processing in the library WinRing0x64.sys. The manipulation leads to improper initialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221807.π@cveNotify |
|
| 2023-02-26 12:29:39 |
π¨ CVE-2019-25105A vulnerability, which was classified as problematic, was found in dro.pm. This affects an unknown part of the file web/fileman.php. The manipulation of the argument secret/key leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is fa73c3a42bc5c246a1b8f815699ea241aef154bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221763.π@cveNotify |
|
| 2023-02-26 12:29:38 |
π¨ CVE-2021-3329Lack of proper validation in HCI Host stack initialization can cause a crash of the bluetooth stackπ@cveNotify |
|
| 2023-02-26 00:29:53 |
π¨ CVE-2022-48362Zoho ManageEngine Desktop Central and Desktop Central MSP before 10.1.2137.2 allow directory traversal via computerName to AgentLogUploadServlet. A remote, authenticated attacker could upload arbitrary code that would be executed when Desktop Central is restarted. (The attacker could authenticate by exploiting CVE-2021-44515.)π@cveNotify |
|
| 2023-02-25 22:29:37 |
π¨ CVE-2023-26550A SQL injection vulnerability in BMC Control-M before 9.0.20.214 allows attackers to execute arbitrary SQL commands via the memname JSON field.π@cveNotify |
|
| 2023-02-25 13:29:39 |
π¨ CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.π@cveNotify |
|
| 2023-02-25 12:29:41 |
π¨ CVE-2022-2024OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.π@cveNotify |
|
| 2023-02-25 12:29:40 |
π¨ CVE-2023-1035A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784.π@cveNotify |
|
| 2023-02-25 12:29:39 |
π¨ CVE-2023-1007A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.π@cveNotify |
|
| 2023-02-25 12:29:38 |
π¨ CVE-2023-1008A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-25 12:29:37 |
π¨ CVE-2023-25725HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. For HTTP/2 and HTTP/3, the impact is limited because the headers disappear before being parsed and processed, as if they had not been sent by the client. The fixed versions are 2.7.3, 2.6.9, 2.5.12, 2.4.22, 2.2.29, and 2.0.31.π@cveNotify |
|
| 2023-02-25 07:30:18 |
π¨ CVE-2023-26545In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.π@cveNotify |
|
| 2023-02-25 07:30:16 |
π¨ CVE-2023-0880Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.π@cveNotify |
|
| 2023-02-25 07:30:14 |
π¨ CVE-2023-0878Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.π@cveNotify |
|
| 2023-02-25 07:30:12 |
π¨ CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.π@cveNotify |
|
| 2023-02-25 07:30:10 |
π¨ CVE-2023-0877Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.π@cveNotify |
|
| 2023-02-25 07:30:07 |
π¨ CVE-2023-0821HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.π@cveNotify |
|
| 2023-02-25 07:30:05 |
π¨ CVE-2022-44299SiteServerCMS 7.1.3 sscms has a file read vulnerability.π@cveNotify |
|
| 2023-02-25 07:30:02 |
π¨ CVE-2022-27891Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.π@cveNotify |
|
| 2023-02-25 07:30:00 |
π¨ CVE-2022-32477An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the FvbServicesRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.π@cveNotify |
|
| 2023-02-25 07:29:57 |
π¨ CVE-2022-32469An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the PnpSmm shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This attack can be mitigated using IOMMU protection for the ACPI runtime memory used for the command buffer. This attack can be mitigated by copying the firmware block services data to SMRAM before checking it.π@cveNotify |
|
| 2023-02-25 07:29:55 |
π¨ CVE-2022-32475An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. DMA attacks on the VariableRuntimeDxe shared buffer used by SMM and non-SMM code could cause TOCTOU race-condition issues that could lead to corruption of SMRAM and escalation of privileges. This issue was fixed in the kernel, which also protected chipset and OEM chipset code.π@cveNotify |
|
| 2023-02-25 07:29:53 |
π¨ CVE-2022-3089Echelon SmartServer 2.2 with i.LON Vision 2.2 stores cleartext credentials in a file, which could allow an attacker to obtain cleartext usernames and passwords of the SmartServer. If the attacker obtains the file, then the credentials could be used to control the web user interface and file transfer protocol (FTP) server.π@cveNotify |
|
| 2023-02-25 07:29:51 |
π¨ CVE-2022-43929IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.π@cveNotify |
|
| 2023-02-25 07:29:49 |
π¨ CVE-2022-43927IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.π@cveNotify |
|
| 2023-02-25 07:29:47 |
π¨ CVE-2023-24964IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. IBM X-Force ID: 246463.π@cveNotify |
|
| 2023-02-25 07:29:45 |
π¨ CVE-2022-36775IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, 10.0.3.0, and10.0.4.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 233576.π@cveNotify |
|
| 2023-02-25 07:29:43 |
π¨ CVE-2023-1034Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9.π@cveNotify |
|
| 2023-02-25 07:29:42 |
π¨ CVE-2023-26035ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. There are no permissions check on the snapshot action, which expects an id to fetch an existing monitor but can be passed an object to create a new one instead. TriggerOn ends up calling shell_exec using the supplied Id. This issue is fixed in This issue is fixed in versions 1.36.33 and 1.37.33.π@cveNotify |
|
| 2023-02-25 07:29:40 |
π¨ CVE-2023-26036ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain a Local File Inclusion (Untrusted Search Path) vulnerability via /web/index.php. By controlling $view, any local file ending in .php can be executed. This is supposed to be mitigated by calling detaintPath, however dentaintPath does not properly sandbox the path. This can be exploited by constructing paths like "..././", which get replaced by "../". This issue is patched in versions 1.36.33 and 1.37.33.π@cveNotify |
|
| 2023-02-25 07:29:38 |
π¨ CVE-2023-26037ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not properly validated and could be used execute arbitrary SQL. This issue is fixed in versions 1.36.33 and 1.37.33.π@cveNotify |
|
| 2023-02-25 00:29:43 |
π¨ CVE-2021-42392The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.π@cveNotify |
|
| 2023-02-25 00:29:42 |
π¨ CVE-2021-34167Cross Site Request Forgery (CSRF) vulnerability in taoCMS 3.0.2 allows remote attackers to gain escalated privileges via taocms/admin/admin.php.π@cveNotify |
|
| 2023-02-25 00:29:39 |
π¨ CVE-2021-34248SQL injection vulnerability in sourcecodester mobile-shop-system-php-mysql 1.0 allows remote attackers to log in via crafterdstring in the email field of the log in page.π@cveNotify |
|
| 2023-02-25 00:29:38 |
π¨ CVE-2022-40675Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.π@cveNotify |
|
| 2023-02-25 00:29:37 |
π¨ CVE-2022-43954An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface 7.0.0 through 7.0.2 may allow a remote authenticated attacker to read other devices' passwords in the audit log page.π@cveNotify |
|
| 2023-02-24 22:30:03 |
π¨ CVE-2022-31836The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.π@cveNotify |
|
| 2023-02-24 22:30:02 |
π¨ CVE-2022-38376Multiple improper neutralization of input during web page generation ('Cross-site Scripting') vulnerabilities [CWE-79] in Fortinet FortiNAC portal UI before 9.4.1 allows an attacker to perform an XSS attack via crafted HTTP requests.π@cveNotify |
|
| 2023-02-24 22:30:00 |
π¨ CVE-2021-42756Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests.π@cveNotify |
|
| 2023-02-24 22:29:59 |
π¨ CVE-2023-23781A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted XML files.π@cveNotify |
|
| 2023-02-24 22:29:58 |
π¨ CVE-2023-24238TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules.π@cveNotify |
|
| 2023-02-24 22:29:57 |
π¨ CVE-2023-24236TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules.π@cveNotify |
|
| 2023-02-24 22:29:56 |
π¨ CVE-2023-23780A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of privilege via specifically crafted HTTP requests.π@cveNotify |
|
| 2023-02-24 22:29:54 |
π¨ CVE-2023-22580Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure.π@cveNotify |
|
| 2023-02-24 22:29:53 |
π¨ CVE-2023-22579Due to improper parameter filtering in the sequalize js library, can a attacker peform injection.π@cveNotify |
|
| 2023-02-24 22:29:52 |
π¨ CVE-2019-14206An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.π@cveNotify |
|
| 2023-02-24 22:29:50 |
π¨ CVE-2019-14799The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.π@cveNotify |
|
| 2023-02-24 22:29:49 |
π¨ CVE-2016-10878The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.π@cveNotify |
|
| 2023-02-24 22:29:48 |
π¨ CVE-2023-24483A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.π@cveNotify |
|
| 2023-02-24 22:29:47 |
π¨ CVE-2023-22578Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.π@cveNotify |
|
| 2023-02-24 22:29:46 |
π¨ CVE-2016-10874The wp-database-backup plugin before 4.3.3 for WordPress has CSRF.π@cveNotify |
|
| 2023-02-24 22:29:45 |
π¨ CVE-2016-10875The wp-database-backup plugin before 4.3.1 for WordPress has XSS.π@cveNotify |
|
| 2023-02-24 22:29:44 |
π¨ CVE-2020-15778** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."π@cveNotify |
|
| 2023-02-24 22:29:43 |
π¨ CVE-2019-14787The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter.π@cveNotify |
|
| 2023-02-24 22:29:42 |
π¨ CVE-2016-10873The wp-database-backup plugin before 4.3.3 for WordPress has XSS.π@cveNotify |
|
| 2023-02-24 22:29:41 |
π¨ CVE-2019-14683The codection "Import users from CSV with meta" plugin before 1.14.2.2 for WordPress allows wp-admin/admin-ajax.php?action=acui_delete_attachment CSRF.π@cveNotify |
|
| 2023-02-24 20:30:23 |
π¨ CVE-2023-23460Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass.π@cveNotify |
|
| 2023-02-24 20:30:21 |
π¨ CVE-2022-47508Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos.π@cveNotify |
|
| 2023-02-24 20:30:20 |
π¨ CVE-2022-47507SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.π@cveNotify |
|
| 2023-02-24 20:30:18 |
π¨ CVE-2010-0442The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service (daemon crash) or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT statement that contains a call to the substring function for a bit string, related to an "overflow."π@cveNotify |
|
| 2023-02-24 20:30:16 |
π¨ CVE-2022-47506SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.π@cveNotify |
|
| 2023-02-24 20:30:14 |
π¨ CVE-2015-5289Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vectors, which are not properly handled in (1) json or (2) jsonb values.π@cveNotify |
|
| 2023-02-24 20:30:13 |
π¨ CVE-2022-38111SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.π@cveNotify |
|
| 2023-02-24 20:30:11 |
π¨ CVE-2022-47504SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.π@cveNotify |
|
| 2023-02-24 20:30:09 |
π¨ CVE-2022-47503SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.π@cveNotify |
|
| 2023-02-24 20:30:08 |
π¨ CVE-2018-5332In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).π@cveNotify |
|
| 2023-02-24 20:30:06 |
π¨ CVE-2019-8956In the Linux Kernel before versions 4.20.8 and 4.19.21 a use-after-free error in the "sctp_sendmsg()" function (net/sctp/socket.c) when handling SCTP_SENDALL flag can be exploited to corrupt memory.π@cveNotify |
|
| 2023-02-24 20:30:05 |
π¨ CVE-2018-9568In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.π@cveNotify |
|
| 2023-02-24 20:30:04 |
π¨ CVE-2019-15927An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.π@cveNotify |
|
| 2023-02-24 20:30:02 |
π¨ CVE-2017-17855kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.π@cveNotify |
|
| 2023-02-24 20:30:01 |
π¨ CVE-2017-2636Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.π@cveNotify |
|
| 2023-02-24 20:30:00 |
π¨ CVE-2018-14619A flaw was found in the crypto subsystem of the Linux kernel before version kernel-4.15-rc4. The "null skcipher" was being dropped when each af_alg_ctx was freed instead of when the aead_tfm was freed. This can cause the null skcipher to be freed while it is still in use leading to a local user being able to crash the system or possibly escalate privileges.π@cveNotify |
|
| 2023-02-24 20:29:59 |
π¨ CVE-2018-10901A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges.π@cveNotify |
|
| 2023-02-24 20:29:58 |
π¨ CVE-2019-11487The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.π@cveNotify |
|
| 2023-02-24 20:29:57 |
π¨ CVE-2018-10675The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.π@cveNotify |
|
| 2023-02-24 20:29:55 |
π¨ CVE-2021-29154BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.π@cveNotify |
|
| 2023-02-24 17:29:58 |
π¨ CVE-2021-35370An issue found in Peacexie Imcat v5.4 allows attackers to execute arbitrary code via the incomplete filtering function.π@cveNotify |
|
| 2023-02-24 17:29:57 |
π¨ CVE-2023-23205An issue was discovered in lib60870 v2.3.2. There is a memory leak in lib60870/lib60870-C/examples/multi_client_server/multi_client_server.c.π@cveNotify |
|
| 2023-02-24 17:29:56 |
π¨ CVE-2023-25153containerd is an open source container runtime. Before versions 1.6.18 and 1.5.18, when importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. This bug has been fixed in containerd 1.6.18 and 1.5.18. Users should update to these versions to resolve the issue. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.π@cveNotify |
|
| 2023-02-24 17:29:55 |
π¨ CVE-2023-0103If an attacker were to access memory locations of LS ELECTRIC XBC-DN32U with operating system version 01.80 that are outside of the communication buffer, the device stops operating. This could allow an attacker to cause a denial-of-service condition.π@cveNotify |
|
| 2023-02-24 17:29:54 |
π¨ CVE-2023-0102LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files.π@cveNotify |
|
| 2023-02-24 17:29:53 |
π¨ CVE-2022-45587Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.π@cveNotify |
|
| 2023-02-24 17:29:52 |
π¨ CVE-2023-23752An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.π@cveNotify |
|
| 2023-02-24 17:29:51 |
π¨ CVE-2023-25578Starlite is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 1.5.2, the request body parsing in `starlite` allows a potentially unauthenticated attacker to consume a large amount of CPU time and RAM. The multipart body parser processes an unlimited number of file parts and an unlimited number of field parts. This is a remote, potentially unauthenticated Denial of Service vulnerability. This vulnerability affects applications with a request handler that accepts a `Body(media_type=RequestEncodingType.MULTI_PART)`. The large amount of CPU time required for processing requests can block all available worker processes and significantly delay or slow down the processing of legitimate user requests. The large amount of RAM accumulated while processing requests can lead to Out-Of-Memory kills. Complete DoS is achievable by sending many concurrent multipart requests in a loop. Version 1.51.2 contains a patch for this issue.π@cveNotify |
|
| 2023-02-24 17:29:50 |
π¨ CVE-2021-37137The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.π@cveNotify |
|
| 2023-02-24 17:29:48 |
π¨ CVE-2022-48337GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.π@cveNotify |
|
| 2023-02-24 17:29:47 |
π¨ CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.π@cveNotify |
|
| 2023-02-24 17:29:46 |
π¨ CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.π@cveNotify |
|
| 2023-02-24 17:29:45 |
π¨ CVE-2021-35576Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).π@cveNotify |
|
| 2023-02-24 17:29:44 |
π¨ CVE-2022-43460Driver Distributor v2.2.3.1 and earlier contains a vulnerability where passwords are stored in a recoverable format. If an attacker obtains a configuration file of Driver Distributor, the encrypted administrator's credentials may be decrypted.π@cveNotify |
|
| 2023-02-24 17:29:43 |
π¨ CVE-2022-48323Sunlogin Sunflower Simplified (aka Sunflower Simple and Personal) 1.0.1.43315 is vulnerable to a path traversal issue. A remote and unauthenticated attacker can execute arbitrary programs on the victim host by sending a crafted HTTP request, as demonstrated by /check?cmd=ping../ followed by the pathname of the powershell.exe program.π@cveNotify |
|
| 2023-02-24 17:29:42 |
π¨ CVE-2022-42455ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.π@cveNotify |
|
| 2023-02-24 17:29:41 |
π¨ CVE-2023-24499Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use.π@cveNotify |
|
| 2023-02-24 17:29:40 |
π¨ CVE-2020-23685SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.π@cveNotify |
|
| 2023-02-24 17:29:39 |
π¨ CVE-2021-43396** DISPUTED ** In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an internal state reset. This may affect data integrity in certain iconv() use cases. NOTE: the vendor states "the bug cannot be invoked through user input and requires iconv to be invoked with a NULL inbuf, which ought to require a separate application bug to do so unintentionally. Hence there's no security impact to the bug."π@cveNotify |
|
| 2023-02-24 17:29:38 |
π¨ CVE-2023-23463Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request.π@cveNotify |
|
| 2023-02-24 15:30:08 |
π¨ CVE-2021-45486In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small.π@cveNotify |
|
| 2023-02-24 15:30:06 |
π¨ CVE-2021-3752A use-after-free flaw was found in the Linux kernelβs Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.π@cveNotify |
|
| 2023-02-24 15:30:05 |
π¨ CVE-2021-3773A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.π@cveNotify |
|
| 2023-02-24 15:30:03 |
π¨ CVE-2022-0564A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured.π@cveNotify |
|
| 2023-02-24 15:30:02 |
π¨ CVE-2023-21691Microsoft Protected Extensible Authentication Protocol (PEAP) Information Disclosure Vulnerabilityπ@cveNotify |
|
| 2023-02-24 15:30:01 |
π¨ CVE-2022-42735Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .π@cveNotify |
|
| 2023-02-24 15:30:00 |
π¨ CVE-2021-43946Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.13.21, and from version 8.14.0 before 8.20.9.π@cveNotify |
|
| 2023-02-24 15:29:59 |
π¨ CVE-2021-33963China Mobile An Lianbao WF-1 v1.0.1 router web interface through /api/ZRMacClone/mac_addr_clone receives parameters by POST request, and the parameter macType has a command injection vulnerability. An attacker can use the vulnerability to execute remote commands.π@cveNotify |
|
| 2023-02-24 15:29:58 |
π¨ CVE-2023-21690Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-02-24 15:29:54 |
π¨ CVE-2023-0595A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)π@cveNotify |
|
| 2023-02-24 15:29:53 |
π¨ CVE-2023-1007A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects unknown code in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740.π@cveNotify |
|
| 2023-02-24 15:29:52 |
π¨ CVE-2023-1008A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-24 15:29:51 |
π¨ CVE-2023-1009A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/password leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-24 15:29:50 |
π¨ CVE-2023-1010A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743.π@cveNotify |
|
| 2023-02-24 14:29:38 |
π¨ CVE-2023-0595A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port (default 443). Affected products: EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020, EcoStruxure Geo SCADA Expert 2021(All Versions prior to October 2022), ClearSCADA (All Versions)π@cveNotify |
|
| 2023-02-24 14:29:37 |
π¨ CVE-2023-1008A vulnerability was found in Twister Antivirus 8.17. It has been rated as problematic. This issue affects some unknown processing in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-221741 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-24 14:29:36 |
π¨ CVE-2023-1010A vulnerability classified as critical was found in vox2png 1.0. Affected by this vulnerability is an unknown functionality of the file vox2png.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221743.π@cveNotify |
|
| 2023-02-24 12:30:16 |
π¨ CVE-2023-0997A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Moosikay/order.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221732.π@cveNotify |
|
| 2023-02-24 12:30:15 |
π¨ CVE-2023-0998A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-24 12:30:12 |
π¨ CVE-2023-0999A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. This vulnerability affects unknown code of the file admin/?page=user/list. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-221734 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-24 12:30:09 |
π¨ CVE-2023-1002A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2. This issue affects some unknown processing of the file index.php. The manipulation of the argument file_path leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221735.π@cveNotify |
|
| 2023-02-24 12:30:05 |
π¨ CVE-2023-1004A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-24 12:30:03 |
π¨ CVE-2022-34397Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized.π@cveNotify |
|
| 2023-02-24 12:30:01 |
π¨ CVE-2022-25937Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).π@cveNotify |
|
| 2023-02-24 12:29:58 |
π¨ CVE-2021-40555Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.π@cveNotify |
|
| 2023-02-24 12:29:56 |
π¨ CVE-2023-22367Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.π@cveNotify |
|
| 2023-02-24 12:29:54 |
π¨ CVE-2020-36661A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The name of the patch is d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-24 12:29:51 |
π¨ CVE-2019-25103A vulnerability has been found in simple-markdown 0.5.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file simple-markdown.js. The manipulation leads to inefficient regular expression complexity. The attack can be launched remotely. Upgrading to version 0.5.2 is able to address this issue. The name of the patch is 89797fef9abb4cab2fb76a335968266a92588816. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220639.π@cveNotify |
|
| 2023-02-24 12:29:49 |
π¨ CVE-2023-0793Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.11.π@cveNotify |
|
| 2023-02-24 12:29:47 |
π¨ CVE-2023-0790Uncaught Exception in GitHub repository thorsten/phpmyfaq prior to 3.1.11.π@cveNotify |
|
| 2023-02-24 12:29:46 |
π¨ CVE-2023-25152Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time.π@cveNotify |
|
| 2023-02-24 12:29:44 |
π¨ CVE-2023-0792Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.π@cveNotify |
|
| 2023-02-24 12:29:43 |
π¨ CVE-2022-48345sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.π@cveNotify |
|
| 2023-02-24 12:29:42 |
π¨ CVE-2023-22425Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script.π@cveNotify |
|
| 2023-02-24 12:29:39 |
π¨ CVE-2023-22427Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script.π@cveNotify |
|
| 2023-02-24 12:29:38 |
π¨ CVE-2023-24576EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service (nsrexecd) irrespective of any auth used.π@cveNotify |
|
| 2023-02-24 06:29:44 |
π¨ CVE-2022-1607Cross-Site Request Forgery (CSRF) vulnerability in ABB Pulsar Plus System Controller NE843_S, ABB Infinity DC Power Plant allows Cross Site Request Forgery.This issue affects Pulsar Plus System Controller NE843_S : comcode 150042936; Infinity DC Power Plant: H5692448 G104 G842 G224L G630-4 G451C(2) G461(2) β comcode 150047415.π@cveNotify |
|
| 2023-02-24 06:29:40 |
π¨ CVE-2023-26102All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify properties of the Object.prototypeπ@cveNotify |
|
| 2023-02-24 06:29:39 |
π¨ CVE-2023-0996There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.π@cveNotify |
|
| 2023-02-24 06:29:38 |
π¨ CVE-2023-0995Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1.π@cveNotify |
|
| 2023-02-24 06:29:37 |
π¨ CVE-2022-46440ttftool v0.9.2 was discovered to contain a segmentation violation via the readU16 function at ttf.c.π@cveNotify |
|
| 2023-02-24 06:29:36 |
π¨ CVE-2023-0994Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.8.2.π@cveNotify |
|
| 2023-02-24 05:46:27 |
https://t.me/malwr |
|
| 2023-02-24 02:30:11 |
π¨ CVE-2022-42705A use-after-free in res_pjsip_pubsub.c in Sangoma Asterisk 16.28, 18.14, 19.6, and certified/18.9-cert2 may allow a remote authenticated attacker to crash Asterisk (denial of service) by performing activity on a subscription via a reliable transport at the same time that Asterisk is also performing activity on that subscription.π@cveNotify |
|
| 2023-02-24 02:30:10 |
π¨ CVE-2022-42706An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. GetConfig, via Asterisk Manager Interface, allows a connected application to access files outside of the asterisk configuration directory, aka Directory Traversal.π@cveNotify |
|
| 2023-02-24 02:30:08 |
π¨ CVE-2022-39269PJSIP is a free and open source multimedia communication library written in C. When processing certain packets, PJSIP may incorrectly switch from using SRTP media transport to using basic RTP upon SRTP restart, causing the media to be sent insecurely. The vulnerability impacts all PJSIP users that use SRTP. The patch is available as commit d2acb9a in the master branch of the project and will be included in version 2.13. Users are advised to manually patch or to upgrade. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-02-24 02:30:07 |
π¨ CVE-2022-39244PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue.π@cveNotify |
|
| 2023-02-24 02:30:06 |
π¨ CVE-2022-31031PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue.π@cveNotify |
|
| 2023-02-24 02:30:05 |
π¨ CVE-2020-12278An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles equivalent filenames that exist because of NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352.π@cveNotify |
|
| 2023-02-24 02:30:04 |
π¨ CVE-2020-12279An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles equivalent filenames that exist because of NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353.π@cveNotify |
|
| 2023-02-24 02:30:02 |
π¨ CVE-2018-1631IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.π@cveNotify |
|
| 2023-02-24 02:30:00 |
π¨ CVE-2018-1630IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.π@cveNotify |
|
| 2023-02-24 02:29:59 |
π¨ CVE-2021-24119In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.π@cveNotify |
|
| 2023-02-24 02:29:58 |
π¨ CVE-2020-10941Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.π@cveNotify |
|
| 2023-02-24 02:29:57 |
π¨ CVE-2021-44732Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.π@cveNotify |
|
| 2023-02-24 02:29:56 |
π¨ CVE-2022-35268A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API.π@cveNotify |
|
| 2023-02-24 02:29:55 |
π¨ CVE-2022-35269A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_e2c_json_file/` API.π@cveNotify |
|
| 2023-02-24 02:29:54 |
π¨ CVE-2022-35270A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_wireguard_cert_file/` API.π@cveNotify |
|
| 2023-02-24 02:29:53 |
π¨ CVE-2022-35271A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_cert_file/` API.π@cveNotify |
|
| 2023-02-24 02:29:51 |
π¨ CVE-2021-31693VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.π@cveNotify |
|
| 2023-02-24 02:29:50 |
π¨ CVE-2022-42818This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. A user in a privileged network position may be able to track user activity.π@cveNotify |
|
| 2023-02-24 02:29:49 |
π¨ CVE-2019-6110In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server (or Man-in-The-Middle attacker) can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred.π@cveNotify |
|
| 2023-02-24 00:29:46 |
π¨ CVE-2023-26326The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.π@cveNotify |
|
| 2023-02-24 00:29:45 |
π¨ CVE-2023-20011A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts.π@cveNotify |
|
| 2023-02-24 00:29:44 |
π¨ CVE-2022-46786SquaredUp Dashboard Server SCOM edition before 5.7.1 GA allows XSS (issue 2 of 2).π@cveNotify |
|
| 2023-02-24 00:29:43 |
π¨ CVE-2022-4492The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.π@cveNotify |
|
| 2023-02-24 00:29:42 |
π¨ CVE-2023-0044If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.π@cveNotify |
|
| 2023-02-24 00:29:41 |
π¨ CVE-2023-0597A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.π@cveNotify |
|
| 2023-02-24 00:29:40 |
π¨ CVE-2023-20015A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated, local attacker to inject unauthorized commands. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute unauthorized commands within the CLI. An attacker with Administrator privileges could also execute arbitrary commands on the underlying operating system of Cisco UCS 6400 and 6500 Series Fabric Interconnects with root-level privileges.π@cveNotify |
|
| 2023-02-24 00:29:39 |
π¨ CVE-2023-20016A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to a backup file to decrypt sensitive information stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method used for the backup function. An attacker could exploit this vulnerability by leveraging a static key used for the backup configuration feature. A successful exploit could allow the attacker to decrypt sensitive information that is stored in full state and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and other credentials.π@cveNotify |
|
| 2023-02-24 00:29:38 |
π¨ CVE-2023-20050A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user.π@cveNotify |
|
| 2023-02-24 00:29:37 |
π¨ CVE-2023-20089A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated, adjacent attacker to cause a memory leak, which could result in an unexpected reload of the device. This vulnerability is due to incorrect error checking when parsing ingress LLDP packets. An attacker could exploit this vulnerability by sending a steady stream of crafted LLDP packets to an affected device. A successful exploit could allow the attacker to cause a memory leak, which could result in a denial of service (DoS) condition when the device unexpectedly reloads. Note: This vulnerability cannot be exploited by transit traffic through the device. The crafted LLDP packet must be targeted to a directly connected interface, and the attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). In addition, the attack surface for this vulnerability can be reduced by disabling LLDP on interfaces where it is not required.π@cveNotify |
|
| 2023-02-23 22:29:37 |
π¨ CVE-2022-32222A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.π@cveNotify |
|
| 2023-02-23 17:29:43 |
π¨ CVE-2022-2097AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).π@cveNotify |
|
| 2023-02-23 17:29:41 |
π¨ CVE-2023-21568Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerabilityπ@cveNotify |
|
| 2023-02-23 17:29:40 |
π¨ CVE-2023-22942In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the βkvstore_clientβ REST endpoint lets a potential attacker update SSG [App Key Value Store (KV store)](https://docs.splunk.com/Documentation/Splunk/latest/Admin/AboutKVstore) collections using an HTTP GET request. SSG is a Splunk-built app that comes with Splunk Enterprise. The vulnerability affects instances with SSG and Splunk Web enabled.π@cveNotify |
|
| 2023-02-23 17:29:39 |
π¨ CVE-2023-21794Microsoft Edge (Chromium-based) Spoofing Vulnerabilityπ@cveNotify |
|
| 2023-02-23 17:29:38 |
π¨ CVE-2022-3627LibTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy in libtiff/tif_unix.c:346 when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 236b7191.π@cveNotify |
|
| 2023-02-23 17:29:37 |
π¨ CVE-2022-3636A vulnerability, which was classified as critical, was found in Linux Kernel. This affects the function __mtk_ppe_check_skb of the file drivers/net/ethernet/mediatek/mtk_ppe.c of the component Ethernet Handler. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211935.π@cveNotify |
|
| 2023-02-23 06:30:07 |
π¨ CVE-2022-45724Incorrect Access Control in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to perform any HTTP request to an unauthenticated page to force the server to generate a SESSION_ID, and using this SESSION_ID an attacker can then perform authenticated requests.π@cveNotify |
|
| 2023-02-23 06:30:06 |
π¨ CVE-2023-0808A vulnerability was found in Deye/Revolt/Bosswerk Inverter MW3_15U_5406_1.47/MW3_15U_5406_1.471. It has been rated as problematic. This issue affects some unknown processing of the component Access Point Setting Handler. The manipulation with the input 12345678 leads to use of hard-coded password. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. Upgrading to version MW3_16U_5406_1.53 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-220769 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-23 06:30:04 |
π¨ CVE-2022-3891The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones.π@cveNotify |
|
| 2023-02-23 06:30:03 |
π¨ CVE-2022-40022Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.π@cveNotify |
|
| 2023-02-23 06:30:02 |
π¨ CVE-2022-45725Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST requestπ@cveNotify |
|
| 2023-02-23 06:30:00 |
π¨ CVE-2022-4445The FL3R FeelBox WordPress plugin through 8.1 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.π@cveNotify |
|
| 2023-02-23 06:29:59 |
π¨ CVE-2022-4448The GiveWP WordPress plugin before 2.24.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-02-23 06:29:58 |
π¨ CVE-2022-4458The amr shortcode any widget WordPress plugin through 4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.π@cveNotify |
|
| 2023-02-23 06:29:57 |
π¨ CVE-2022-4580The Twenty20 Image Before-After WordPress plugin through 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-02-23 06:29:56 |
π¨ CVE-2022-4759The GigPress WordPress plugin before 2.3.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-02-23 06:29:52 |
π¨ CVE-2022-38935An issue was discovered in NiterForum version 2.5.0-beta in /src/main/java/cn/niter/forum/api/SsoApi.java and /src/main/java/cn/niter/forum/controller/AdminController.java, allows attackers to gain escalated privileges.π@cveNotify |
|
| 2023-02-23 06:29:51 |
π¨ CVE-2022-38868SQL Injection vulnerability in Ehoney version 2.0.0 in models/protocol.go and models/images.go, allows attackers to execute arbitrary code.π@cveNotify |
|
| 2023-02-23 06:29:50 |
π¨ CVE-2021-38239SQL Injection vulnerability in dataease before 1.2.0, allows attackers to gain sensitive information via the orders parameter to /api/sys_msg/list/1/10.π@cveNotify |
|
| 2023-02-23 06:29:49 |
π¨ CVE-2023-23850A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.π@cveNotify |
|
| 2023-02-23 06:29:48 |
π¨ CVE-2020-21120SQL Injection vulnerability in file home\controls\cart.class.php in UQCMS 2.1.3, allows attackers execute arbitrary commands via the cookie_cart parameter to /index.php/cart/num.π@cveNotify |
|
| 2023-02-23 06:29:44 |
π¨ CVE-2021-33396Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.π@cveNotify |
|
| 2023-02-23 06:29:43 |
π¨ CVE-2021-33925SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 (May 19, 2021) allows unauthenticated attackers to gain escilated privledges via a crafted login.π@cveNotify |
|
| 2023-02-23 06:29:42 |
π¨ CVE-2022-38867SQL Injection vulnerability in rttys versions 4.0.0, 4.0.1, and 4.0.2 in api.go, allows attackers to execute arbitrary code.π@cveNotify |
|
| 2023-02-23 06:29:41 |
π¨ CVE-2022-45543Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.π@cveNotify |
|
| 2023-02-23 06:29:40 |
π¨ CVE-2022-45546Information Disclosure in Authentication Component of ScreenCheck BadgeMaker 2.6.2.0 application allows internal attacker to obtain credentials for authentication via network sniffing.π@cveNotify |
|
| 2023-02-23 00:29:37 |
π¨ CVE-2021-33367Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.π@cveNotify |
|
| 2023-02-23 00:29:36 |
π¨ CVE-2022-29273pfSense CE through 2.6.0 and pfSense Plus before 22.05 allow XSS in the WebGUI via URL Table Alias URL parameters.π@cveNotify |
|
| 2023-02-22 16:29:54 |
π¨ CVE-2023-0946A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-22 16:29:53 |
π¨ CVE-2023-25158GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.π@cveNotify |
|
| 2023-02-22 16:29:51 |
π¨ CVE-2023-25657Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being βdjangoβ for the Django built-in template engine, and the second being βjinjaβ for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict βchangeβ (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.*π@cveNotify |
|
| 2023-02-22 16:29:50 |
π¨ CVE-2023-25810Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-02-22 16:29:48 |
π¨ CVE-2023-25811Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-02-22 16:29:46 |
π¨ CVE-2023-25812Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a `Deny` policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header `X-Amz-Bypass-Governance-Retention: true`. However, this was not honored instead the request will be honored and an object under governance would be incorrectly deleted. All users are advised to upgrade. There are no known workarounds for this issue.π@cveNotify |
|
| 2023-02-22 16:29:44 |
π¨ CVE-2023-24320An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors.π@cveNotify |
|
| 2023-02-22 16:29:43 |
π¨ CVE-2023-25157GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.π@cveNotify |
|
| 2023-02-22 16:29:41 |
π¨ CVE-2022-48282Under very specific circumstances (see Required configuration section below), a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C#. This affects all MongoDB .NET/C# Driver versions prior to and including v2.18.0π@cveNotify |
|
| 2023-02-22 16:29:40 |
π¨ CVE-2023-0942The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the βtabβ parameter in versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.π@cveNotify |
|
| 2023-02-22 16:29:38 |
π¨ CVE-2023-0943A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects some unknown processing of the file index.php?page=site_settings of the component Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-221591.π@cveNotify |
|
| 2023-02-22 12:29:39 |
π¨ CVE-2023-25136OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."π@cveNotify |
|
| 2023-02-22 12:29:38 |
π¨ CVE-2023-26314The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.π@cveNotify |
|
| 2023-02-22 07:30:21 |
π¨ CVE-2023-0800LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3502, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-22 07:30:19 |
π¨ CVE-2023-0801LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in libtiff/tif_unix.c:368, invoked by tools/tiffcrop.c:2903 and tools/tiffcrop.c:6778, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-22 07:30:17 |
π¨ CVE-2023-0802LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-22 07:30:15 |
π¨ CVE-2023-0803LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3516, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-22 07:30:12 |
π¨ CVE-2023-0804LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3609, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 33aee127.π@cveNotify |
|
| 2023-02-22 07:30:10 |
π¨ CVE-2023-24084ChiKoi v1.0 was discovered to contain a SQL injection vulnerability via the load_file function.π@cveNotify |
|
| 2023-02-22 07:30:08 |
π¨ CVE-2023-24086SLIMS v9.5.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /customs/loan_by_class.php?reportView.π@cveNotify |
|
| 2023-02-22 07:30:06 |
π¨ CVE-2022-45091Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.π@cveNotify |
|
| 2023-02-22 07:30:04 |
π¨ CVE-2022-45090Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.π@cveNotify |
|
| 2023-02-22 07:30:01 |
π¨ CVE-2022-45089Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.π@cveNotify |
|
| 2023-02-22 07:29:59 |
π¨ CVE-2022-45088Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01.π@cveNotify |
|
| 2023-02-22 07:29:57 |
π¨ CVE-2022-45087Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.π@cveNotify |
|
| 2023-02-22 07:29:55 |
π¨ CVE-2022-45086Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows Cross-Site Scripting (XSS).This issue affects Smartpower Web: before 23.01.01.π@cveNotify |
|
| 2023-02-22 07:29:53 |
π¨ CVE-2022-45085Server-Side Request Forgery (SSRF) vulnerability in Group Arge Energy and Control Systems Smartpower Web allows : Server Side Request Forgery.This issue affects Smartpower Web: before 23.01.01.π@cveNotify |
|
| 2023-02-22 07:29:51 |
π¨ CVE-2022-44447In wlan driver, there is a possible null pointer dereference issue due to a missing bounds check. This could lead to local denial of service in wlan services.π@cveNotify |
|
| 2023-02-22 07:29:49 |
π¨ CVE-2022-44448In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.π@cveNotify |
|
| 2023-02-22 07:29:47 |
π¨ CVE-2021-4325A vulnerability, which was classified as problematic, has been found in NHN TOAST UI Chart 4.1.4. This issue affects some unknown processing of the component Legend Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.0 is able to address this issue. The name of the patch is 1a3f455d17df379e11b501bb5ba1dd1bcc41d63e. It is recommended to upgrade the affected component. The identifier VDB-221501 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-22 07:29:45 |
π¨ CVE-2022-38779An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.π@cveNotify |
|
| 2023-02-22 07:29:43 |
π¨ CVE-2023-20855VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.π@cveNotify |
|
| 2023-02-22 07:29:41 |
π¨ CVE-2023-20858VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.π@cveNotify |
|
| 2023-02-21 23:29:45 |
π¨ CVE-2023-0946A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file billing/index.php?id=9. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-221593 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-21 23:29:44 |
π¨ CVE-2023-25158GeoTools is an open source Java library that provides tools for geospatial data. GeoTools includes support for OGC Filter expression language parsing, encoding and execution against a range of datastore. SQL Injection Vulnerabilities have been found when executing OGC Filters with JDBCDataStore implementations. Users are advised to upgrade to either version 27.4 or to 28.2 to resolve this issue. Users unable to upgrade may disable `encode functions` for PostGIS DataStores or enable `prepared statements` for JDBCDataStores as a partial mitigation.π@cveNotify |
|
| 2023-02-21 23:29:43 |
π¨ CVE-2023-25657Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 has enabled sandboxed environments for the Jinja2 template engine used internally for template rendering for the following objects: `extras.ComputedField`, `extras.CustomLink`, `extras.ExportTemplate`, `extras.Secret`, `extras.Webhook`. While no active exploits of this vulnerability are known this change has been made as a preventative measure to protect against any potential remote code execution attacks utilizing maliciously crafted template code. This change forces the Jinja2 template engine to use a `SandboxedEnvironment` on all new installations of Nautobot. This addresses any potential unsafe code execution everywhere the helper function `nautobot.utilities.utils.render_jinja2` is called. Additionally, the documentation that had previously suggesting the direct use of `jinja2.Template` has been revised to suggest `render_jinja2`. Users are advised to upgrade to Nautobot 1.5.7 or newer. For users that are unable to upgrade to the latest release of Nautobot, you may add the following setting to your `nautobot_config.py` to apply the sandbox environment enforcement: `TEMPLATES[1]["OPTIONS"]["environment"] = "jinja2.sandbox.SandboxedEnvironment"` After applying this change, you must restart all Nautobot services, including any Celery worker processes. **Note:** *Nautobot specifies two template engines by default, the first being βdjangoβ for the Django built-in template engine, and the second being βjinjaβ for the Jinja2 template engine. This recommended setting will update the second item in the list of template engines, which is the Jinja2 engine.* For users that are unable to immediately update their configuration such as if a Nautobot service restart is too disruptive to operations, access to provide custom Jinja2 template values may be mitigated using permissions to restrict βchangeβ (write) actions to the affected object types listed in the first section. **Note:** *This solution is intended to be stopgap until you can successfully update your `nautobot_config.py` or upgrade your Nautobot instance to apply the sandboxed environment enforcement.*π@cveNotify |
|
| 2023-02-21 23:29:42 |
π¨ CVE-2023-25810Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma status page allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-02-21 23:29:39 |
π¨ CVE-2023-25811Uptime Kuma is a self-hosted monitoring tool. In versions prior to 1.20.0 the Uptime Kuma `name` parameter allows a persistent XSS attack. Users are advised to upgrade. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-02-21 23:29:38 |
π¨ CVE-2022-43779A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS) which might allow arbitrary code execution, denial of service, and information disclosure. AMI has released updates to mitigate the potential vulnerability.π@cveNotify |
|
| 2023-02-21 23:29:37 |
π¨ CVE-2023-0783A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-21 23:29:36 |
π¨ CVE-2022-41731IBM Watson Knowledge Catalog on Cloud Pak for Data 4.5.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 237402.π@cveNotify |
|
| 2023-02-21 21:29:43 |
π¨ CVE-2023-0286There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.π@cveNotify |
|
| 2023-02-21 21:29:42 |
π¨ CVE-2023-0151The uTubeVideo Gallery WordPress plugin before 2.0.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 21:29:41 |
π¨ CVE-2022-42444IBM App Connect Enterprise 11.0.0.8 through 11.0.0.19 and 12.0.1.0 through 12.0.5.0 is vulnerable to a buffer overflow. A remote privileged user could overflow a buffer and cause the application to crash. IBM X-Force ID: 238538.π@cveNotify |
|
| 2023-02-21 21:29:40 |
π¨ CVE-2023-25614SAP NetWeaver AS ABAP (BSP Framework) application - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allow an unauthenticated attacker to inject the code that can be executed by the application over the network. On successful exploitation it can gain access to the sensitive information which leads to a limited impact on the confidentiality and the integrity of the application.π@cveNotify |
|
| 2023-02-21 21:29:39 |
π¨ CVE-2022-42436IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.π@cveNotify |
|
| 2023-02-21 21:29:38 |
π¨ CVE-2023-24529Due to lack of proper input validation, BSP application (CRM_BSP_FRAME) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75D, 75E, 75F, 75G, 75H, allow malicious inputs from untrusted sources, which can be leveraged by an attacker to execute a Reflected Cross-Site Scripting (XSS) attack. As a result, an attacker may be able to hijack a user session, read and modify some sensitive information.π@cveNotify |
|
| 2023-02-21 21:29:37 |
π¨ CVE-2023-24530SAP BusinessObjects Business Intelligence Platform (CMC) - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the application causing high impact on confidentiality, integrity and availability of the application.π@cveNotify |
|
| 2023-02-21 20:29:42 |
π¨ CVE-2023-21437Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.π@cveNotify |
|
| 2023-02-21 20:29:41 |
π¨ CVE-2023-23163Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.π@cveNotify |
|
| 2023-02-21 20:29:39 |
π¨ CVE-2022-47368In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.π@cveNotify |
|
| 2023-02-21 20:29:38 |
π¨ CVE-2022-47367In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.π@cveNotify |
|
| 2023-02-21 18:29:57 |
π¨ CVE-2023-22984A Vulnerability was discovered in Axis 207W network camera. There is a reflected XSS vulnerability in the web administration portal, which allows an attacker to execute arbitrary JavaScript via URL.π@cveNotify |
|
| 2023-02-21 18:29:56 |
π¨ CVE-2022-4422This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0.π@cveNotify |
|
| 2023-02-21 18:29:55 |
π¨ CVE-2023-21421Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.π@cveNotify |
|
| 2023-02-21 18:29:51 |
π¨ CVE-2022-38777An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.π@cveNotify |
|
| 2023-02-21 18:29:50 |
π¨ CVE-2022-34451PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server.π@cveNotify |
|
| 2023-02-21 18:29:49 |
π¨ CVE-2022-34449PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application.π@cveNotify |
|
| 2023-02-21 18:29:48 |
π¨ CVE-2022-34450PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root.π@cveNotify |
|
| 2023-02-21 18:29:45 |
π¨ CVE-2023-22797An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability.π@cveNotify |
|
| 2023-02-21 18:29:44 |
π¨ CVE-2023-21442Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.π@cveNotify |
|
| 2023-02-21 18:29:43 |
π¨ CVE-2022-34447PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user.π@cveNotify |
|
| 2023-02-21 18:29:42 |
π¨ CVE-2022-34448PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions.π@cveNotify |
|
| 2023-02-21 18:29:39 |
π¨ CVE-2023-21432Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.π@cveNotify |
|
| 2023-02-21 18:29:38 |
π¨ CVE-2015-10084A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504.π@cveNotify |
|
| 2023-02-21 18:29:37 |
π¨ CVE-2021-32855Vditor is a browser-side Markdown editor. Versions prior to 3.8.7 are vulnerable to copy-paste cross-site scripting (XSS). For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. Version 3.8.7 contains a patch for this issue.π@cveNotify |
|
| 2023-02-21 16:30:11 |
π¨ CVE-2023-0378The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 16:30:06 |
π¨ CVE-2023-0380The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 16:30:00 |
π¨ CVE-2023-0419The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 16:29:57 |
π¨ CVE-2023-0428The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.π@cveNotify |
|
| 2023-02-21 16:29:54 |
π¨ CVE-2023-0429The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π@cveNotify |
|
| 2023-02-21 16:29:51 |
π¨ CVE-2023-0442The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.π@cveNotify |
|
| 2023-02-21 16:29:47 |
π¨ CVE-2023-0453The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.π@cveNotify |
|
| 2023-02-21 11:30:04 |
π¨ CVE-2022-4897The BackupBuddy WordPress plugin before 8.8.3 does not sanitise and escape some parameters before outputting them back in various places, leading to Reflected Cross-Site Scriptingπ@cveNotify |
|
| 2023-02-21 11:30:03 |
π¨ CVE-2023-0059The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 11:30:02 |
π¨ CVE-2023-0067The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 11:30:01 |
π¨ CVE-2023-0231The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 11:30:00 |
π¨ CVE-2023-0232The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.π@cveNotify |
|
| 2023-02-21 11:29:56 |
π¨ CVE-2023-0271The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 11:29:55 |
π¨ CVE-2023-0285The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 11:29:54 |
π¨ CVE-2023-0366The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-02-21 11:29:53 |
π¨ CVE-2023-0371The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-02-21 11:29:52 |
π¨ CVE-2023-0372The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksπ@cveNotify |
|
| 2023-02-21 11:29:48 |
π¨ CVE-2023-0375The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 11:29:47 |
π¨ CVE-2023-0378The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 11:29:46 |
π¨ CVE-2023-0380The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 11:29:45 |
π¨ CVE-2023-0419The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 11:29:44 |
π¨ CVE-2023-0428The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.π@cveNotify |
|
| 2023-02-21 11:29:40 |
π¨ CVE-2023-0429The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π@cveNotify |
|
| 2023-02-21 11:29:39 |
π¨ CVE-2023-0442The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an attacker to inject javascript into into the site via a crafted URL.π@cveNotify |
|
| 2023-02-21 11:29:38 |
π¨ CVE-2023-0453The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by tampering the ID.π@cveNotify |
|
| 2023-02-21 11:29:37 |
π¨ CVE-2023-0540The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.π@cveNotify |
|
| 2023-02-21 07:29:48 |
π¨ CVE-2023-24575Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to compromise the affected systemπ@cveNotify |
|
| 2023-02-21 07:29:47 |
π¨ CVE-2023-26265The Borg theme before 1.1.19 for Backdrop CMS does not sufficiently sanitize path arguments that are passed in via a URL. The function borg_preprocess_page in the file template.php does not properly sanitize incoming path arguments before using them.π@cveNotify |
|
| 2023-02-21 07:29:46 |
π¨ CVE-2023-26266In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution.π@cveNotify |
|
| 2023-02-21 07:29:45 |
π¨ CVE-2014-125089A vulnerability was found in cention-chatserver 3.8.0-rc1. It has been declared as problematic. Affected by this vulnerability is the function _formatBody of the file lib/InternalChatProtocol.fe. The manipulation of the argument body leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.9 is able to address this issue. The name of the patch is c4c0258bbd18f6915f97f91d5fee625384096a26. It is recommended to upgrade the affected component. The identifier VDB-221497 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-21 07:29:44 |
π¨ CVE-2022-48340In Gluster GlusterFS 11.0, there is an xlators/cluster/dht/src/dht-common.c dht_setxattr_mds_cbk use-after-free.π@cveNotify |
|
| 2023-02-21 07:29:43 |
π¨ CVE-2023-26249Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Specifically, a single client query may lead to a hundred TCP connection attempts if a DNS server closes connections without providing a response.π@cveNotify |
|
| 2023-02-21 07:29:42 |
π¨ CVE-2023-26253In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read.π@cveNotify |
|
| 2023-02-21 07:29:41 |
π¨ CVE-2023-26242afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow.π@cveNotify |
|
| 2023-02-21 02:29:46 |
π¨ CVE-2023-26234JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance.π@cveNotify |
|
| 2023-02-21 02:29:45 |
π¨ CVE-2023-26235JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java.π@cveNotify |
|
| 2023-02-21 02:29:44 |
π¨ CVE-2021-32853Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.π@cveNotify |
|
| 2023-02-21 02:29:43 |
π¨ CVE-2022-48337GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.π@cveNotify |
|
| 2023-02-21 02:29:42 |
π¨ CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.π@cveNotify |
|
| 2023-02-21 02:29:40 |
π¨ CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.π@cveNotify |
|
| 2023-02-21 02:29:39 |
π¨ CVE-2023-23452Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.π@cveNotify |
|
| 2023-02-21 02:29:38 |
π¨ CVE-2023-23453Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05 allows an unprivileged remote attacker to achieve arbitrary remote code execution via maliciously crafted RK512 commands to the listener on TCP port 9000.π@cveNotify |
|
| 2023-02-21 02:29:36 |
π¨ CVE-2023-24580An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack.π@cveNotify |
|
| 2023-02-20 23:29:37 |
π¨ CVE-2021-32851Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1π@cveNotify |
|
| 2023-02-20 23:29:36 |
π¨ CVE-2021-32852Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.π@cveNotify |
|
| 2023-02-20 22:29:39 |
π¨ CVE-2022-44216Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password.π@cveNotify |
|
| 2023-02-20 22:29:38 |
π¨ CVE-2022-44666Windows Contacts Remote Code Execution Vulnerability.π@cveNotify |
|
| 2023-02-20 22:29:37 |
π¨ CVE-2022-3901Prototype Pollution in Visioweb.js 1.10.6 allows attackers to execute XSS on the client system.π@cveNotify |
|
| 2023-02-20 18:29:42 |
π¨ CVE-2023-24998Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.π@cveNotify |
|
| 2023-02-20 18:29:38 |
π¨ CVE-2023-25570Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers may access eureka directly to mock apollo-configservice and apollo-adminservice. Login authentication for eureka was added in version 2.1.0. As a workaround, avoid exposing apollo-configservice to the internet.π@cveNotify |
|
| 2023-02-20 18:29:37 |
π¨ CVE-2023-25656notation-go is a collection of libraries for supporting Notation sign, verify, push, pull of oci artifacts. Prior to version 1.0.0-rc.3, notation-go users will find their application using excessive memory when verifying signatures and the application will be finally killed, and thus availability is impacted. The problem has been patched in the release v1.0.0-rc.3. Some workarounds are available. Users can review their own trust policy file and check if the identity string contains `=#`. Meanwhile, users should only put trusted certificates in their trust stores referenced by their own trust policy files, and make sure the `authenticity` validation is set to `enforce`.π@cveNotify |
|
| 2023-02-20 18:29:36 |
π¨ CVE-2023-25805versionn, software for changing version information across multiple files, has a command injection vulnerability in all versions prior to version 1.1.0. This issue is patched in version 1.1.0.π@cveNotify |
|
| 2023-02-20 16:29:44 |
π¨ CVE-2022-2097AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).π@cveNotify |
|
| 2023-02-20 13:29:42 |
π¨ CVE-2016-15026A vulnerability was found in 3breadt dd-plist 1.17 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. An attack has to be approached locally. Upgrading to version 1.18 is able to address this issue. The name of the patch is 8c954e8d9f6f6863729e50105a8abf3f87fff74c. It is recommended to upgrade the affected component. VDB-221486 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-20 12:29:44 |
π¨ CVE-2014-125088A vulnerability was found in qt-users-jp silk 0.0.1. It has been declared as problematic. This vulnerability affects unknown code of the file contents/root/examples/header.qml. The manipulation of the argument model.key/model.value leads to cross site scripting. The attack can be initiated remotely. The name of the patch is bbc5d6eeea800025ef29edda3fd3c57836239eae. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221488.π@cveNotify |
|
| 2023-02-20 12:29:43 |
π¨ CVE-2013-10019A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The name of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-20 12:29:42 |
π¨ CVE-2023-0907A vulnerability, which was classified as problematic, has been found in Filseclab Twister Antivirus 8.17. Affected by this issue is some unknown functionality in the library ffsmon.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221456.π@cveNotify |
|
| 2023-02-20 12:29:40 |
π¨ CVE-2023-0908A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-20 07:29:47 |
π¨ CVE-2023-26092Liima before 1.17.28 allows server-side template injection.π@cveNotify |
|
| 2023-02-20 07:29:46 |
π¨ CVE-2023-26093Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter.π@cveNotify |
|
| 2023-02-20 07:29:45 |
π¨ CVE-2022-48328app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.π@cveNotify |
|
| 2023-02-20 07:29:43 |
π¨ CVE-2022-48329MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php.π@cveNotify |
|
| 2023-02-20 07:29:42 |
π¨ CVE-2023-26081In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.π@cveNotify |
|
| 2023-02-19 20:29:45 |
π¨ CVE-2014-125087A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is e6fddca201790abab4f2c274341c0bb8835c3e73. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221480.π@cveNotify |
|
| 2023-02-19 18:29:42 |
π¨ CVE-2012-10007A vulnerability was found in madgicweb BuddyStream Plugin up to 3.2.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file ShareBox.php. The manipulation of the argument content/link/shares leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.8 is able to address this issue. The name of the patch is 7d5b9a89a27711aad76fd55ab4cc4185b545a1d0. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221479.π@cveNotify |
|
| 2023-02-19 18:29:41 |
π¨ CVE-2023-0919Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0.π@cveNotify |
|
| 2023-02-19 07:29:48 |
π¨ CVE-2021-34749A vulnerability in Server Name Identification (SNI) request filtering of Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine could allow an unauthenticated, remote attacker to bypass filtering technology on an affected device and exfiltrate data from a compromised host. This vulnerability is due to inadequate filtering of the SSL handshake. An attacker could exploit this vulnerability by using data from the SSL client hello packet to communicate with an external server. A successful exploit could allow the attacker to execute a command-and-control attack on a compromised host and perform additional data exfiltration attacks.π@cveNotify |
|
| 2023-02-19 07:29:47 |
π¨ CVE-2021-1223Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of an HTTP range header. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.π@cveNotify |
|
| 2023-02-19 07:29:43 |
π¨ CVE-2021-1224Multiple Cisco products are affected by a vulnerability with TCP Fast Open (TFO) when used in conjunction with the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect detection of the HTTP payload if it is contained at least partially within the TFO connection handshake. An attacker could exploit this vulnerability by sending crafted TFO packets with an HTTP payload through an affected device. A successful exploit could allow the attacker to bypass configured file policy for HTTP packets and deliver a malicious payload.π@cveNotify |
|
| 2023-02-19 07:29:42 |
π¨ CVE-2020-3299Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured File Policy for HTTP. The vulnerability is due to incorrect detection of modified HTTP packets used in chunked responses. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured File Policy for HTTP packets and deliver a malicious payload.π@cveNotify |
|
| 2023-02-19 07:29:41 |
π¨ CVE-2023-0914Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4.π@cveNotify |
|
| 2023-02-19 00:29:49 |
π¨ CVE-2023-25167Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue.π@cveNotify |
|
| 2023-02-19 00:29:48 |
π¨ CVE-2023-25396Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files.π@cveNotify |
|
| 2023-02-19 00:29:47 |
π¨ CVE-2023-23475IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423.π@cveNotify |
|
| 2023-02-19 00:29:46 |
π¨ CVE-2023-0690HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI workerβs disk. This issue is fixed in version 0.12.0.π@cveNotify |
|
| 2023-02-19 00:29:44 |
π¨ CVE-2022-45527File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory.π@cveNotify |
|
| 2023-02-19 00:29:43 |
π¨ CVE-2022-45755Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page.π@cveNotify |
|
| 2023-02-19 00:29:41 |
π¨ CVE-2022-45526SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php.π@cveNotify |
|
| 2023-02-19 00:29:40 |
π¨ CVE-2022-42438IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210.π@cveNotify |
|
| 2023-02-19 00:29:39 |
π¨ CVE-2022-35720IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373.π@cveNotify |
|
| 2023-02-18 22:29:55 |
π¨ CVE-2023-0912A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221481 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-18 22:29:51 |
π¨ CVE-2023-0744Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.π@cveNotify |
|
| 2023-02-18 22:29:50 |
π¨ CVE-2023-0361A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption the attacker would need to send a large amount of specially crafted messages to the vulnerable server. By recovering the secret from the ClientKeyExchange message, the attacker would be able to decrypt the application data exchanged over that connection.π@cveNotify |
|
| 2023-02-18 22:29:49 |
π¨ CVE-2019-16884runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory.π@cveNotify |
|
| 2023-02-18 18:29:49 |
π¨ CVE-2022-47986IBM Aspera Faspex 4.4.2 Patch Level 1 and earlier could allow a remote attacker to execute arbitrary code on the system, caused by a YAML deserialization flaw. By sending a specially crafted obsolete API call, an attacker could exploit this vulnerability to execute arbitrary code on the system. The obsolete API call was removed in Faspex 4.4.2 PL2. IBM X-Force ID: 243512.π@cveNotify |
|
| 2023-02-18 12:29:58 |
π¨ CVE-2023-0909A vulnerability, which was classified as problematic, was found in cxasm notepad-- 1.22. This affects an unknown part of the component Directory Comparison Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The associated identifier of this vulnerability is VDB-221475.π@cveNotify |
|
| 2023-02-18 12:29:57 |
π¨ CVE-2023-0902A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.π@cveNotify |
|
| 2023-02-18 12:29:56 |
π¨ CVE-2023-0903A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file edit-task.php. The manipulation of the argument task_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221452.π@cveNotify |
|
| 2023-02-18 12:29:52 |
π¨ CVE-2023-0905A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-18 12:29:51 |
π¨ CVE-2023-0906A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455.π@cveNotify |
|
| 2023-02-18 12:29:50 |
π¨ CVE-2023-0908A vulnerability, which was classified as problematic, was found in Xoslab Easy File Locker 2.2.0.184. This affects the function MessageNotifyCallback in the library xlkfs.sys. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221457 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-18 07:30:00 |
π¨ CVE-2023-0433Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.π@cveNotify |
|
| 2023-02-18 07:29:58 |
π¨ CVE-2022-47024A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.π@cveNotify |
|
| 2023-02-18 07:29:56 |
π¨ CVE-2022-40348Cross Site Scripting (XSS) vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'name' and 'email' parameters, allows attackers to execute arbitrary code.π@cveNotify |
|
| 2023-02-18 07:29:54 |
π¨ CVE-2023-0901Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pixelfed/pixelfed prior to 0.11.4.π@cveNotify |
|
| 2023-02-18 02:29:43 |
π¨ CVE-2021-32843HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, `virtio.c` has is a call to `vc_cfgread` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit df0e46c7dbfd81a957d85e449ba41b52f6f7beb4.π@cveNotify |
|
| 2023-02-18 02:29:42 |
π¨ CVE-2021-32844HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, ` vi_pci_write` has is a call to `vc_cfgwrite` that does not check for null which when called makes the host crash. This issue may lead to a guest crashing the host causing a denial of service. This issue is fixed in commit 451558fe8aaa8b24e02e34106e3bb9fe41d7ad13.π@cveNotify |
|
| 2023-02-18 02:29:41 |
π¨ CVE-2021-32845HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107 and prior of HyperKit, the implementation of `qnotify` at `pci_vtrnd_notify` fails to check the return value of `vq_getchain`. This leads to `struct iovec iov;` being uninitialized and used to read memory in `len = (int) read(sc->vrsc_fd, iov.iov_base, iov.iov_len);` when an attacker is able to make `vq_getchain` fail. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit 41272a980197917df8e58ff90642d14dec8fe948.π@cveNotify |
|
| 2023-02-18 02:29:40 |
π¨ CVE-2021-32846HyperKit is a toolkit for embedding hypervisor capabilities in an application. In versions 0.20210107, function `pci_vtsock_proc_tx` in `virtio-sock` can lead to to uninitialized memory use. In this situation, there is a check for the return value to be less or equal to `VTSOCK_MAXSEGS`, but that check is not sufficient because the function can return `-1` if it finds an error it cannot recover from. Moreover, the negative return value will be used by `iovec_pull` in a while condition that can further lead to more corruption because the function is not designed to handle a negative `iov_len`. This issue may lead to a guest crashing the host causing a denial of service and, under certain circumstance, memory corruption. This issue is fixed in commit af5eba2360a7351c08dfd9767d9be863a50ebaba.π@cveNotify |
|
| 2023-02-17 23:30:01 |
π¨ CVE-2023-0482In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.π@cveNotify |
|
| 2023-02-17 23:30:00 |
π¨ CVE-2023-22237After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:59 |
π¨ CVE-2023-21574Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:57 |
π¨ CVE-2023-21575Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:56 |
π¨ CVE-2023-22238After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:55 |
π¨ CVE-2023-21576Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:53 |
π¨ CVE-2023-22239After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:52 |
π¨ CVE-2023-21577Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:51 |
π¨ CVE-2023-22243Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:50 |
π¨ CVE-2023-21583Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:48 |
π¨ CVE-2023-22244Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:47 |
π¨ CVE-2023-21584FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:46 |
π¨ CVE-2023-22246Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:45 |
π¨ CVE-2023-23064TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.π@cveNotify |
|
| 2023-02-17 23:29:43 |
π¨ CVE-2023-21593Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:42 |
π¨ CVE-2023-24769Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter under the "Add a new change detection watch" function.π@cveNotify |
|
| 2023-02-17 23:29:41 |
π¨ CVE-2023-21619FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:40 |
π¨ CVE-2023-21620FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:38 |
π¨ CVE-2023-21621FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 23:29:37 |
π¨ CVE-2023-21622FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π@cveNotify |
|
| 2023-02-17 20:30:11 |
π¨ CVE-2021-32419An issue in Schism Tracker v20200412 fixed in v.20200412 allows attacker to obtain sensitive information via the fmt_mtm_load_song function in fmt/mtm.c.π@cveNotify |
|
| 2023-02-17 20:30:09 |
π¨ CVE-2021-32441SQL Injection vulnerability in Exponent-CMS v.2.6.0 fixed in 2.7.0 allows attackers to gain access to sensitive information via the selectValue function in the expConfig class.π@cveNotify |
|
| 2023-02-17 20:30:07 |
π¨ CVE-2021-32142Buffer Overflow vulnerability in LibRaw linux/unix v0.20.0 allows attacker to escalate privileges via the LibRaw_buffer_datastream::gets(char*, int) in /src/libraw/src/libraw_datastream.cpp.π@cveNotify |
|
| 2023-02-17 20:30:05 |
π¨ CVE-2021-33391An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.π@cveNotify |
|
| 2023-02-17 20:30:03 |
π¨ CVE-2021-33391An issue in HTACG HTML Tidy v5.7.28 allows attacker to execute arbitrary code via the -g option of the CleanNode() function in gdoc.c.π@cveNotify |
|
| 2023-02-17 20:30:01 |
π¨ CVE-2021-33926An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.π@cveNotify |
|
| 2023-02-17 20:30:00 |
π¨ CVE-2021-33926An issue in Plone CMS v. 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1rc2, 5.1rc1, 5.1b4, 5.1b3, 5.1b2, 5.1a2, 5.1a1, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.2, 5.1.1 5.1, 5.0rc3, 5.0rc2, 5.0rc1, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.10, 5.0.1, 5.0, 4.3.9, 4.3.8, 4.3.7, 4.3.6, 4.3.5, 4.3.4, 4.3.3, 4.3.20, 4 allows attacker to access sensitive information via the RSS feed protlet.π@cveNotify |
|
| 2023-02-17 20:29:58 |
π¨ CVE-2021-33983Buffer Overflow vulnerability in Dvidelabs flatcc v.0.6.0 allows local attacker to execute arbitrary code via the fltacc execution of the error_ref_sym function.π@cveNotify |
|
| 2023-02-17 20:29:56 |
π¨ CVE-2021-33226Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file.π@cveNotify |
|
| 2023-02-17 20:29:54 |
π¨ CVE-2021-33237Cross Site Scripting vulnerability in YMFE yapo v1.9.1 allows attacker to execute arbitrary code via the remark parameter of the interface edit page.π@cveNotify |
|
| 2023-02-17 20:29:52 |
π¨ CVE-2021-34164Permissions vulnerability in LIZHIFAKA v.2.2.0 allows authenticated attacker to execute arbitrary commands via the set password function in the admin/index/email location.π@cveNotify |
|
| 2023-02-17 20:29:50 |
π¨ CVE-2021-33948SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter.π@cveNotify |
|
| 2023-02-17 20:29:48 |
π¨ CVE-2021-34182An issue in ttyd v.1.6.3 allows attacker to execute arbitrary code via default configuration permissions.π@cveNotify |
|
| 2023-02-17 20:29:47 |
π¨ CVE-2021-33949An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.π@cveNotify |
|
| 2023-02-17 20:29:45 |
π¨ CVE-2021-35261File Upload Vulnerability in Yupoxion BearAdmin before commit 10176153528b0a914eb4d726e200fd506b73b075 allows attacker to execute arbitrary remote code via the Upfile function of the extend/tools/Ueditor endpoint.π@cveNotify |
|
| 2023-02-17 20:29:43 |
π¨ CVE-2021-33950An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor function.π@cveNotify |
|
| 2023-02-17 20:29:42 |
π¨ CVE-2021-3172An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.π@cveNotify |
|
| 2023-02-17 20:29:40 |
π¨ CVE-2021-3172An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.π@cveNotify |
|
| 2023-02-17 20:29:39 |
π¨ CVE-2022-20803A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.π@cveNotify |
|
| 2023-02-17 20:29:37 |
π¨ CVE-2022-40232IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.π@cveNotify |
|
| 2023-02-17 16:29:51 |
π¨ CVE-2023-21434Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.π@cveNotify |
|
| 2023-02-17 16:29:50 |
π¨ CVE-2023-23586Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. timens_install calls current_is_single_threaded to determine if the current process is single-threaded, but this call does not consider io_uring's io_worker threads, thus it is possible to insert a time namespace's vvar page to process's memory space via a page fault. When this time namespace is destroyed, the vvar page is also freed, but not removed from the process' memory, and a next page allocated by the kernel will be still available from the user-space process and can leak memory contents via this (read-only) use-after-free vulnerability. We recommend upgrading past version 5.10.161 or commit 788d0824269bef539fe31a785b1517882eafed93 https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/io_uringπ@cveNotify |
|
| 2023-02-17 16:29:46 |
π¨ CVE-2022-40032SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.π@cveNotify |
|
| 2023-02-17 16:29:45 |
π¨ CVE-2020-24307** DISPUTED ** An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present.π@cveNotify |
|
| 2023-02-17 16:29:44 |
π¨ CVE-2023-24815Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-02-17 16:29:40 |
π¨ CVE-2022-48295The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications).π@cveNotify |
|
| 2023-02-17 16:29:39 |
π¨ CVE-2023-0575External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.π@cveNotify |
|
| 2023-02-17 16:29:38 |
π¨ CVE-2022-48296The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices.π@cveNotify |
|
| 2023-02-17 16:29:37 |
π¨ CVE-2022-48301The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled.π@cveNotify |
|
| 2023-02-17 13:30:03 |
π¨ CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.π@cveNotify |
|
| 2023-02-17 13:30:01 |
π¨ CVE-2023-0880Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.π@cveNotify |
|
| 2023-02-17 13:30:00 |
π¨ CVE-2022-21163Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-17 13:29:58 |
π¨ CVE-2022-29494Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.π@cveNotify |
|
| 2023-02-17 13:29:57 |
π¨ CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.π@cveNotify |
|
| 2023-02-17 13:29:56 |
π¨ CVE-2022-31476Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.π@cveNotify |
|
| 2023-02-17 13:29:54 |
π¨ CVE-2022-33190Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-17 13:29:53 |
π¨ CVE-2022-33946Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-17 13:29:51 |
π¨ CVE-2022-34346Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-17 13:29:50 |
π¨ CVE-2022-36287Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.π@cveNotify |
|
| 2023-02-17 13:29:49 |
π¨ CVE-2022-36289Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.π@cveNotify |
|
| 2023-02-17 13:29:47 |
π¨ CVE-2022-35883NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.π@cveNotify |
|
| 2023-02-17 13:29:46 |
π¨ CVE-2022-36382Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.π@cveNotify |
|
| 2023-02-17 13:29:44 |
π¨ CVE-2022-36416Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-17 13:29:43 |
π¨ CVE-2022-37340Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-17 13:29:41 |
π¨ CVE-2022-38090Improper isolation of shared resources in some Intel(R) Processors when using Intel(R) Software Guard Extensions may allow a privileged user to potentially enable information disclosure via local access.π@cveNotify |
|
| 2023-02-17 13:29:40 |
π¨ CVE-2022-41314Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-17 13:29:39 |
π¨ CVE-2022-41614Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.π@cveNotify |
|
| 2023-02-17 13:29:38 |
π¨ CVE-2022-48325Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) year, (2) oldSenha, (3) novaSenha, (4) termo, (5) nome, (6) cnpj, (7) ie, (8) cep, (9) logradouro, (10) numero, (11) bairro, (12) cidade, (13) uf, (14) telefone, (15) email, (16) id, (17) app_name, (18) per_page, (19) app_theme, (20) os_notification, (21) email_automatico, (22) control_estoque, (23) notifica_whats, (24) control_baixa, (25) control_editos, (26) control_edit_vendas, (27) control_datatable, (28) pix_key, (29) os_status_list, (30) control_2vias, (31) status, (32) start, (33) end in file application/controllers/Mapos.php; (34) token, (35) senha, (36) email, (37) nomeCliente, (38) documento, (39) telefone, (40) celular, (41) rua, (42) numero, (43) complemento, (44) bairro, (45) cidade, (46) estado, (47) cep, (48) idClientes, (49) descricaoProduto, (50) defeito in file application/controllers/Mine.php; (51) pesquisa, (52) status, (53) data, (54) data2, (55) dataInicial, (56) dataFinal, (57) termoGarantia, (58) garantias_id, (59) clientes_id, (60) usuarios_id, (61) idOs, (62) garantia, (63) descricaoProduto, (64) defeito, (65) observacoes, (66) laudoTecnico, (67) id, (68) preco, (69) quantidade, (70) idProduto, (71) idOsProduto, (72) produto, (73) idServico, (74) idOsServico, (75) desconto, (76) tipoDesconto, (77) resultado, (78) vencimento, (79) recebimento, (80) os_id, (81) valor, (82) recebido, (83) formaPgto, (84) tipo, (85) anotacao, (86) idAnotacao in file application/controllers/Os.php.π@cveNotify |
|
| 2023-02-17 13:29:36 |
π¨ CVE-2022-48326Multiple Cross Site Scripting (XSS) vulnerabilities in Mapos 4.39.0 allow attackers to execute arbitrary code. Affects the following parameters: (1) nome, (2) aCliente, (3) eCliente, (4) dCliente, (5) vCliente, (6) aProduto, (7) eProduto, (8) dProduto, (9) vProduto, (10) aServico, (11) eServico, (12) dServico, (13) vServico, (14) aOs, (15) eOs, (16) dOs, (17) vOs, (18) aVenda, (19) eVenda, (20) dVenda, (21) vVenda, (22) aGarantia, (23) eGarantia, (24) dGarantia, (25) vGarantia, (26) aArquivo, (27) eArquivo, (28) dArquivo, (29) vArquivo, (30) aPagamento, (31) ePagamento, (32) dPagamento, (33) vPagamento, (34) aLancamento, (35) eLancamento, (36) dLancamento, (37) vLancamento, (38) cUsuario, (39) cEmitente, (40) cPermissao, (41) cBackup, (42) cAuditoria, (43) cEmail, (44) cSistema, (45) rCliente, (46) rProduto, (47) rServico, (48) rOs, (49) rVenda, (50) rFinanceiro, (51) aCobranca, (52) eCobranca, (53) dCobranca, (54) vCobranca, (55) situacao, (56) idPermissao, (57) id in file application/controllers/Permissoes.php; (58) precoCompra, (59) precoVenda, (60) descricao, (61) unidade, (62) estoque, (63) estoqueMinimo, (64) idProdutos, (65) id, (66) estoqueAtual in file application/controllers/Produtos.php.π@cveNotify |
|
| 2023-02-17 07:29:58 |
π¨ CVE-2022-39282FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround.π@cveNotify |
|
| 2023-02-17 07:29:56 |
π¨ CVE-2022-43945The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:Hπ@cveNotify |
|
| 2023-02-17 07:29:54 |
π¨ CVE-2018-3912On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability.π@cveNotify |
|
| 2023-02-17 07:29:53 |
π¨ CVE-2018-25009A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().π@cveNotify |
|
| 2023-02-17 07:29:51 |
π¨ CVE-2020-9453In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \Device\EMPMPAUIO and \DosDevices\EMPMPAU.π@cveNotify |
|
| 2023-02-17 07:29:49 |
π¨ CVE-2022-45914The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.π@cveNotify |
|
| 2023-02-17 07:29:47 |
π¨ CVE-2023-0880Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11.π@cveNotify |
|
| 2023-02-17 07:29:46 |
π¨ CVE-2023-0877Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11.π@cveNotify |
|
| 2023-02-17 07:29:45 |
π¨ CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12.π@cveNotify |
|
| 2023-02-17 07:29:43 |
π¨ CVE-2023-0878Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1.π@cveNotify |
|
| 2023-02-17 00:30:09 |
π¨ CVE-2022-44299SiteServerCMS 7.1.3 sscms has a file read vulnerability.π@cveNotify |
|
| 2023-02-17 00:30:08 |
π¨ CVE-2022-47703TIANJIE CPE906-3 is vulnerable to password disclosure. This is present on Software Version WEB5.0_LCD_20200513, Firmware Version MV8.003, and Hardware Version CPF906-V5.0_LCD_20200513.π@cveNotify |
|
| 2023-02-17 00:30:06 |
π¨ CVE-2023-0821HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.π@cveNotify |
|
| 2023-02-17 00:30:05 |
π¨ CVE-2023-25151opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not "forget" previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue.π@cveNotify |
|
| 2023-02-17 00:30:03 |
π¨ CVE-2022-30564Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time.π@cveNotify |
|
| 2023-02-17 00:30:01 |
π¨ CVE-2022-45786There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn't careful. The developer of the Golang and Pyton drivers didn't fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn't a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters - that would be passed in and that the cypher() function transform needs to be resolved - are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can't be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session's pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks.π@cveNotify |
|
| 2023-02-17 00:30:00 |
π¨ CVE-2022-27538A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.π@cveNotify |
|
| 2023-02-17 00:29:58 |
π¨ CVE-2023-24347D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus.π@cveNotify |
|
| 2023-02-17 00:29:57 |
π¨ CVE-2023-24345D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus.π@cveNotify |
|
| 2023-02-17 00:29:55 |
π¨ CVE-2023-24346D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3.π@cveNotify |
|
| 2023-02-17 00:29:54 |
π¨ CVE-2023-24343D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule.π@cveNotify |
|
| 2023-02-17 00:29:53 |
π¨ CVE-2023-24344D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup.π@cveNotify |
|
| 2023-02-17 00:29:51 |
π¨ CVE-2022-4903A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability.π@cveNotify |
|
| 2023-02-17 00:29:48 |
π¨ CVE-2015-10077A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471.π@cveNotify |
|
| 2023-02-17 00:29:46 |
π¨ CVE-2023-24573Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.π@cveNotify |
|
| 2023-02-17 00:29:44 |
π¨ CVE-2023-23698Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete.π@cveNotify |
|
| 2023-02-17 00:29:43 |
π¨ CVE-2023-24569Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.π@cveNotify |
|
| 2023-02-17 00:29:41 |
π¨ CVE-2022-21163Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-17 00:29:40 |
π¨ CVE-2022-29494Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.π@cveNotify |
|
| 2023-02-17 00:29:38 |
π¨ CVE-2022-35729Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.π@cveNotify |
|
| 2023-02-16 22:29:54 |
π¨ CVE-2022-32570Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-16 22:29:53 |
π¨ CVE-2022-26032Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-16 22:29:52 |
π¨ CVE-2022-26343Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-16 22:29:49 |
π¨ CVE-2022-26345Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-16 22:29:48 |
π¨ CVE-2022-26837Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-16 22:29:47 |
π¨ CVE-2022-30531Out-of-bounds read in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1474 may allow a privileged user to potentially enable information disclosure via local access.π@cveNotify |
|
| 2023-02-16 22:29:43 |
π¨ CVE-2022-36398Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-16 22:29:42 |
π¨ CVE-2022-36278Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-16 22:29:41 |
π¨ CVE-2022-21216Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access.π@cveNotify |
|
| 2023-02-16 22:29:37 |
π¨ CVE-2022-36348Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.π@cveNotify |
|
| 2023-02-16 22:29:36 |
π¨ CVE-2022-25987Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.π@cveNotify |
|
| 2023-02-16 19:30:21 |
π¨ CVE-2023-24807Undici is an HTTP/1.1 client for Node.js. Prior to version 5.19.1, the `Headers.set()` and `Headers.append()` methods are vulnerable to Regular Expression Denial of Service (ReDoS) attacks when untrusted values are passed into the functions. This is due to the inefficient regular expression used to normalize the values in the `headerValueNormalize()` utility function. This vulnerability was patched in v5.19.1. No known workarounds are available.π@cveNotify |
|
| 2023-02-16 19:30:19 |
π¨ CVE-2023-23936Undici is an HTTP/1.1 client for Node.js. Starting with version 2.0.0 and prior to version 5.19.1, the undici library does not protect `host` HTTP header from CRLF injection vulnerabilities. This issue is patched in Undici v5.19.1. As a workaround, sanitize the `headers.host` string before passing to undici.π@cveNotify |
|
| 2023-02-16 19:30:17 |
π¨ CVE-2023-24483A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.π@cveNotify |
|
| 2023-02-16 19:30:15 |
π¨ CVE-2015-10076A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.π@cveNotify |
|
| 2023-02-16 19:30:13 |
π¨ CVE-2022-1774Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7.π@cveNotify |
|
| 2023-02-16 19:30:11 |
π¨ CVE-2022-1767Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.7.π@cveNotify |
|
| 2023-02-16 19:30:08 |
π¨ CVE-2022-1727Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.π@cveNotify |
|
| 2023-02-16 19:30:06 |
π¨ CVE-2022-1713SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.π@cveNotify |
|
| 2023-02-16 19:30:04 |
π¨ CVE-2022-1721Path Traversal in WellKnownServlet in GitHub repository jgraph/drawio prior to 18.0.5. Read local files of the web application.π@cveNotify |
|
| 2023-02-16 19:30:02 |
π¨ CVE-2022-1722SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addressesπ@cveNotify |
|
| 2023-02-16 19:30:00 |
π¨ CVE-2022-3568The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.π@cveNotify |
|
| 2023-02-16 19:29:58 |
π¨ CVE-2023-0771SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop.π@cveNotify |
|
| 2023-02-16 19:29:56 |
π¨ CVE-2022-45190An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device.π@cveNotify |
|
| 2023-02-16 19:29:54 |
π¨ CVE-2022-40480Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet.π@cveNotify |
|
| 2023-02-16 19:29:53 |
π¨ CVE-2023-24828Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability.π@cveNotify |
|
| 2023-02-16 19:29:51 |
π¨ CVE-2023-23286Cross Site Scripting (XSS) vulnerability in Pro |