Cvenotify

Posts

Date Content Media
2023-09-22 00:37:15
🚨 CVE-2023-4853A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.ğŸŽ–@cveNotify
2023-09-22 00:37:14
🚨 CVE-2022-30114A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.ğŸŽ–@cveNotify
2023-09-21 22:37:27
🚨 CVE-2023-38343An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery.ğŸŽ–@cveNotify
2023-09-21 22:37:26
🚨 CVE-2023-38344An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access.ğŸŽ–@cveNotify
2023-09-21 22:37:25
🚨 CVE-2023-34576SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector.ğŸŽ–@cveNotify
2023-09-21 22:37:24
🚨 CVE-2023-42482Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free.ğŸŽ–@cveNotify
2023-09-21 22:37:23
🚨 CVE-2023-41991A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.ğŸŽ–@cveNotify
2023-09-21 22:37:22
🚨 CVE-2023-41992The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.ğŸŽ–@cveNotify
2023-09-21 22:37:18
🚨 CVE-2020-35357A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.ğŸŽ–@cveNotify
2023-09-21 22:37:17
🚨 CVE-2023-43374Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.ğŸŽ–@cveNotify
2023-09-21 22:37:16
🚨 CVE-2023-42793In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possibleğŸŽ–@cveNotify
2023-09-21 22:37:15
🚨 CVE-2023-43566In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configurationğŸŽ–@cveNotify
2023-09-21 21:07:37
🚨 CVE-2023-41992The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.ğŸŽ–@cveNotify
2023-09-21 21:07:36
🚨 CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in Safari 16.6.1, macOS Ventura 13.6, OS 17.0.1 and iPadOS 17.0.1, iOS 16.7 and iPadOS 16.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.ğŸŽ–@cveNotify
2023-09-21 21:07:35
🚨 CVE-2023-42280mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading.ğŸŽ–@cveNotify
2023-09-21 21:07:34
🚨 CVE-2023-40442A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information.ğŸŽ–@cveNotify
2023-09-21 21:07:32
🚨 CVE-2023-41990The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.ğŸŽ–@cveNotify
2023-09-21 21:07:31
🚨 CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.ğŸŽ–@cveNotify
2023-09-21 21:07:29
🚨 CVE-2023-32649A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.ğŸŽ–@cveNotify
2023-09-21 21:07:28
🚨 CVE-2023-2567A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.ğŸŽ–@cveNotify
2023-09-21 21:07:27
🚨 CVE-2023-4094ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.ğŸŽ–@cveNotify
2023-09-21 21:07:26
🚨 CVE-2023-29245A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.ğŸŽ–@cveNotify
2023-09-21 21:07:25
🚨 CVE-2023-5009An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.ğŸŽ–@cveNotify
2023-09-21 21:07:24
🚨 CVE-2023-43375Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.ğŸŽ–@cveNotify
2023-09-21 21:07:23
🚨 CVE-2023-5054The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer.ğŸŽ–@cveNotify
2023-09-21 21:07:22
🚨 CVE-2023-42399Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.ğŸŽ–@cveNotify
2023-09-21 21:07:21
🚨 CVE-2023-43376A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.ğŸŽ–@cveNotify
2023-09-21 21:07:19
🚨 CVE-2023-39446** UNSUPPPORTED WHEN ASSIGNED ** Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application.ğŸŽ–@cveNotify
2023-09-21 21:07:18
🚨 CVE-2023-43377A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.ğŸŽ–@cveNotify
2023-09-21 21:07:17
🚨 CVE-2023-39452** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.ğŸŽ–@cveNotify
2023-09-21 21:07:16
🚨 CVE-2019-1010283Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later.ğŸŽ–@cveNotify
2023-09-21 21:07:15
🚨 CVE-2023-40619phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.ğŸŽ–@cveNotify
2023-09-21 19:07:20
🚨 CVE-2023-43274Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.ğŸŽ–@cveNotify
2023-09-21 19:07:19
🚨 CVE-2023-43309There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.ğŸŽ–@cveNotify
2023-09-21 19:07:18
🚨 CVE-2023-43631On boot, the Pillar eve container checks for the existence and content of“/config/authorized_keys”.If the file is present, and contains a supported public key, the container will go on to openport 22 and enable sshd with the given keys as the authorized keys for root login.An attacker could easily add their own keys and gain full control over the system withouttriggering the “measured boot” mechanism implemented by EVE OS, and without markingthe device as “UUD” (“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable, andit is not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thus nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.ğŸŽ–@cveNotify
2023-09-21 19:07:17
🚨 CVE-2023-43632As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients toexecute tpm2-tools binaries from a list of hardcoded options”The communication with this server is done using protobuf, and the data is comprised of 2parts:1. Header2. DataWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,and these 4 bytes would be parsed as uint32 size of the actual data to come.Then, in the function “handleRequest” this size is then used in order to allocate a payload onthe stack for the incoming data.As this payload is allocated on the stack, this will allow overflowing the stack size allocated forthe relevant process with freely controlled data.* An attacker can crash the system. * An attacker can gain control over the system, specifically on the “vtpm_server” processwhich has very high privileges.ğŸŽ–@cveNotify
2023-09-21 19:07:16
🚨 CVE-2023-43633On boot, the Pillar eve container checks for the existence and content of“/config/GlobalConfig/global.json”.If the file exists, it overrides the existing configuration on the device on boot.This allows an attacker to change the system’s configuration, which also includes somedebug functions.This could be used to unlock the ssh with custom “authorized_keys” via the“debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before.Other usages include unlocking the usb to enable the keyboard via the “debug.enable.usb”key, allowing VNC access via the “app.allow.vnc” key, and more.An attacker could easily enable these debug functionalities without triggering the “measuredboot” mechanism implemented by EVE OS, and without marking the device as “UUD”(“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable and itis not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thereby nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.ğŸŽ–@cveNotify
2023-09-21 19:07:15
🚨 CVE-2023-43634When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRsare used.In a previous project, CYMOTIVE found that the configuration is not protected by the secureboot, and in response Zededa implemented measurements on the config partition that wasmapped to PCR 13.In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partitionmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list ofPCRs that seal/unseal the key.This change makes the measurement of PCR 14 effectively redundant as it would not affectthe sealing/unsealing of the key.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted “vaultâ€ğŸŽ–@cveNotify
2023-09-21 16:58:37
🚨 CVE-2023-41929A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)ğŸŽ–@cveNotify
2023-09-21 16:58:35
🚨 CVE-2023-32187An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service.This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.ğŸŽ–@cveNotify
2023-09-21 16:58:34
🚨 CVE-2023-40183DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds.ğŸŽ–@cveNotify
2023-09-21 16:58:33
🚨 CVE-2023-41048plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds.ğŸŽ–@cveNotify
2023-09-21 16:58:32
🚨 CVE-2023-42457plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache).ğŸŽ–@cveNotify
2023-09-21 16:58:30
🚨 CVE-2023-40018FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.ğŸŽ–@cveNotify
2023-09-21 16:58:29
🚨 CVE-2022-20917A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application. This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.ğŸŽ–@cveNotify
2023-09-21 16:58:28
🚨 CVE-2023-20194A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings.ğŸŽ–@cveNotify
2023-09-21 16:58:27
🚨 CVE-2023-36160An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.ğŸŽ–@cveNotify
2023-09-21 16:58:26
🚨 CVE-2023-43274Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter.ğŸŽ–@cveNotify
2023-09-21 16:58:24
🚨 CVE-2023-43309There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.ğŸŽ–@cveNotify
2023-09-21 16:58:23
🚨 CVE-2023-43631On boot, the Pillar eve container checks for the existence and content of“/config/authorized_keys”.If the file is present, and contains a supported public key, the container will go on to openport 22 and enable sshd with the given keys as the authorized keys for root login.An attacker could easily add their own keys and gain full control over the system withouttriggering the “measured boot” mechanism implemented by EVE OS, and without markingthe device as “UUD” (“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable, andit is not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thus nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.ğŸŽ–@cveNotify
2023-09-21 16:58:22
🚨 CVE-2023-43632As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients toexecute tpm2-tools binaries from a list of hardcoded options”The communication with this server is done using protobuf, and the data is comprised of 2parts:1. Header2. DataWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,and these 4 bytes would be parsed as uint32 size of the actual data to come.Then, in the function “handleRequest” this size is then used in order to allocate a payload onthe stack for the incoming data.As this payload is allocated on the stack, this will allow overflowing the stack size allocated forthe relevant process with freely controlled data.* An attacker can crash the system. * An attacker can gain control over the system, specifically on the “vtpm_server” processwhich has very high privileges.ğŸŽ–@cveNotify
2023-09-21 16:58:21
🚨 CVE-2023-43633On boot, the Pillar eve container checks for the existence and content of“/config/GlobalConfig/global.json”.If the file exists, it overrides the existing configuration on the device on boot.This allows an attacker to change the system’s configuration, which also includes somedebug functions.This could be used to unlock the ssh with custom “authorized_keys” via the“debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before.Other usages include unlocking the usb to enable the keyboard via the “debug.enable.usb”key, allowing VNC access via the “app.allow.vnc” key, and more.An attacker could easily enable these debug functionalities without triggering the “measuredboot” mechanism implemented by EVE OS, and without marking the device as “UUD”(“Unknown Update Detected”).This is because the “/config” partition is not protected by “measured boot”, it is mutable and itis not encrypted in any way.An attacker can gain full control over the device without changing the PCR values, thereby nottriggering the “measured boot” mechanism, and having full access to the vault.Note:This issue was partially fixed in these commits (after disclosure to Zededa), where the configpartition measurement was added to PCR13:• aa3501d6c57206ced222c33aea15a9169d629141• 5fef4d92e75838cc78010edaed5247dfbdae1889.This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.ğŸŽ–@cveNotify
2023-09-21 16:58:20
🚨 CVE-2023-43634When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRsare used.In a previous project, CYMOTIVE found that the configuration is not protected by the secureboot, and in response Zededa implemented measurements on the config partition that wasmapped to PCR 13.In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partitionmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list ofPCRs that seal/unseal the key.This change makes the measurement of PCR 14 effectively redundant as it would not affectthe sealing/unsealing of the key.An attacker could modify the config partition without triggering the measured boot, this couldresult in the attacker gaining full control over the device with full access to the contents of theencrypted “vaultâ€ğŸŽ–@cveNotify
2023-09-21 16:58:19
🚨 CVE-2023-43637Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault keywould always have the last 16 bytes predetermined to be "arfoobarfoobarfo".This issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will alwaysreturn "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byterandomly generated key with this key (by takeing 16bytes from each, see "mergeKeys").This makes the key a lot weaker.This issue does not persist in devices that were initialized on/after version 7.10, but devicesthat were initialized before that and updated to a newer version still have this issue.Roll an update that enforces the full 32bytes key usage.ğŸŽ–@cveNotify
2023-09-21 16:58:18
🚨 CVE-2023-36562Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityğŸŽ–@cveNotify
2023-09-21 16:58:17
🚨 CVE-2023-38507Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.ğŸŽ–@cveNotify
2023-09-21 14:58:44
🚨 CVE-2023-41030Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.ğŸŽ–@cveNotify
2023-09-21 14:58:43
🚨 CVE-2020-24089An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).ğŸŽ–@cveNotify
2023-09-21 14:58:41
🚨 CVE-2023-36319File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.ğŸŽ–@cveNotify
2023-09-21 14:58:40
🚨 CVE-2023-39575A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.ğŸŽ–@cveNotify
2023-09-21 14:58:38
🚨 CVE-2023-4095User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.ğŸŽ–@cveNotify
2023-09-21 14:58:36
🚨 CVE-2023-4093Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.ğŸŽ–@cveNotify
2023-09-21 14:58:34
🚨 CVE-2023-43235D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings.ğŸŽ–@cveNotify
2023-09-21 14:58:33
🚨 CVE-2023-43236D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi.ğŸŽ–@cveNotify
2023-09-21 14:58:31
🚨 CVE-2023-43237D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC.ğŸŽ–@cveNotify
2023-09-21 14:58:30
🚨 CVE-2023-43238D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi.ğŸŽ–@cveNotify
2023-09-21 14:58:28
🚨 CVE-2023-43239D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC.ğŸŽ–@cveNotify
2023-09-21 14:58:27
🚨 CVE-2023-43240D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter.ğŸŽ–@cveNotify
2023-09-21 14:58:25
🚨 CVE-2023-43241D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity.ğŸŽ–@cveNotify
2023-09-21 14:58:23
🚨 CVE-2023-43242D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel.ğŸŽ–@cveNotify
2023-09-21 14:58:22
🚨 CVE-2023-41179A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.ğŸŽ–@cveNotify
2023-09-21 14:58:20
🚨 CVE-2023-31808Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.ğŸŽ–@cveNotify
2023-09-21 14:58:19
🚨 CVE-2023-2995The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-09-21 14:58:18
🚨 CVE-2023-4376The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-09-21 14:58:17
🚨 CVE-2023-4092SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.ğŸŽ–@cveNotify
2023-09-21 14:58:15
🚨 CVE-2021-28485In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.ğŸŽ–@cveNotify
2023-09-21 13:59:49
🚨 CVE-2023-4753OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local attackers can crash liteos-a kernel by the error inputÂ ğŸŽ–@cveNotify
2023-09-21 12:00:22
🚨 CVE-2023-5104Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0.ğŸŽ–@cveNotify
2023-09-21 12:00:20
🚨 CVE-2023-4760In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.ğŸŽ–@cveNotify
2023-09-21 12:00:19
🚨 CVE-2023-4152Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device.ğŸŽ–@cveNotify
2023-09-21 12:00:18
🚨 CVE-2023-4291Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device.ğŸŽ–@cveNotify
2023-09-21 12:00:17
🚨 CVE-2023-4292Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information.ğŸŽ–@cveNotify
2023-09-21 12:00:16
🚨 CVE-2015-5467web\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter.ğŸŽ–@cveNotify
2023-09-21 12:00:15
🚨 CVE-2015-8371Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.ğŸŽ–@cveNotify
2023-09-21 12:00:14
🚨 CVE-2018-5478Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension.ğŸŽ–@cveNotify
2023-09-21 12:00:13
🚨 CVE-2023-39252Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.ğŸŽ–@cveNotify
2023-09-21 12:00:12
🚨 CVE-2023-43669The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).ğŸŽ–@cveNotify
2023-09-21 12:00:10
🚨 CVE-2023-42464A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.ğŸŽ–@cveNotify
2023-09-21 12:00:09
🚨 CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.ğŸŽ–@cveNotify
2023-09-21 12:00:07
🚨 CVE-2022-0194This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.ğŸŽ–@cveNotify
2023-09-21 12:00:06
🚨 CVE-2022-23121This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.ğŸŽ–@cveNotify
2023-09-21 12:00:05
🚨 CVE-2022-23122This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.ğŸŽ–@cveNotify
2023-09-21 12:00:04
🚨 CVE-2022-23123This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.ğŸŽ–@cveNotify
2023-09-21 12:00:03
🚨 CVE-2022-23124This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.ğŸŽ–@cveNotify
2023-09-21 12:00:01
🚨 CVE-2022-45188Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).ğŸŽ–@cveNotify
2023-09-21 12:00:00
🚨 CVE-2021-31439This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326.ğŸŽ–@cveNotify
2023-09-21 09:05:56
🚨 CVE-2023-4863Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)ğŸŽ–@cveNotify
2023-09-21 09:05:55
🚨 CVE-2023-40188FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.ğŸŽ–@cveNotify
2023-09-21 09:05:54
🚨 CVE-2023-39356FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-21 09:05:53
🚨 CVE-2023-40569FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-21 09:05:49
🚨 CVE-2023-4763Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-09-21 09:05:48
🚨 CVE-2023-39354FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-21 09:05:47
🚨 CVE-2023-4762Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-09-21 09:05:43
🚨 CVE-2023-4761Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-09-21 09:05:41
🚨 CVE-2023-40186FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.ğŸŽ–@cveNotify
2023-09-21 09:05:40
🚨 CVE-2023-39353FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-21 09:05:37
🚨 CVE-2023-40589FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.ğŸŽ–@cveNotify
2023-09-21 09:05:36
🚨 CVE-2023-4572Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-09-21 09:05:35
🚨 CVE-2023-4428Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-09-21 00:58:15
🚨 CVE-2023-36109Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c.ğŸŽ–@cveNotify
2023-09-21 00:58:14
🚨 CVE-2023-37279Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue.ğŸŽ–@cveNotify
2023-09-21 00:58:13
🚨 CVE-2023-43135There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.ğŸŽ–@cveNotify
2023-09-20 22:58:38
🚨 CVE-2023-39046An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.ğŸŽ–@cveNotify
2023-09-20 22:58:37
🚨 CVE-2023-35851SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database.ğŸŽ–@cveNotify
2023-09-20 22:58:35
🚨 CVE-2023-35850SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service.ğŸŽ–@cveNotify
2023-09-20 22:58:34
🚨 CVE-2023-0923A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.ğŸŽ–@cveNotify
2023-09-20 22:58:33
🚨 CVE-2023-41443SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list.ğŸŽ–@cveNotify
2023-09-20 22:58:32
🚨 CVE-2021-26837SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.ğŸŽ–@cveNotify
2023-09-20 22:58:31
🚨 CVE-2023-0813A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.ğŸŽ–@cveNotify
2023-09-20 22:58:29
🚨 CVE-2023-40167Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.ğŸŽ–@cveNotify
2023-09-20 22:58:28
🚨 CVE-2022-3596An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.ğŸŽ–@cveNotify
2023-09-20 22:58:27
🚨 CVE-2023-39052An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages.ğŸŽ–@cveNotify
2023-09-20 22:58:26
🚨 CVE-2023-40930Skyworth 3.0 OS is vulnerable to Directory Traversal.ğŸŽ–@cveNotify
2023-09-20 22:58:24
🚨 CVE-2023-41484An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file.ğŸŽ–@cveNotify
2023-09-20 22:58:23
🚨 CVE-2023-42331A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.ğŸŽ–@cveNotify
2023-09-20 22:58:22
🚨 CVE-2023-42334An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter.ğŸŽ–@cveNotify
2023-09-20 22:58:21
🚨 CVE-2023-42335Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component.ğŸŽ–@cveNotify
2023-09-20 22:58:17
🚨 CVE-2023-43134There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.ğŸŽ–@cveNotify
2023-09-20 22:58:16
🚨 CVE-2023-43137TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points.ğŸŽ–@cveNotify
2023-09-20 22:58:15
🚨 CVE-2023-43138TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point.ğŸŽ–@cveNotify
2023-09-20 22:58:14
🚨 CVE-2023-37410IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138.ğŸŽ–@cveNotify
2023-09-20 22:58:13
🚨 CVE-2023-39045An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages.ğŸŽ–@cveNotify
2023-09-20 21:58:49
🚨 CVE-2023-40368IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456.ğŸŽ–@cveNotify
2023-09-20 21:58:48
🚨 CVE-2023-43371Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php.ğŸŽ–@cveNotify
2023-09-20 21:58:47
🚨 CVE-2023-43373Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.ğŸŽ–@cveNotify
2023-09-20 21:58:46
🚨 CVE-2023-43374Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.ğŸŽ–@cveNotify
2023-09-20 21:58:45
🚨 CVE-2023-43375Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters.ğŸŽ–@cveNotify
2023-09-20 21:58:41
🚨 CVE-2023-43376A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.ğŸŽ–@cveNotify
2023-09-20 21:58:40
🚨 CVE-2023-43377A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter.ğŸŽ–@cveNotify
2023-09-20 21:58:39
🚨 CVE-2023-3891Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the systemğŸŽ–@cveNotify
2023-09-20 21:58:38
🚨 CVE-2023-26141Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.ğŸŽ–@cveNotify
2023-09-20 21:58:33
🚨 CVE-2023-39044An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.ğŸŽ–@cveNotify
2023-09-20 21:58:32
🚨 CVE-2023-40618A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'.ğŸŽ–@cveNotify
2023-09-20 21:58:31
🚨 CVE-2023-40619phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized.ğŸŽ–@cveNotify
2023-09-20 21:58:30
🚨 CVE-2023-20594Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access.ğŸŽ–@cveNotify
2023-09-20 21:58:26
🚨 CVE-2023-43494Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.ğŸŽ–@cveNotify
2023-09-20 21:58:25
🚨 CVE-2023-43495Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.ğŸŽ–@cveNotify
2023-09-20 21:58:24
🚨 CVE-2023-43497In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.ğŸŽ–@cveNotify
2023-09-20 21:58:23
🚨 CVE-2023-43498In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.ğŸŽ–@cveNotify
2023-09-20 19:58:35
🚨 CVE-2023-42656In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface.  An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure.  If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.ğŸŽ–@cveNotify
2023-09-20 19:58:34
🚨 CVE-2023-42660In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content.ğŸŽ–@cveNotify
2023-09-20 19:58:33
🚨 CVE-2023-43494Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered.ğŸŽ–@cveNotify
2023-09-20 19:58:32
🚨 CVE-2023-43495Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter.ğŸŽ–@cveNotify
2023-09-20 19:58:30
🚨 CVE-2023-43496Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution.ğŸŽ–@cveNotify
2023-09-20 19:58:29
🚨 CVE-2023-43497In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.ğŸŽ–@cveNotify
2023-09-20 19:58:28
🚨 CVE-2023-43498In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used.ğŸŽ–@cveNotify
2023-09-20 19:58:27
🚨 CVE-2023-43499Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes.ğŸŽ–@cveNotify
2023-09-20 19:58:26
🚨 CVE-2023-43500A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password.ğŸŽ–@cveNotify
2023-09-20 19:58:25
🚨 CVE-2023-43501A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password.ğŸŽ–@cveNotify
2023-09-20 19:58:24
🚨 CVE-2023-43502A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes.ğŸŽ–@cveNotify
2023-09-20 19:58:23
🚨 CVE-2023-25588A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.ğŸŽ–@cveNotify
2023-09-20 19:58:22
🚨 CVE-2023-4959A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).ğŸŽ–@cveNotify
2023-09-20 19:58:20
🚨 CVE-2023-25586A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.ğŸŽ–@cveNotify
2023-09-20 19:58:19
🚨 CVE-2023-28614Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.ğŸŽ–@cveNotify
2023-09-20 19:58:17
🚨 CVE-2023-4662Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.ğŸŽ–@cveNotify
2023-09-20 19:58:16
🚨 CVE-2023-32461Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. Â ğŸŽ–@cveNotify
2023-09-20 19:58:15
🚨 CVE-2023-42398An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.ğŸŽ–@cveNotify
2023-09-20 19:58:14
🚨 CVE-2023-4665Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.ğŸŽ–@cveNotify
2023-09-20 19:58:13
🚨 CVE-2023-4664Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.ğŸŽ–@cveNotify
2023-09-20 14:58:27
🚨 CVE-2023-4236A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.ğŸŽ–@cveNotify
2023-09-20 14:58:25
🚨 CVE-2023-41436Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.ğŸŽ–@cveNotify
2023-09-20 14:58:22
🚨 CVE-2023-4982Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.ğŸŽ–@cveNotify
2023-09-20 14:58:21
🚨 CVE-2023-4981Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.ğŸŽ–@cveNotify
2023-09-20 14:58:20
🚨 CVE-2023-4979Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.ğŸŽ–@cveNotify
2023-09-20 14:58:19
🚨 CVE-2023-4980Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.ğŸŽ–@cveNotify
2023-09-20 14:58:15
🚨 CVE-2023-4977 Code Injection in GitHub repository librenms/librenms prior to 23.9.0.ğŸŽ–@cveNotify
2023-09-20 14:58:14
🚨 CVE-2023-40985An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.ğŸŽ–@cveNotify
2023-09-20 14:58:13
🚨 CVE-2023-40984A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.ğŸŽ–@cveNotify
2023-09-20 12:58:29
🚨 CVE-2023-25531NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.ğŸŽ–@cveNotify
2023-09-20 12:58:28
🚨 CVE-2023-38887File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.ğŸŽ–@cveNotify
2023-09-20 12:58:27
🚨 CVE-2023-38886An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.ğŸŽ–@cveNotify
2023-09-20 12:58:23
🚨 CVE-2023-31011NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.ğŸŽ–@cveNotify
2023-09-20 12:58:22
🚨 CVE-2023-31012NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.ğŸŽ–@cveNotify
2023-09-20 12:58:21
🚨 CVE-2023-31013NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure.ğŸŽ–@cveNotify
2023-09-20 12:58:18
🚨 CVE-2023-31014NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution.ğŸŽ–@cveNotify
2023-09-20 12:58:17
🚨 CVE-2020-24089An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).ğŸŽ–@cveNotify
2023-09-20 12:58:16
🚨 CVE-2023-36319File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file.ğŸŽ–@cveNotify
2023-09-20 12:58:13
🚨 CVE-2023-40931A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.phpğŸŽ–@cveNotify
2023-09-20 12:58:12
🚨 CVE-2023-40933A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.ğŸŽ–@cveNotify
2023-09-20 12:58:11
🚨 CVE-2022-45447M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.ğŸŽ–@cveNotify
2023-09-20 11:58:27
🚨 CVE-2023-22644An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged.This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4.ğŸŽ–@cveNotify
2023-09-20 11:58:26
🚨 CVE-2023-41374Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.ğŸŽ–@cveNotify
2023-09-20 11:58:25
🚨 CVE-2023-41375Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later.ğŸŽ–@cveNotify
2023-09-20 11:58:24
🚨 CVE-2022-47560** UNSUPPPORTED WHEN ASSIGNED ** The lack of web request control on ekorCCP and ekorRCI devices allows a potential attacker to create custom requests to execute malicious actions when a user is logged in.ğŸŽ–@cveNotify
2023-09-20 11:58:22
🚨 CVE-2022-47561** UNSUPPPORTED WHEN ASSIGNED ** The web application stores credentials in clear text in the "admin.xml" file, which can be accessed without logging into the website, which could allow an attacker to obtain credentials related to all users, including admin users, in clear text, and use them to subsequently execute malicious actions.ğŸŽ–@cveNotify
2023-09-20 11:58:21
🚨 CVE-2022-47562** UNSUPPPORTED WHEN ASSIGNED ** Vulnerability in the RCPbind service running on UDP port (111), allowing a remote attacker to create a denial of service (DoS) condition.ğŸŽ–@cveNotify
2023-09-20 11:58:20
🚨 CVE-2023-43618An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message.ğŸŽ–@cveNotify
2023-09-20 11:58:19
🚨 CVE-2023-43620An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver.ğŸŽ–@cveNotify
2023-09-20 11:58:18
🚨 CVE-2023-43621An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments.ğŸŽ–@cveNotify
2023-09-20 11:58:17
🚨 CVE-2023-2163Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafecode paths being incorrectly marked as safe, resulting in arbitrary read/write inkernel memory, lateral privilege escalation, and container escape.ğŸŽ–@cveNotify
2023-09-20 11:58:16
🚨 CVE-2023-43616An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction.ğŸŽ–@cveNotify
2023-09-20 11:58:15
🚨 CVE-2023-43617An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.ğŸŽ–@cveNotify
2023-09-20 11:58:14
🚨 CVE-2023-43619An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file.ğŸŽ–@cveNotify
2023-09-20 11:58:13
🚨 CVE-2023-26144Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.**Note:** It was not proven that this vulnerability can crash the process.ğŸŽ–@cveNotify
2023-09-20 05:58:35
🚨 CVE-2023-31015NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service.ğŸŽ–@cveNotify
2023-09-20 05:58:34
🚨 CVE-2022-46146Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.ğŸŽ–@cveNotify
2023-09-20 05:58:33
🚨 CVE-2023-25526NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service.ğŸŽ–@cveNotify
2023-09-20 05:58:32
🚨 CVE-2023-25529NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.ğŸŽ–@cveNotify
2023-09-20 05:58:28
🚨 CVE-2023-25529NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.ğŸŽ–@cveNotify
2023-09-20 05:58:27
🚨 CVE-2023-25525NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure.ğŸŽ–@cveNotify
2023-09-20 05:58:26
🚨 CVE-2023-25527NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering.ğŸŽ–@cveNotify
2023-09-20 05:58:25
🚨 CVE-2023-25532NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure.ğŸŽ–@cveNotify
2023-09-20 05:58:24
🚨 CVE-2023-25528NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.ğŸŽ–@cveNotify
2023-09-20 05:58:21
🚨 CVE-2023-25534NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.ğŸŽ–@cveNotify
2023-09-20 05:58:20
🚨 CVE-2023-25530NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.ğŸŽ–@cveNotify
2023-09-20 05:58:19
🚨 CVE-2023-25531NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges.ğŸŽ–@cveNotify
2023-09-20 05:58:18
🚨 CVE-2023-25533NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges.ğŸŽ–@cveNotify
2023-09-20 05:58:14
🚨 CVE-2023-38887File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions.ğŸŽ–@cveNotify
2023-09-20 05:58:13
🚨 CVE-2023-38886An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script.ğŸŽ–@cveNotify
2023-09-20 05:58:12
🚨 CVE-2023-39575A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.ğŸŽ–@cveNotify
2023-09-20 01:58:36
🚨 CVE-2023-40933A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.ğŸŽ–@cveNotify
2023-09-20 01:58:35
🚨 CVE-2023-40934A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.ğŸŽ–@cveNotify
2023-09-20 01:58:34
🚨 CVE-2023-41909An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.ğŸŽ–@cveNotify
2023-09-20 01:58:33
🚨 CVE-2023-38802FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).ğŸŽ–@cveNotify
2023-09-20 01:58:31
🚨 CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.ğŸŽ–@cveNotify
2023-09-20 01:58:30
🚨 CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.ğŸŽ–@cveNotify
2023-09-20 01:58:28
🚨 CVE-2023-31490An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.ğŸŽ–@cveNotify
2023-09-20 01:58:27
🚨 CVE-2022-40302An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.ğŸŽ–@cveNotify
2023-09-20 01:58:26
🚨 CVE-2022-40318An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.ğŸŽ–@cveNotify
2023-09-20 01:58:25
🚨 CVE-2022-43681An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.ğŸŽ–@cveNotify
2023-09-20 01:58:24
🚨 CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.ğŸŽ–@cveNotify
2023-09-20 01:58:23
🚨 CVE-2019-20392An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.ğŸŽ–@cveNotify
2023-09-20 01:58:22
🚨 CVE-2019-20398A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.ğŸŽ–@cveNotify
2023-09-20 01:58:21
🚨 CVE-2019-20395A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.ğŸŽ–@cveNotify
2023-09-20 01:58:17
🚨 CVE-2019-20397A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.ğŸŽ–@cveNotify
2023-09-20 01:58:16
🚨 CVE-2019-20394A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.ğŸŽ–@cveNotify
2023-09-20 01:58:15
🚨 CVE-2019-20396A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.ğŸŽ–@cveNotify
2023-09-20 01:58:14
🚨 CVE-2019-20391An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.ğŸŽ–@cveNotify
2023-09-19 23:58:32
🚨 CVE-2023-41349ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.ğŸŽ–@cveNotify
2023-09-19 23:58:31
🚨 CVE-2020-36766An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.ğŸŽ–@cveNotify
2023-09-19 23:58:30
🚨 CVE-2023-5031A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/article/article-add.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239875.ğŸŽ–@cveNotify
2023-09-19 23:58:29
🚨 CVE-2023-2995The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-09-19 23:58:28
🚨 CVE-2023-4376The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-09-19 23:58:26
🚨 CVE-2023-41834Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0.ğŸŽ–@cveNotify
2023-09-19 23:58:25
🚨 CVE-2023-20243A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory.ğŸŽ–@cveNotify
2023-09-19 23:58:24
🚨 CVE-2023-4501User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.Mitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.Administrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.ğŸŽ–@cveNotify
2023-09-19 23:58:23
🚨 CVE-2023-40868Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.ğŸŽ–@cveNotify
2023-09-19 23:58:22
🚨 CVE-2023-3710Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).ğŸŽ–@cveNotify
2023-09-19 23:58:21
🚨 CVE-2023-26142All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.ğŸŽ–@cveNotify
2023-09-19 23:58:20
🚨 CVE-2023-3711Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).ğŸŽ–@cveNotify
2023-09-19 23:58:18
🚨 CVE-2023-4893The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.ğŸŽ–@cveNotify
2023-09-19 23:58:17
🚨 CVE-2023-32665A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.ğŸŽ–@cveNotify
2023-09-19 23:58:16
🚨 CVE-2023-4972Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .ğŸŽ–@cveNotify
2023-09-19 23:58:15
🚨 CVE-2023-3712Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).ğŸŽ–@cveNotify
2023-09-19 23:58:14
🚨 CVE-2023-38912SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.ğŸŽ–@cveNotify
2023-09-19 23:58:13
🚨 CVE-2023-42362An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.ğŸŽ–@cveNotify
2023-09-19 06:58:35
🚨 CVE-2022-28357NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.ğŸŽ–@cveNotify
2023-09-19 06:58:31
🚨 CVE-2023-41599An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.ğŸŽ–@cveNotify
2023-09-19 06:58:30
🚨 CVE-2023-33831A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.ğŸŽ–@cveNotify
2023-09-19 06:58:29
🚨 CVE-2023-38255** UNSUPPPORTED WHEN ASSIGNED ** A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function of the device.ğŸŽ–@cveNotify
2023-09-19 06:58:28
🚨 CVE-2023-41084** UNSUPPPORTED WHEN ASSIGNED ** Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device.ğŸŽ–@cveNotify
2023-09-19 06:58:24
🚨 CVE-2023-38582** UNSUPPPORTED WHEN ASSIGNED ** Persistent cross-site scripting (XSS) in the web application of MOD3GP-SY-120K allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the field MAIL_RCV. When a legitimate user attempts to access to the vulnerable page of the web application, the XSS payload will be executed.ğŸŽ–@cveNotify
2023-09-19 06:58:23
🚨 CVE-2023-39039An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.ğŸŽ–@cveNotify
2023-09-19 06:58:22
🚨 CVE-2023-39043An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.ğŸŽ–@cveNotify
2023-09-19 06:58:18
🚨 CVE-2023-39058An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.ğŸŽ–@cveNotify
2023-09-19 06:58:17
🚨 CVE-2023-39452** UNSUPPPORTED WHEN ASSIGNED ** The web application that owns the device clearly stores the credentials within the user management section. Obtaining this information can be done remotely due to the incorrect management of the sessions in the web application.ğŸŽ–@cveNotify
2023-09-19 06:58:16
🚨 CVE-2023-37611Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component.ğŸŽ–@cveNotify
2023-09-19 06:58:15
🚨 CVE-2023-42446Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated.ğŸŽ–@cveNotify
2023-09-12 16:58:13
🚨 CVE-2023-2071Rockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets.  The device has the functionality, through a CIP class, to execute exported functions from libraries.  There is a routine that restricts it to execute specific functions from two dynamic link library files.  By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.ğŸŽ–@cveNotify
2023-09-12 16:58:12
🚨 CVE-2023-40834OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.ğŸŽ–@cveNotify
2023-09-12 14:58:32
🚨 CVE-2023-42472Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data causing a high impact on confidentiality and integrity of the application.ğŸŽ–@cveNotify
2023-09-12 14:58:31
🚨 CVE-2023-4840The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.ğŸŽ–@cveNotify
2023-09-12 14:58:30
🚨 CVE-2023-4840The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.ğŸŽ–@cveNotify
2023-09-12 14:58:29
🚨 CVE-2023-4887The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.ğŸŽ–@cveNotify
2023-09-12 14:58:25
🚨 CVE-2023-4887The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.ğŸŽ–@cveNotify
2023-09-12 14:58:24
🚨 CVE-2023-4890The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.ğŸŽ–@cveNotify
2023-09-12 14:58:23
🚨 CVE-2023-4893The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.ğŸŽ–@cveNotify
2023-09-12 14:58:22
🚨 CVE-2023-40309SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.ğŸŽ–@cveNotify
2023-09-12 14:58:19
🚨 CVE-2023-40622SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.ğŸŽ–@cveNotify
2023-09-12 14:58:18
🚨 CVE-2023-40623SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.ğŸŽ–@cveNotify
2023-09-12 14:58:17
🚨 CVE-2023-40624SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application.ğŸŽ–@cveNotify
2023-09-12 14:58:13
🚨 CVE-2023-40625S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.ğŸŽ–@cveNotify
2023-09-12 14:58:12
🚨 CVE-2022-4896Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.ğŸŽ–@cveNotify
2023-09-12 14:58:11
🚨 CVE-2023-26142All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.ğŸŽ–@cveNotify
2023-09-12 05:58:35
🚨 CVE-2023-4898Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.ğŸŽ–@cveNotify
2023-09-12 05:58:34
🚨 CVE-2023-4899 SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.ğŸŽ–@cveNotify
2023-09-12 05:58:33
🚨 CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, iOS 15.7.9 and iPadOS 15.7.9. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.ğŸŽ–@cveNotify
2023-09-12 05:58:32
🚨 CVE-2023-38802FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).ğŸŽ–@cveNotify
2023-09-12 05:58:31
🚨 CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.ğŸŽ–@cveNotify
2023-09-12 05:58:27
🚨 CVE-2023-31490An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.ğŸŽ–@cveNotify
2023-09-12 05:58:26
🚨 CVE-2022-40318An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.ğŸŽ–@cveNotify
2023-09-12 05:58:25
🚨 CVE-2022-43681An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.ğŸŽ–@cveNotify
2023-09-12 05:58:24
🚨 CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.ğŸŽ–@cveNotify
2023-09-12 05:58:20
🚨 CVE-2023-37759Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request.ğŸŽ–@cveNotify
2023-09-12 05:58:19
🚨 CVE-2023-40353An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.ğŸŽ–@cveNotify
2023-09-12 05:58:18
🚨 CVE-2023-30908Potential security vulnerability have been identified in Hewlett Packard Enterprise OneView Software. This vulnerability could be remotely exploited to allow authentication bypass, disclosure of sensitive information, and denial of service.ğŸŽ–@cveNotify
2023-09-12 05:58:14
🚨 CVE-2023-39711Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section.ğŸŽ–@cveNotify
2023-09-12 05:58:13
🚨 CVE-2023-39422The /irmdata/api/ endpoints exposed by the IRM Next Generation booking engine authenticates requests using HMAC tokens. These tokens are however exposed in a JavaScript file loaded on the client side, thus rendering this extra safety mechanism useless.ğŸŽ–@cveNotify
2023-09-12 05:58:12
🚨 CVE-2023-39421The RDPWin.dll component as used in the IRM Next Generation booking engine includes a set of hardcoded API keys for third-party services such as Twilio and Vonage. These keys allow unrestricted interaction with these services.ğŸŽ–@cveNotify
2023-09-12 00:58:18
🚨 CVE-2023-39069An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.ğŸŽ–@cveNotify
2023-09-12 00:58:14
🚨 CVE-2023-41879Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.ğŸŽ–@cveNotify
2023-09-12 00:58:13
🚨 CVE-2023-41640An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.ğŸŽ–@cveNotify
2023-09-12 00:58:12
🚨 CVE-2021-39473Saibamen HotelManager v1.2 is vulnerable to Cross Site Scripting (XSS) due to improper sanitization of comment and contact fields.ğŸŽ–@cveNotify
2023-09-11 22:58:52
🚨 CVE-2023-35676In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-09-11 22:58:51
🚨 CVE-2023-35677In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-09-11 22:58:50
🚨 CVE-2023-35680In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-09-11 22:58:46
🚨 CVE-2023-35681In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-09-11 22:58:45
🚨 CVE-2023-35683In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-09-11 22:58:44
🚨 CVE-2023-35687In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-09-11 22:58:40
🚨 CVE-2023-4897Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.ğŸŽ–@cveNotify
2023-09-11 22:58:39
🚨 CVE-2023-41933Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.ğŸŽ–@cveNotify
2023-09-11 22:58:38
🚨 CVE-2023-4270The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.ğŸŽ–@cveNotify
2023-09-11 22:58:34
🚨 CVE-2023-2705The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against adminğŸŽ–@cveNotify
2023-09-11 22:58:33
🚨 CVE-2023-38256Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.ğŸŽ–@cveNotify
2023-09-11 22:58:32
🚨 CVE-2023-3169The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.ğŸŽ–@cveNotify
2023-09-11 19:58:48
🚨 CVE-2023-4745A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. It has been rated as critical. Affected by this issue is some unknown functionality of the file /importexport.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238634 is the identifier assigned to this vulnerability.ğŸŽ–@cveNotify
2023-09-11 19:58:47
🚨 CVE-2023-41935Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b_1154b_3fb_, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce.ğŸŽ–@cveNotify
2023-09-11 19:58:46
🚨 CVE-2023-41937Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.ğŸŽ–@cveNotify
2023-09-11 19:58:45
🚨 CVE-2023-41938A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules.ğŸŽ–@cveNotify
2023-09-11 19:58:41
🚨 CVE-2023-41940Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.ğŸŽ–@cveNotify
2023-09-11 19:58:40
🚨 CVE-2023-35719ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009.ğŸŽ–@cveNotify
2023-09-11 19:58:39
🚨 CVE-2023-4779The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient input sanitization and output escaping on user supplied attributes like 'before'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.ğŸŽ–@cveNotify
2023-09-11 19:58:35
🚨 CVE-2023-40743** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially dangerous lookup mechanisms such as LDAP. When passing untrusted input to this API method, this could expose the application to DoS, SSRF and even attacks leading to RCE.As Axis 1 has been EOL we recommend you migrate to a different SOAP engine, such as Apache Axis 2/Java. As a workaround, you may review your code to verify no untrusted or unsanitized input is passed to "ServiceFactory.getService", or by applying the patch from https://github.com/apache/axis-axis1-java/commit/7e66753427466590d6def0125e448d2791723210 . The Apache Axis project does not expect to create an Axis 1.x release fixing this problem, though contributors that would like to work towards this are welcome.ğŸŽ–@cveNotify
2023-09-11 19:58:34
🚨 CVE-2023-28544Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers.ğŸŽ–@cveNotify
2023-09-11 19:58:33
🚨 CVE-2023-28548Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART.ğŸŽ–@cveNotify
2023-09-11 19:58:29
🚨 CVE-2023-28557Memory corruption in WLAN HAL while processing command parameters from untrusted WMI payload.ğŸŽ–@cveNotify
2023-09-11 19:58:28
🚨 CVE-2023-30058novel-plus 3.6.2 is vulnerable to SQL Injection.ğŸŽ–@cveNotify
2023-09-11 17:58:39
🚨 CVE-2021-44193Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:38
🚨 CVE-2021-44194Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:37
🚨 CVE-2021-40791Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:36
🚨 CVE-2021-40795Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:33
🚨 CVE-2021-40790Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:32
🚨 CVE-2021-42265Adobe Premiere Pro versions 22.0 (and earlier) and 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:31
🚨 CVE-2021-43027Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:30
🚨 CVE-2021-44189Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:26
🚨 CVE-2021-44190Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:25
🚨 CVE-2021-44192Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:24
🚨 CVE-2023-39264By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.ğŸŽ–@cveNotify
2023-09-11 17:58:20
🚨 CVE-2019-7819Adobe Acrobat Reader versions 2019.010.20098 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:19
🚨 CVE-2019-16470Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 17:58:18
🚨 CVE-2022-28832Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-11 14:58:32
🚨 CVE-2023-27523Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.ğŸŽ–@cveNotify
2023-09-11 14:58:31
🚨 CVE-2023-4588File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Exploitation of this vulnerability could allow an authenticated user with administrative privileges to create a backup file in the application's webroot directory, changing the default backup directory to the wwwroot folder, and download it with some configuration files such as encryption.config/ and database.config stored in the wwwroot directory, exposing the database credentials in plain text.ğŸŽ–@cveNotify
2023-09-11 14:58:30
🚨 CVE-2023-40357Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX50 firmware versions prior to 'Archer AX50(JP)_V1_230529', Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504', Archer AX10 firmware versions prior to 'Archer AX10(JP)_V1.2_230508', and Archer AX11000 firmware versions prior to 'Archer AX11000(JP)_V1_230523'.ğŸŽ–@cveNotify
2023-09-11 14:58:29
🚨 CVE-2023-40531Archer AX6000 firmware versions prior to 'Archer AX6000(JP)_V1_1.3.0 Build 20221208' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.ğŸŽ–@cveNotify
2023-09-11 14:58:26
🚨 CVE-2023-39935Archer C5400 firmware versions prior to 'Archer C5400(JP)_V2_230506' allows a network-adjacent authenticated attacker to execute arbitrary OS commands.ğŸŽ–@cveNotify
2023-09-11 14:58:25
🚨 CVE-2023-39224Archer C5 firmware all versions and Archer C7 firmware versions prior to 'Archer C7(JP)_V2_230602' allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Note that Archer C5 is no longer supported, therefore the update for this product is not provided.ğŸŽ–@cveNotify
2023-09-11 14:58:24
🚨 CVE-2023-38568Archer A10 firmware versions prior to 'Archer A10(JP)_V2_230504' allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands.ğŸŽ–@cveNotify
2023-09-11 14:58:20
🚨 CVE-2023-37284Improper authentication vulnerability in Archer C20 firmware versions prior to 'Archer C20(JP)_V1_230616' allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command via a crafted request to bypass authentication.ğŸŽ–@cveNotify
2023-09-11 14:58:19
🚨 CVE-2023-39266A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.ğŸŽ–@cveNotify
2023-09-11 14:58:18
🚨 CVE-2023-32619Archer C50 firmware versions prior to 'Archer C50(JP)_V3_230505' and Archer C55 firmware versions prior to 'Archer C55(JP)_V1_230506' use hard-coded credentials to login to the affected device, which may allow a network-adjacent unauthenticated attacker to execute an arbitrary OS command.ğŸŽ–@cveNotify
2023-09-11 14:58:14
🚨 CVE-2023-4634The Media Library Assistant plugin for WordPress is vulnerable to Local File Inclusion and Remote Code Execution in versions up to, and including, 3.09. This is due to insufficient controls on file paths being supplied to the 'mla_stream_file' parameter from the ~/includes/mla-stream-image.php file, where images are processed via Imagick(). This makes it possible for unauthenticated attackers to supply files via FTP that will make directory lists, local file inclusion, and remote code execution possible.ğŸŽ–@cveNotify
2023-09-11 14:58:13
🚨 CVE-2023-28538Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region.ğŸŽ–@cveNotify
2023-09-11 14:58:12
🚨 CVE-2023-38574Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL.ğŸŽ–@cveNotify
2023-09-11 12:58:17
🚨 CVE-2023-3612Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content. ğŸŽ–@cveNotify
2023-09-11 10:58:14
🚨 CVE-2023-4816A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.ğŸŽ–@cveNotify
2023-09-11 10:58:13
🚨 CVE-2023-40040An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.ğŸŽ–@cveNotify
2023-09-11 05:58:33
🚨 CVE-2023-20900A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .ğŸŽ–@cveNotify
2023-09-11 05:58:32
🚨 CVE-2023-20867A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.ğŸŽ–@cveNotify
2023-09-10 20:58:27
🚨 CVE-2023-4851A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.ğŸŽ–@cveNotify
2023-09-10 20:58:26
🚨 CVE-2023-4852A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-09-10 20:58:23
🚨 CVE-2023-4848A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-09-10 20:58:22
🚨 CVE-2023-4846A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255.ğŸŽ–@cveNotify
2023-09-10 20:58:21
🚨 CVE-2023-4847A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.ğŸŽ–@cveNotify
2023-09-10 20:58:18
🚨 CVE-2023-4838The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.ğŸŽ–@cveNotify
2023-09-10 20:58:17
🚨 CVE-2022-22409IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.ğŸŽ–@cveNotify
2023-09-10 20:58:16
🚨 CVE-2023-42276hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.ğŸŽ–@cveNotify
2023-09-10 15:59:47
🚨 CVE-2023-4208A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.When u32_change() is called on an existing filter, the whole tcf_result struct is always copied into the new instance of the filter. This causes a problem when updating a filter bound to a class, as tcf_unbind_filter() is always called on the old instance in the success path, decreasing filter_cnt of the still referenced class and allowing it to be deleted, leading to a use-after-free.We recommend upgrading past commit 3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81.ğŸŽ–@cveNotify
2023-09-10 15:59:46
🚨 CVE-2023-4622A use-after-free vulnerability in the Linux kernel's af_unix component can be exploited to achieve local privilege escalation.The unix_stream_sendpage() function tries to add data to the last skb in the peer's recv queue without locking the queue. Thus there is a race where unix_stream_sendpage() could access an skb locklessly that is being released by garbage collection, resulting in use-after-free.We recommend upgrading past commit 790c2f9d15b594350ae9bca7b236f2b1859de02c.ğŸŽ–@cveNotify
2023-09-10 15:59:45
🚨 CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.ğŸŽ–@cveNotify
2023-09-10 15:59:44
🚨 CVE-2023-40283An issue was discovered in l2cap_sock_release in net/bluetooth/l2cap_sock.c in the Linux kernel before 6.4.10. There is a use-after-free because the children of an sk are mishandled.ğŸŽ–@cveNotify
2023-09-10 15:59:43
🚨 CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.ğŸŽ–@cveNotify
2023-09-10 15:59:39
🚨 CVE-2023-4273A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.ğŸŽ–@cveNotify
2023-09-10 15:59:38
🚨 CVE-2023-4147A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.ğŸŽ–@cveNotify
2023-09-10 15:59:37
🚨 CVE-2023-4194A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.ğŸŽ–@cveNotify
2023-09-10 15:59:36
🚨 CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.ğŸŽ–@cveNotify
2023-09-10 15:59:35
🚨 CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.ğŸŽ–@cveNotify
2023-09-10 15:59:31
🚨 CVE-2023-3863A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.ğŸŽ–@cveNotify
2023-09-10 15:59:30
🚨 CVE-2023-3776A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.ğŸŽ–@cveNotify
2023-09-10 15:59:29
🚨 CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.Â ğŸŽ–@cveNotify
2023-09-10 15:59:28
🚨 CVE-2023-3772A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.ğŸŽ–@cveNotify
2023-09-10 15:59:27
🚨 CVE-2023-3773A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.ğŸŽ–@cveNotify
2023-09-10 15:59:23
🚨 CVE-2023-2430A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.ğŸŽ–@cveNotify
2023-09-10 15:59:22
🚨 CVE-2023-3611An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.ğŸŽ–@cveNotify
2023-09-10 15:59:21
🚨 CVE-2023-1206A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.ğŸŽ–@cveNotify
2023-09-10 15:59:20
🚨 CVE-2023-2898There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.ğŸŽ–@cveNotify
2023-09-10 15:59:19
🚨 CVE-2023-1989A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.ğŸŽ–@cveNotify
2023-09-10 00:58:24
🚨 CVE-2023-4865A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.ğŸŽ–@cveNotify
2023-09-10 00:58:20
🚨 CVE-2023-41915OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.ğŸŽ–@cveNotify
2023-09-10 00:58:19
🚨 CVE-2023-40392A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.ğŸŽ–@cveNotify
2023-09-10 00:58:18
🚨 CVE-2023-29491ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.ğŸŽ–@cveNotify
2023-09-09 22:58:18
🚨 CVE-2022-38392Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported product is Seagate STDT4000100 763649053447.ğŸŽ–@cveNotify
2023-09-09 14:58:16
🚨 CVE-2023-4850A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.ğŸŽ–@cveNotify
2023-09-09 14:58:15
🚨 CVE-2023-4851A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.ğŸŽ–@cveNotify
2023-09-09 12:58:15
🚨 CVE-2023-4848A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-09-09 10:58:25
🚨 CVE-2023-4847A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.ğŸŽ–@cveNotify
2023-09-09 10:58:24
🚨 CVE-2023-4845A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.ğŸŽ–@cveNotify
2023-09-09 06:58:38
🚨 CVE-2023-4487GE CIMPLICITY 2023 is by a process control vulnerability, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the HMI software.ğŸŽ–@cveNotify
2023-09-09 06:58:36
🚨 CVE-2023-30712Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.ğŸŽ–@cveNotify
2023-09-09 06:58:35
🚨 CVE-2023-30711Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.ğŸŽ–@cveNotify
2023-09-09 06:58:34
🚨 CVE-2023-30715Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.ğŸŽ–@cveNotify
2023-09-09 06:58:33
🚨 CVE-2023-34352A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An attacker may be able to leak user account emails.ğŸŽ–@cveNotify
2023-09-09 06:58:31
🚨 CVE-2023-32438This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in tvOS 16.3, macOS Ventura 13.2, watchOS 9.3, iOS 16.3 and iPadOS 16.3. An app may be able to bypass Privacy preferences.ğŸŽ–@cveNotify
2023-09-09 06:58:30
🚨 CVE-2023-32432A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to access user-sensitive data.ğŸŽ–@cveNotify
2023-09-09 06:58:29
🚨 CVE-2023-32426A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.ğŸŽ–@cveNotify
2023-09-09 06:58:28
🚨 CVE-2023-32428This issue was addressed with improved file handling. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain root privileges.ğŸŽ–@cveNotify
2023-09-09 06:58:27
🚨 CVE-2023-28209A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-09-09 06:58:26
🚨 CVE-2023-32425The issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5. An app may be able to gain elevated privileges.ğŸŽ–@cveNotify
2023-09-09 06:58:24
🚨 CVE-2023-28208A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may send a text from a secondary eSIM despite configuring a contact to use a primary eSIM.ğŸŽ–@cveNotify
2023-09-09 06:58:23
🚨 CVE-2023-39365Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-09 06:58:22
🚨 CVE-2022-30639Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-09 06:58:21
🚨 CVE-2022-30637Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-09 06:58:20
🚨 CVE-2022-30638Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-09 06:58:19
🚨 CVE-2022-30640Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-09 06:58:18
🚨 CVE-2022-30642Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-09 06:58:17
🚨 CVE-2022-30643Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-09 06:58:16
🚨 CVE-2022-30644Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-09 00:58:57
🚨 CVE-2023-34723An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.ğŸŽ–@cveNotify
2023-09-09 00:58:55
🚨 CVE-2023-38831RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.ğŸŽ–@cveNotify
2023-09-09 00:58:52
🚨 CVE-2022-4953The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.ğŸŽ–@cveNotify
2023-09-09 00:58:49
🚨 CVE-2023-35386Windows Kernel Elevation of Privilege VulnerabilityğŸŽ–@cveNotify
2023-09-09 00:58:48
🚨 CVE-2023-38154Windows Kernel Elevation of Privilege VulnerabilityğŸŽ–@cveNotify
2023-09-09 00:58:46
🚨 CVE-2023-34127Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.ğŸŽ–@cveNotify
2023-09-09 00:58:43
🚨 CVE-2023-34132Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.ğŸŽ–@cveNotify
2023-09-09 00:58:41
🚨 CVE-2023-34124The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.ğŸŽ–@cveNotify
2023-09-09 00:58:38
🚨 CVE-2023-34133Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.ğŸŽ–@cveNotify
2023-09-09 00:58:36
🚨 CVE-2023-36812OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`.ğŸŽ–@cveNotify
2023-09-09 00:58:35
🚨 CVE-2023-25826Due to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.ğŸŽ–@cveNotify
2023-09-09 00:58:33
🚨 CVE-2022-31470An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.ğŸŽ–@cveNotify
2023-09-09 00:58:32
🚨 CVE-2019-7609Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.ğŸŽ–@cveNotify
2023-09-09 00:58:30
🚨 CVE-2023-33016Transient DOS in WLAN firmware while parsing MLO (multi-link operation).ğŸŽ–@cveNotify
2023-09-09 00:58:28
🚨 CVE-2023-33019Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE.ğŸŽ–@cveNotify
2023-09-09 00:58:25
🚨 CVE-2022-22402IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.ğŸŽ–@cveNotify
2023-09-09 00:58:24
🚨 CVE-2022-22409IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.ğŸŽ–@cveNotify
2023-09-09 00:58:22
🚨 CVE-2023-40306SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.ğŸŽ–@cveNotify
2023-09-09 00:58:19
🚨 CVE-2023-42276hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.ğŸŽ–@cveNotify
2023-09-09 00:58:17
🚨 CVE-2023-42277hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.ğŸŽ–@cveNotify
2023-09-08 22:58:28
🚨 CVE-2022-22405IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 222576.ğŸŽ–@cveNotify
2023-09-08 22:58:27
🚨 CVE-2023-24965IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. IBM X-Force ID: 246713.ğŸŽ–@cveNotify
2023-09-08 22:58:26
🚨 CVE-2023-30995IBM Aspera Faspex 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.ğŸŽ–@cveNotify
2023-09-08 22:58:25
🚨 CVE-2023-4809In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.ğŸŽ–@cveNotify
2023-09-08 22:58:24
🚨 CVE-2022-33164IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579.ğŸŽ–@cveNotify
2023-09-08 22:58:23
🚨 CVE-2023-32332IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.ğŸŽ–@cveNotify
2023-09-08 22:58:22
🚨 CVE-2023-41318matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.ğŸŽ–@cveNotify
2023-09-08 22:58:21
🚨 CVE-2023-4369Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-09-08 21:58:24
🚨 CVE-2023-31132Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a privilege escalation vulnerability. A low-privileged OS user with access to a Windows host where Cacti is installed can create arbitrary PHP files in a web document directory. The user can then execute the PHP files under the security context of SYSTEM. This allows an attacker to escalate privilege from a normal user account to SYSTEM. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-08 21:58:21
🚨 CVE-2023-21663Memory Corruption while accessing metadata in Display.ğŸŽ–@cveNotify
2023-09-08 18:58:25
🚨 CVE-2023-34317An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to unexpected data in the configuration. An attacker can send a sequence of requests to trigger this vulnerability.ğŸŽ–@cveNotify
2023-09-08 18:58:24
🚨 CVE-2023-34353An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted network sniffing can lead to decryption of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.ğŸŽ–@cveNotify
2023-09-08 18:58:23
🚨 CVE-2023-34994An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to creation of an arbitrary directory. An attacker can send a sequence of requests to trigger this vulnerability.ğŸŽ–@cveNotify
2023-09-08 18:58:19
🚨 CVE-2023-35124An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to a disclosure of sensitive information. An attacker can send a sequence of requests to trigger this vulnerability.ğŸŽ–@cveNotify
2023-09-08 18:58:18
🚨 CVE-2023-2453There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload.ğŸŽ–@cveNotify
2023-09-08 18:58:17
🚨 CVE-2023-31242An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. A specially-crafted series of network requests can lead to arbitrary authentication. An attacker can send a sequence of requests to trigger this vulnerability.ğŸŽ–@cveNotify
2023-09-08 16:58:59
🚨 CVE-2023-30722Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.ğŸŽ–@cveNotify
2023-09-08 16:58:58
🚨 CVE-2015-1391Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.ğŸŽ–@cveNotify
2023-09-08 16:58:56
🚨 CVE-2023-41908Cerebrate before 1.15 lacks the Secure attribute for the session cookie.ğŸŽ–@cveNotify
2023-09-08 16:58:55
🚨 CVE-2023-3375Unrestricted Upload of File with Dangerous Type vulnerability in Unisign Bookreen allows OS Command Injection.This issue affects Bookreen: before 3.0.0.ğŸŽ–@cveNotify
2023-09-08 14:58:42
🚨 CVE-2023-38836File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.ğŸŽ–@cveNotify
2023-09-08 14:58:38
🚨 CVE-2022-41763An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.ğŸŽ–@cveNotify
2023-09-08 14:58:37
🚨 CVE-2023-32470Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).ğŸŽ–@cveNotify
2023-09-08 14:58:36
🚨 CVE-2023-34041Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.ğŸŽ–@cveNotify
2023-09-08 14:58:35
🚨 CVE-2023-41775Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent.ğŸŽ–@cveNotify
2023-09-08 11:58:12
🚨 CVE-2023-32470Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).ğŸŽ–@cveNotify
2023-09-08 05:58:35
🚨 CVE-2023-40953icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).ğŸŽ–@cveNotify
2023-09-08 05:58:34
🚨 CVE-2023-41594Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.ğŸŽ–@cveNotify
2023-09-08 05:58:33
🚨 CVE-2014-5329GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.ğŸŽ–@cveNotify
2023-09-08 05:58:29
🚨 CVE-2023-35785Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 and below, M365 Security Plus 4529 and below, Recovery Manager Plus 6061 and below, ServiceDesk Plus 14302 and below, ServiceDesk Plus MSP 14300 and below, SharePoint Manager Plus 4402 and below and Support Center Plus 14300 and below are vulnerable to the authentication bypass vulnerability via a few authenticators.ğŸŽ–@cveNotify
2023-09-08 05:58:28
🚨 CVE-2023-40271In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.ğŸŽ–@cveNotify
2023-09-08 05:58:27
🚨 CVE-2021-45811A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.ğŸŽ–@cveNotify
2023-09-08 05:58:26
🚨 CVE-2023-36184CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.ğŸŽ–@cveNotify
2023-09-08 05:58:22
🚨 CVE-2022-48571memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.ğŸŽ–@cveNotify
2023-09-08 05:58:21
🚨 CVE-2022-21299Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).ğŸŽ–@cveNotify
2023-09-08 05:58:20
🚨 CVE-2022-21340Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).ğŸŽ–@cveNotify
2023-09-08 05:58:16
🚨 CVE-2022-21283Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).ğŸŽ–@cveNotify
2023-09-08 05:58:15
🚨 CVE-2022-21360Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).ğŸŽ–@cveNotify
2023-09-08 05:58:14
🚨 CVE-2022-21277Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).ğŸŽ–@cveNotify
2023-09-08 01:58:30
🚨 CVE-2023-40029Argo CD is a declarative continuous deployment for Kubernetes. Argo CD Cluster secrets might be managed declaratively using Argo CD / kubectl apply. As a result, the full secret body is stored in`kubectl.kubernetes.io/last-applied-configuration` annotation. pull request #7139 introduced the ability to manage cluster labels and annotations. Since clusters are stored as secrets it also exposes the `kubectl.kubernetes.io/last-applied-configuration` annotation which includes full secret body. In order to view the cluster annotations via the Argo CD API, the user must have `clusters, get` RBAC access. **Note:** In many cases, cluster secrets do not contain any actually-secret information. But sometimes, as in bearer-token auth, the contents might be very sensitive. The bug has been patched in versions 2.8.3, 2.7.14, and 2.6.15. Users are advised to upgrade. Users unable to upgrade should update/deploy cluster secret with `server-side-apply` flag which does not use or rely on `kubectl.kubernetes.io/last-applied-configuration` annotation. Note: annotation for existing secrets will require manual removal.ğŸŽ–@cveNotify
2023-09-08 01:58:29
🚨 CVE-2023-40584Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system's functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.ğŸŽ–@cveNotify
2023-09-08 01:58:27
🚨 CVE-2023-38440In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-09-08 01:58:26
🚨 CVE-2023-38441In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-09-08 01:58:25
🚨 CVE-2023-38439In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-09-08 01:58:24
🚨 CVE-2023-38438In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-09-08 01:58:23
🚨 CVE-2023-38437In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-09-08 01:58:22
🚨 CVE-2023-30908Potential security vulnerabilities have been identified in Hewlett Packard Enterprise OneView Software. These vulnerabilities could be remotely exploited to allow authentication bypass, disclosure of sensitive information, and denial of service.ğŸŽ–@cveNotify
2023-09-08 01:58:21
🚨 CVE-2023-41161Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.ğŸŽ–@cveNotify
2023-09-08 01:58:19
🚨 CVE-2023-41646Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/ğŸŽ–@cveNotify
2023-09-08 01:58:18
🚨 CVE-2023-36665"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty.ğŸŽ–@cveNotify
2023-09-08 01:58:17
🚨 CVE-2023-33918In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-09-08 01:58:15
🚨 CVE-2023-33916In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-09-08 01:58:14
🚨 CVE-2023-38436In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-09-08 01:58:13
🚨 CVE-2023-33917In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-09-07 22:58:30
🚨 CVE-2023-39980A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands.ğŸŽ–@cveNotify
2023-09-07 22:58:29
🚨 CVE-2023-20193A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec.ğŸŽ–@cveNotify
2023-09-07 22:58:25
🚨 CVE-2023-41316Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-07 22:58:24
🚨 CVE-2023-41061A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.ğŸŽ–@cveNotify
2023-09-07 22:58:23
🚨 CVE-2023-4528Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interfaceğŸŽ–@cveNotify
2023-09-07 22:58:19
🚨 CVE-2023-37798A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.ğŸŽ–@cveNotify
2023-09-07 22:58:18
🚨 CVE-2023-39979There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote attacker might access the system if the web service authenticator has insufficient random values.Â Â ğŸŽ–@cveNotify
2023-09-07 22:58:17
🚨 CVE-2023-4647An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.ğŸŽ–@cveNotify
2023-09-07 20:58:35
🚨 CVE-2023-4712A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-09-07 20:58:33
🚨 CVE-2023-4711A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-09-07 20:58:32
🚨 CVE-2023-41046XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for "VelocityCode", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds.ğŸŽ–@cveNotify
2023-09-07 20:58:31
🚨 CVE-2023-41051In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.ğŸŽ–@cveNotify
2023-09-07 20:58:30
🚨 CVE-2023-4710A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-09-07 20:58:29
🚨 CVE-2023-41061A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.ğŸŽ–@cveNotify
2023-09-07 20:58:28
🚨 CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.ğŸŽ–@cveNotify
2023-09-07 20:58:27
🚨 CVE-2023-37798A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter.ğŸŽ–@cveNotify
2023-09-07 20:58:25
🚨 CVE-2023-20821In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113.ğŸŽ–@cveNotify
2023-09-07 20:58:21
🚨 CVE-2023-20825In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413.ğŸŽ–@cveNotify
2023-09-07 20:58:20
🚨 CVE-2023-20836In camsys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505629; Issue ID: ALPS07505629.ğŸŽ–@cveNotify
2023-09-07 20:58:19
🚨 CVE-2023-20820In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189.ğŸŽ–@cveNotify
2023-09-07 20:58:18
🚨 CVE-2023-20828In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144.ğŸŽ–@cveNotify
2023-09-07 20:58:14
🚨 CVE-2023-20835In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570.ğŸŽ–@cveNotify
2023-09-07 20:58:13
🚨 CVE-2023-32811In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848.ğŸŽ–@cveNotify
2023-09-07 20:58:12
🚨 CVE-2023-32808In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751.ğŸŽ–@cveNotify
2023-09-07 18:58:24
🚨 CVE-2023-40239Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.ğŸŽ–@cveNotify
2023-09-07 18:58:23
🚨 CVE-2023-30800The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.ğŸŽ–@cveNotify
2023-09-07 18:58:22
🚨 CVE-2023-40060A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4.  SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1.Â ğŸŽ–@cveNotify
2023-09-07 18:58:19
🚨 CVE-2021-44189Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-07 18:58:18
🚨 CVE-2021-44190Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-07 18:58:17
🚨 CVE-2021-44195Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-07 16:58:40
🚨 CVE-2023-40576FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.ğŸŽ–@cveNotify
2023-09-07 16:58:39
🚨 CVE-2023-20849In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350.ğŸŽ–@cveNotify
2023-09-07 16:58:38
🚨 CVE-2023-20850In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381.ğŸŽ–@cveNotify
2023-09-07 16:58:37
🚨 CVE-2023-32817In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.ğŸŽ–@cveNotify
2023-09-07 16:58:33
🚨 CVE-2023-32816In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032.ğŸŽ–@cveNotify
2023-09-07 16:58:32
🚨 CVE-2023-20847In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108.ğŸŽ–@cveNotify
2023-09-07 16:58:31
🚨 CVE-2023-32813In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370.ğŸŽ–@cveNotify
2023-09-07 16:58:27
🚨 CVE-2023-32814In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947.ğŸŽ–@cveNotify
2023-09-07 16:58:26
🚨 CVE-2023-20838In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418.ğŸŽ–@cveNotify
2023-09-07 16:58:25
🚨 CVE-2023-20843In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119.ğŸŽ–@cveNotify
2023-09-07 16:58:24
🚨 CVE-2023-20845In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357.ğŸŽ–@cveNotify
2023-09-07 16:58:21
🚨 CVE-2023-20844In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121.ğŸŽ–@cveNotify
2023-09-07 16:58:19
🚨 CVE-2023-20837In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786.ğŸŽ–@cveNotify
2023-09-07 16:58:18
🚨 CVE-2023-20841In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441.ğŸŽ–@cveNotify
2023-09-07 16:58:17
🚨 CVE-2023-20842In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477.ğŸŽ–@cveNotify
2023-09-07 10:58:35
🚨 CVE-2022-0900Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0.ğŸŽ–@cveNotify
2023-09-07 10:58:31
🚨 CVE-2023-39238It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its set_iperf3_svr.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.ğŸŽ–@cveNotify
2023-09-07 10:58:30
🚨 CVE-2023-39239It is identified a format string vulnerability in ASUS RT-AX56U V2’s General function API. This vulnerability is caused by lacking validation for a specific value within its apply.cgi module. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.ğŸŽ–@cveNotify
2023-09-07 10:58:29
🚨 CVE-2023-0979Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection.This issue affects MedDataPACS : before 2023-03-03.ğŸŽ–@cveNotify
2023-09-07 10:58:28
🚨 CVE-2021-43361Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData HBYS allows SQL Injection.This issue affects HBYS: from unspecified before 1.1.ğŸŽ–@cveNotify
2023-09-07 10:58:24
🚨 CVE-2023-39236ASUS RT-AC86U Traffic Analyzer - Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.ğŸŽ–@cveNotify
2023-09-07 10:58:23
🚨 CVE-2023-38033ASUS RT-AC86U unused Traffic Analyzer legacy Statistic function has insufficient filtering of special character. A remote attacker with regular user privilege can exploit this vulnerability to perform command injection attack to execute arbitrary commands, disrupt system or terminate services.ğŸŽ–@cveNotify
2023-09-07 10:58:19
🚨 CVE-2023-4815Missing Authentication for Critical Function in GitHub repository answerdev/answer prior to v1.1.3.ğŸŽ–@cveNotify
2023-09-07 10:58:18
🚨 CVE-2023-30533SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.ğŸŽ–@cveNotify
2023-09-07 10:58:17
🚨 CVE-2022-47522The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.ğŸŽ–@cveNotify
2023-09-07 09:58:38
🚨 CVE-2023-4772The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.ğŸŽ–@cveNotify
2023-09-07 09:58:37
🚨 CVE-2023-30079A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.ğŸŽ–@cveNotify
2023-09-07 09:58:36
🚨 CVE-2023-22652A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.This issue affects libeconf: before 0.5.2.ğŸŽ–@cveNotify
2023-09-07 09:58:35
🚨 CVE-2023-38605This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.ğŸŽ–@cveNotify
2023-09-07 09:58:31
🚨 CVE-2023-40397The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. A remote attacker may be able to cause arbitrary javascript code execution.ğŸŽ–@cveNotify
2023-09-07 09:58:30
🚨 CVE-2023-41329WireMock is a tool for mocking HTTP services. The proxy mode of WireMock, can be protected by the network restrictions configuration, as documented in Preventing proxying to and recording from specific target addresses. These restrictions can be configured using the domain names, and in such a case the configuration is vulnerable to the DNS rebinding attacks. A similar patch was applied in WireMock 3.0.0-beta-15 for the WireMock Webhook Extensions. The root cause of the attack is a defect in the logic which allows for a race condition triggered by a DNS server whose address expires in between the initial validation and the outbound network request that might go to a domain that was supposed to be prohibited. Control over a DNS service is required to exploit this attack, so it has high execution complexity and limited impact. This issue has been addressed in version 2.35.1 of wiremock-jre8 and wiremock-jre8-standalone, version 3.0.3 of wiremock and wiremock-standalone, version 2.6.1 of the python version of wiremock, and versions 2.35.1-1 and 3.0.3-1 of the wiremock/wiremock Docker container. Users are advised to upgrade. Users unable to upgrade should either configure firewall rules to define the list of permitted destinations or to configure WireMock to use IP addresses instead of the domain names.ğŸŽ–@cveNotify
2023-09-07 09:58:29
🚨 CVE-2023-4809In pf packet processing with a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is.As a result, IPv6 fragments may bypass pf firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host.ğŸŽ–@cveNotify
2023-09-07 09:58:25
🚨 CVE-2023-23623Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.ğŸŽ–@cveNotify
2023-09-07 09:58:24
🚨 CVE-2023-38616A race condition was addressed with improved state handling. This issue is fixed in macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.ğŸŽ–@cveNotify
2023-09-07 09:58:23
🚨 CVE-2023-39967WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.ğŸŽ–@cveNotify
2023-09-07 09:58:19
🚨 CVE-2023-40392A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.5. An app may be able to read sensitive location information.ğŸŽ–@cveNotify
2023-09-07 09:58:18
🚨 CVE-2023-41053Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-07 09:58:17
🚨 CVE-2023-20263A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.ğŸŽ–@cveNotify
2023-09-07 00:58:12
🚨 CVE-2023-4754Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV.ğŸŽ–@cveNotify
2023-09-07 00:58:11
🚨 CVE-2023-41642Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.ğŸŽ–@cveNotify
2023-09-06 22:58:54
🚨 CVE-2023-41053Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-06 22:58:53
🚨 CVE-2023-28215A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-09-06 22:58:52
🚨 CVE-2023-28188A denial-of-service issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause a denial-of-service.ğŸŽ–@cveNotify
2023-09-06 22:58:51
🚨 CVE-2023-28211A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-09-06 22:58:50
🚨 CVE-2023-32426A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to gain root privileges.ğŸŽ–@cveNotify
2023-09-06 22:58:46
🚨 CVE-2023-28195A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3. An app may be able to read sensitive location information.ğŸŽ–@cveNotify
2023-09-06 22:58:45
🚨 CVE-2023-28214A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-09-06 22:58:44
🚨 CVE-2023-27950An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.ğŸŽ–@cveNotify
2023-09-06 22:58:43
🚨 CVE-2023-28209A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-09-06 22:58:42
🚨 CVE-2023-28213A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-09-06 22:58:38
🚨 CVE-2023-28210A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-09-06 22:58:37
🚨 CVE-2023-28212A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-09-06 22:58:36
🚨 CVE-2023-32356A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-09-06 22:58:35
🚨 CVE-2023-32362Error handling was changed to not reveal sensitive information. This issue is fixed in macOS Ventura 13.3. A website may be able to track sensitive user information.ğŸŽ–@cveNotify
2023-09-06 22:58:32
🚨 CVE-2023-35359Windows Kernel Elevation of Privilege VulnerabilityğŸŽ–@cveNotify
2023-09-06 22:58:31
🚨 CVE-2023-28200A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.ğŸŽ–@cveNotify
2023-09-06 22:58:30
🚨 CVE-2023-29491ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.ğŸŽ–@cveNotify
2023-09-06 22:58:29
🚨 CVE-2023-23333There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.ğŸŽ–@cveNotify
2023-09-06 22:58:28
🚨 CVE-2022-3970A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tif_getimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 227500897dfb07fb7d27f7aa570050e62617e3be. It is recommended to apply a patch to fix this issue. The identifier VDB-213549 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-09-06 20:58:19
🚨 CVE-2023-20269A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote access VPN session. Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier). Notes: Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured. This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured. Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.ğŸŽ–@cveNotify
2023-09-06 20:58:18
🚨 CVE-2023-38485Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.ğŸŽ–@cveNotify
2023-09-06 20:58:17
🚨 CVE-2023-41050AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-06 19:58:25
🚨 CVE-2023-0667Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running WiresharkğŸŽ–@cveNotify
2023-09-06 19:58:24
🚨 CVE-2021-36646A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page.ğŸŽ–@cveNotify
2023-09-06 19:58:23
🚨 CVE-2023-4498Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users onlyğŸŽ–@cveNotify
2023-09-06 19:58:19
🚨 CVE-2023-39615** DISPUTED ** Xmlsoft Libxml2 v2.11.0 was discovered to contain an out-of-bounds read via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted XML file. NOTE: the vendor's position is that the product does not support the legacy SAX1 interface with custom callbacks; there is a crash even without crafted input.ğŸŽ–@cveNotify
2023-09-06 19:58:18
🚨 CVE-2022-34038** DISPUTED ** Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.ğŸŽ–@cveNotify
2023-09-06 19:58:17
🚨 CVE-2020-36131AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.ğŸŽ–@cveNotify
2023-09-06 19:58:13
🚨 CVE-2021-30475aom_dsp/noise_model.c in libaom in AOMedia before 2021-03-24 has a buffer overflow.ğŸŽ–@cveNotify
2023-09-06 19:58:12
🚨 CVE-2021-30473aom_image.c in libaom in AOMedia before 2021-04-07 frees memory that is not located on the heap.ğŸŽ–@cveNotify
2023-09-06 16:58:35
🚨 CVE-2023-41937Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials stored in Jenkins by sending a crafted webhook payload.ğŸŽ–@cveNotify
2023-09-06 16:58:34
🚨 CVE-2023-41940Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents.ğŸŽ–@cveNotify
2023-09-06 16:58:33
🚨 CVE-2023-41945Jenkins Assembla Auth Plugin 1.14 and earlier does not verify that the permissions it grants are enabled, resulting in users with EDIT permissions to be granted Overall/Manage and Overall/SystemRead permissions, even if those permissions are disabled and should not be granted.ğŸŽ–@cveNotify
2023-09-06 16:58:32
🚨 CVE-2023-41941A missing permission check in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of AWS credentials stored in Jenkins.ğŸŽ–@cveNotify
2023-09-06 16:58:31
🚨 CVE-2023-41942A cross-site request forgery (CSRF) vulnerability in Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier allows attackers to clear the SQS queue.ğŸŽ–@cveNotify
2023-09-06 16:58:30
🚨 CVE-2023-41946A cross-site request forgery (CSRF) vulnerability in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers to connect to Frugal Testing using attacker-specified credentials, and to retrieve test IDs and names from Frugal Testing, if a valid credential corresponds to the attacker-specified username.ğŸŽ–@cveNotify
2023-09-06 16:58:29
🚨 CVE-2023-41944Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.ğŸŽ–@cveNotify
2023-09-06 16:58:28
🚨 CVE-2023-41931Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting (XSS) vulnerability.ğŸŽ–@cveNotify
2023-09-06 16:58:27
🚨 CVE-2023-41947A missing permission check in Jenkins Frugal Testing Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to Frugal Testing using attacker-specified credentials.ğŸŽ–@cveNotify
2023-09-06 16:58:26
🚨 CVE-2022-46751Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about "JAXP Properties for External Access restrictions" inside Oracle's "Java API for XML Processing (JAXP) Security Guide".ğŸŽ–@cveNotify
2023-09-06 16:58:24
🚨 CVE-2023-1863Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06.ğŸŽ–@cveNotify
2023-09-06 16:58:23
🚨 CVE-2023-1114Missing Authorization vulnerability in Eskom e-Belediye allows Information Elicitation.This issue affects e-Belediye: from 1.0.0.95 before 1.0.0.100.ğŸŽ–@cveNotify
2023-09-06 16:58:22
🚨 CVE-2023-41739Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.ğŸŽ–@cveNotify
2023-09-06 16:58:21
🚨 CVE-2023-40182Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.ğŸŽ–@cveNotify
2023-09-06 16:58:20
🚨 CVE-2023-41738Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.ğŸŽ–@cveNotify
2023-09-06 16:58:16
🚨 CVE-2023-36811borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any "borg check --repair" and before "borg prune". There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-09-06 16:58:15
🚨 CVE-2023-39265Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.ğŸŽ–@cveNotify
2023-09-06 16:58:14
🚨 CVE-2021-28644Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-06 16:58:13
🚨 CVE-2021-35980Acrobat Reader DC versions 2021.005.20054 (and earlier), 2020.004.30005 (and earlier) and 2017.011.30197 (and earlier) are affected by a Path traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-09-06 16:58:12
🚨 CVE-2021-36021Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system. ğŸŽ–@cveNotify
2023-09-06 07:58:32
🚨 CVE-2023-30717Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.ğŸŽ–@cveNotify
2023-09-06 07:58:31
🚨 CVE-2023-30720PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.ğŸŽ–@cveNotify
2023-09-06 07:58:30
🚨 CVE-2023-30709Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.ğŸŽ–@cveNotify
2023-09-06 07:58:26
🚨 CVE-2023-30711Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.ğŸŽ–@cveNotify
2023-09-06 07:58:25
🚨 CVE-2023-30724Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.ğŸŽ–@cveNotify
2023-09-06 07:58:24
🚨 CVE-2023-30715Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.ğŸŽ–@cveNotify
2023-09-06 07:58:20
🚨 CVE-2023-30718Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.ğŸŽ–@cveNotify
2023-09-06 07:58:19
🚨 CVE-2023-30719Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.ğŸŽ–@cveNotify
2023-09-06 07:58:18
🚨 CVE-2023-30725Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider.ğŸŽ–@cveNotify
2023-09-06 07:58:14
🚨 CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.ğŸŽ–@cveNotify
2023-09-06 07:58:13
🚨 CVE-2020-21427Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.ğŸŽ–@cveNotify
2023-09-06 07:58:12
🚨 CVE-2023-28215A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.ğŸŽ–@cveNotify
2023-08-30 00:58:28
🚨 CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.ğŸŽ–@cveNotify
2023-08-30 00:58:27
🚨 CVE-2023-40826An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.ğŸŽ–@cveNotify
2023-08-30 00:58:24
🚨 CVE-2023-38971Cross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.ğŸŽ–@cveNotify
2023-08-30 00:58:23
🚨 CVE-2023-41153A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.ğŸŽ–@cveNotify
2023-08-30 00:58:22
🚨 CVE-2023-4611A use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault, and may allow a local attacker to crash the system or lead to a kernel information leak.ğŸŽ–@cveNotify
2023-08-30 00:58:18
🚨 CVE-2023-39558AudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.ğŸŽ–@cveNotify
2023-08-30 00:58:17
🚨 CVE-2023-41265An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.ğŸŽ–@cveNotify
2023-08-30 00:58:16
🚨 CVE-2023-41266A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.ğŸŽ–@cveNotify
2023-08-29 22:58:39
🚨 CVE-2023-4548A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.ğŸŽ–@cveNotify
2023-08-29 22:58:38
🚨 CVE-2021-3262TripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.ğŸŽ–@cveNotify
2023-08-29 22:58:37
🚨 CVE-2023-39266A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface.ğŸŽ–@cveNotify
2023-08-29 22:58:36
🚨 CVE-2023-39267An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.ğŸŽ–@cveNotify
2023-08-29 22:58:35
🚨 CVE-2023-39268A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.ğŸŽ–@cveNotify
2023-08-29 22:58:31
🚨 CVE-2023-39663Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern.ğŸŽ–@cveNotify
2023-08-29 22:58:30
🚨 CVE-2023-39678A cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.ğŸŽ–@cveNotify
2023-08-29 22:58:29
🚨 CVE-2023-3253An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application.ğŸŽ–@cveNotify
2023-08-29 22:58:28
🚨 CVE-2023-4572Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-29 22:58:23
🚨 CVE-2023-34039Aria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.ğŸŽ–@cveNotify
2023-08-29 22:58:22
🚨 CVE-2023-39522goauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage an attacker is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recovery flow described above is susceptible to having their username/email revealed as existing. An attacker can easily enumerate and check users' existence using the recovery flow, as a clear message is shown when a user doesn't exist. Depending on configuration this can either be done by username, email, or both. This issue has been addressed in versions 2023.5.6 and 2023.6.2. Users are advised to upgrade. There are no known workarounds for this issue.ğŸŽ–@cveNotify
2023-08-29 22:58:21
🚨 CVE-2023-3251A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0.ğŸŽ–@cveNotify
2023-08-29 22:58:20
🚨 CVE-2023-3252An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition.ğŸŽ–@cveNotify
2023-08-29 22:58:16
🚨 CVE-2023-37428A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.ğŸŽ–@cveNotify
2023-08-29 22:58:15
🚨 CVE-2023-37427A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.ğŸŽ–@cveNotify
2023-08-29 22:58:14
🚨 CVE-2023-39578A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.ğŸŽ–@cveNotify
2023-08-29 22:58:13
🚨 CVE-2023-37434Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.ğŸŽ–@cveNotify
2023-08-29 20:58:18
🚨 CVE-2023-38283In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.ğŸŽ–@cveNotify
2023-08-29 20:58:17
🚨 CVE-2023-41362MyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.ğŸŽ–@cveNotify
2023-08-29 18:58:30
🚨 CVE-2023-4513BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture fileğŸŽ–@cveNotify
2023-08-29 18:58:26
🚨 CVE-2023-4511BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture fileğŸŽ–@cveNotify
2023-08-29 18:58:25
🚨 CVE-2023-40763User enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.ğŸŽ–@cveNotify
2023-08-29 18:58:24
🚨 CVE-2023-39708A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.ğŸŽ–@cveNotify
2023-08-29 18:58:21
🚨 CVE-2023-40764User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.ğŸŽ–@cveNotify
2023-08-29 18:58:20
🚨 CVE-2023-40766User enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.ğŸŽ–@cveNotify
2023-08-29 18:58:19
🚨 CVE-2023-40767User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.ğŸŽ–@cveNotify
2023-08-29 18:58:18
🚨 CVE-2023-40756User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.ğŸŽ–@cveNotify
2023-08-29 17:58:27
🚨 CVE-2023-37439Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.ğŸŽ–@cveNotify
2023-08-29 17:58:26
🚨 CVE-2023-37438Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.ğŸŽ–@cveNotify
2023-08-29 17:58:25
🚨 CVE-2021-43171Improper verification of applications' cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user's systems by altering the server's API response.ğŸŽ–@cveNotify
2023-08-29 17:58:23
🚨 CVE-2023-40282** UNSUPPPORTED WHEN ASSIGNED ** Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.ğŸŽ–@cveNotify
2023-08-29 17:58:22
🚨 CVE-2023-4041Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.ğŸŽ–@cveNotify
2023-08-29 17:58:21
🚨 CVE-2023-39985** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** Out-of-bounds Write vulnerability in Hitachi EH-VIEW (Designer) allows local attackers to potentially execute arbitray code on affected EH-VIEW installations. User interaction is required to exploit the vulnerabilities in that the user must open a malicious file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.ğŸŽ–@cveNotify
2023-08-29 14:58:22
🚨 CVE-2023-40787In SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.ğŸŽ–@cveNotify
2023-08-29 14:58:21
🚨 CVE-2023-23770Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.ğŸŽ–@cveNotify
2023-08-29 14:58:20
🚨 CVE-2023-23771Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.ğŸŽ–@cveNotify
2023-08-29 14:58:19
🚨 CVE-2023-23772Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.ğŸŽ–@cveNotify
2023-08-29 14:58:15
🚨 CVE-2023-23774Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.ğŸŽ–@cveNotify
2023-08-29 14:58:13
🚨 CVE-2023-37436Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.ğŸŽ–@cveNotify
2023-08-29 14:58:12
🚨 CVE-2023-37435Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to    obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.ğŸŽ–@cveNotify
2023-08-29 10:58:32
🚨 CVE-2023-41360An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.ğŸŽ–@cveNotify
2023-08-29 10:58:31
🚨 CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.ğŸŽ–@cveNotify
2023-08-29 10:58:30
🚨 CVE-2023-34724An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.ğŸŽ–@cveNotify
2023-08-29 10:58:29
🚨 CVE-2023-34725An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.ğŸŽ–@cveNotify
2023-08-29 10:58:28
🚨 CVE-2023-39059An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.ğŸŽ–@cveNotify
2023-08-29 10:58:27
🚨 CVE-2023-40781Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.ğŸŽ–@cveNotify
2023-08-29 10:58:26
🚨 CVE-2023-40825An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.ğŸŽ–@cveNotify
2023-08-29 10:58:24
🚨 CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.ğŸŽ–@cveNotify
2023-08-29 10:58:22
🚨 CVE-2023-40828An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.ğŸŽ–@cveNotify
2023-08-29 10:58:21
🚨 CVE-2023-40857Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.ğŸŽ–@cveNotify
2023-08-29 10:58:20
🚨 CVE-2023-40997Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.ğŸŽ–@cveNotify
2023-08-29 10:58:19
🚨 CVE-2023-40998Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.ğŸŽ–@cveNotify
2023-08-29 10:58:18
🚨 CVE-2023-41005An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.phpğŸŽ–@cveNotify
2023-08-29 10:58:17
🚨 CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.ğŸŽ–@cveNotify
2023-08-29 10:58:16
🚨 CVE-2023-39650Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.ğŸŽ–@cveNotify
2023-08-29 10:58:15
🚨 CVE-2023-35785Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.ğŸŽ–@cveNotify
2023-08-29 10:58:14
🚨 CVE-2023-39348Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.ğŸŽ–@cveNotify
2023-08-29 10:58:13
🚨 CVE-2023-39578A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.ğŸŽ–@cveNotify
2023-08-29 10:58:12
🚨 CVE-2023-41109SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.ğŸŽ–@cveNotify
2023-08-29 06:58:34
🚨 CVE-2023-30435IBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291.ğŸŽ–@cveNotify
2023-08-29 06:58:33
🚨 CVE-2023-30437IBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.ğŸŽ–@cveNotify
2023-08-29 06:58:32
🚨 CVE-2023-33852IBM Security Guardium 11.4 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614.ğŸŽ–@cveNotify
2023-08-29 06:58:31
🚨 CVE-2023-38730IBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 262268.ğŸŽ–@cveNotify
2023-08-29 06:58:27
🚨 CVE-2023-4557A vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_purchase_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238158 is the identifier assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-29 06:58:26
🚨 CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.ğŸŽ–@cveNotify
2023-08-29 06:58:25
🚨 CVE-2023-41359An issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.ğŸŽ–@cveNotify
2023-08-29 06:58:24
🚨 CVE-2023-41360An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.ğŸŽ–@cveNotify
2023-08-29 06:58:21
🚨 CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.ğŸŽ–@cveNotify
2023-08-29 06:58:20
🚨 CVE-2023-3180A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.ğŸŽ–@cveNotify
2023-08-29 06:58:19
🚨 CVE-2023-0664A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.ğŸŽ–@cveNotify
2023-08-29 06:58:18
🚨 CVE-2023-1995Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.ğŸŽ–@cveNotify
2023-08-29 06:58:14
🚨 CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-29 06:58:13
🚨 CVE-2023-40254Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-29 06:58:12
🚨 CVE-2023-28980A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes).This issue affects:Juniper Networks Junos OS * 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6; * 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5; * 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4 * 21.1 version 21.1R3 and later versions prior to 21.1R3-S3; * 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2; * 21.3 version 21.3R2 and later versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S1, 21.4R3; * 22.1 versions prior to 22.1R2.Juniper Networks Junos OS Evolved * 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO; * 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO; * 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO; * 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; * 22.1-EVO versions prior to 22.1R2-EVO.ğŸŽ–@cveNotify
2023-08-29 00:58:28
🚨 CVE-2023-39650Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.ğŸŽ–@cveNotify
2023-08-29 00:58:27
🚨 CVE-2023-34724An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface.ğŸŽ–@cveNotify
2023-08-29 00:58:26
🚨 CVE-2023-34725An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection.ğŸŽ–@cveNotify
2023-08-29 00:58:25
🚨 CVE-2023-39059An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter.ğŸŽ–@cveNotify
2023-08-29 00:58:24
🚨 CVE-2023-40781Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function.ğŸŽ–@cveNotify
2023-08-29 00:58:22
🚨 CVE-2023-40825An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.ğŸŽ–@cveNotify
2023-08-29 00:58:21
🚨 CVE-2023-40826An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.ğŸŽ–@cveNotify
2023-08-29 00:58:20
🚨 CVE-2023-40827An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.ğŸŽ–@cveNotify
2023-08-29 00:58:19
🚨 CVE-2023-40828An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.ğŸŽ–@cveNotify
2023-08-29 00:58:18
🚨 CVE-2023-40857Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component.ğŸŽ–@cveNotify
2023-08-29 00:58:17
🚨 CVE-2023-40997Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet.ğŸŽ–@cveNotify
2023-08-29 00:58:16
🚨 CVE-2023-40998Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component.ğŸŽ–@cveNotify
2023-08-29 00:58:15
🚨 CVE-2023-41005An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.phpğŸŽ–@cveNotify
2023-08-29 00:58:13
🚨 CVE-2023-4569A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local attacker to cause a double-deactivations of catchall elements, which results in a memory leak.ğŸŽ–@cveNotify
2023-08-29 00:58:12
🚨 CVE-2023-39017** DISPUTED ** quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.ğŸŽ–@cveNotify
2023-08-28 23:58:36
🚨 CVE-2020-21699The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.ğŸŽ–@cveNotify
2023-08-28 23:58:35
🚨 CVE-2020-24165An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).ğŸŽ–@cveNotify
2023-08-28 23:58:31
🚨 CVE-2023-39968jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-28 23:58:30
🚨 CVE-2023-3699An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.ğŸŽ–@cveNotify
2023-08-28 23:58:26
🚨 CVE-2022-48545An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.ğŸŽ–@cveNotify
2023-08-28 23:58:25
🚨 CVE-2023-35785Zoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.ğŸŽ–@cveNotify
2023-08-28 23:58:24
🚨 CVE-2023-39348Spinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.ğŸŽ–@cveNotify
2023-08-28 23:58:21
🚨 CVE-2023-39578A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.ğŸŽ–@cveNotify
2023-08-28 23:58:20
🚨 CVE-2020-12272OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the example.net(.example.com substring.ğŸŽ–@cveNotify
2023-08-28 23:58:19
🚨 CVE-2022-48538In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.ğŸŽ–@cveNotify
2023-08-28 21:58:29
🚨 CVE-2023-40755There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.ğŸŽ–@cveNotify
2023-08-28 21:58:23
🚨 CVE-2023-40756User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.ğŸŽ–@cveNotify
2023-08-28 21:58:22
🚨 CVE-2023-40759User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.ğŸŽ–@cveNotify
2023-08-28 21:58:21
🚨 CVE-2023-40760User enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.ğŸŽ–@cveNotify
2023-08-28 16:58:20
🚨 CVE-2023-2234Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.ğŸŽ–@cveNotify
2023-08-28 16:58:19
🚨 CVE-2023-39708A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.ğŸŽ–@cveNotify
2023-08-28 16:58:18
🚨 CVE-2023-40846Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.ğŸŽ–@cveNotify
2023-08-28 10:58:29
🚨 CVE-2020-19909** DISPUTED ** Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.ğŸŽ–@cveNotify
2023-08-28 10:58:28
🚨 CVE-2023-27604Apache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows an attacker pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The attacker needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected.This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.ğŸŽ–@cveNotify
2023-08-28 10:58:27
🚨 CVE-2023-38030Saho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote attacker can execute system commands in partial website URLs to read sensitive device information without permissions.ğŸŽ–@cveNotify
2023-08-28 10:58:26
🚨 CVE-2023-38029Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote attacker authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.ğŸŽ–@cveNotify
2023-08-28 10:58:22
🚨 CVE-2023-38028Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service.ğŸŽ–@cveNotify
2023-08-28 10:58:21
🚨 CVE-2022-43904IBM Security Guardium 11.3 and 11.4 could disclose sensitive information to an attacker due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.ğŸŽ–@cveNotify
2023-08-28 10:58:20
🚨 CVE-2023-23473IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.ğŸŽ–@cveNotify
2023-08-28 10:58:19
🚨 CVE-2023-24959IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.ğŸŽ–@cveNotify
2023-08-28 10:58:15
🚨 CVE-2023-26270IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.ğŸŽ–@cveNotify
2023-08-28 10:58:14
🚨 CVE-2023-26271IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.ğŸŽ–@cveNotify
2023-08-28 10:58:13
🚨 CVE-2023-26272IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.ğŸŽ–@cveNotify
2023-08-28 10:58:12
🚨 CVE-2023-4561Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.ğŸŽ–@cveNotify
2023-08-28 05:58:44
🚨 CVE-2016-15035A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155.ğŸŽ–@cveNotify
2023-08-28 05:58:43
🚨 CVE-2023-38024SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.ğŸŽ–@cveNotify
2023-08-28 05:58:41
🚨 CVE-2023-38025SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.ğŸŽ–@cveNotify
2023-08-28 05:58:40
🚨 CVE-2023-38026SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.ğŸŽ–@cveNotify
2023-08-28 05:58:39
🚨 CVE-2023-38027SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.ğŸŽ–@cveNotify
2023-08-28 05:58:38
🚨 CVE-2023-20197A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .ğŸŽ–@cveNotify
2023-08-28 05:58:37
🚨 CVE-2023-22877IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.ğŸŽ–@cveNotify
2023-08-28 05:58:33
🚨 CVE-2023-23473IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.ğŸŽ–@cveNotify
2023-08-28 05:58:32
🚨 CVE-2023-24959IBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.ğŸŽ–@cveNotify
2023-08-28 05:58:31
🚨 CVE-2023-26270IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.ğŸŽ–@cveNotify
2023-08-28 05:58:30
🚨 CVE-2023-26271IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 248126.ğŸŽ–@cveNotify
2023-08-28 05:58:29
🚨 CVE-2023-26272IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.ğŸŽ–@cveNotify
2023-08-28 05:58:25
🚨 CVE-2023-4560Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.ğŸŽ–@cveNotify
2023-08-28 05:58:24
🚨 CVE-2023-4561Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.ğŸŽ–@cveNotify
2023-08-28 05:58:23
🚨 CVE-2023-3330Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product.ğŸŽ–@cveNotify
2023-08-28 05:58:22
🚨 CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.ğŸŽ–@cveNotify
2023-08-28 01:01:35
🚨 CVE-2023-4556A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-28 01:01:34
🚨 CVE-2023-4349Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-28 01:01:30
🚨 CVE-2023-4350Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-28 01:01:29
🚨 CVE-2023-4352Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-28 01:01:28
🚨 CVE-2023-4354Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-28 01:01:25
🚨 CVE-2023-4355Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-28 01:01:24
🚨 CVE-2023-4357Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-28 01:01:23
🚨 CVE-2023-4359Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-28 01:01:20
🚨 CVE-2023-4360Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-28 01:01:19
🚨 CVE-2023-4362Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-28 01:01:18
🚨 CVE-2023-4364Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-26 19:58:55
🚨 CVE-2023-4427Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-26 19:58:54
🚨 CVE-2023-4429Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-26 19:58:53
🚨 CVE-2023-4431Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-26 12:58:12
🚨 CVE-2023-4548A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.ğŸŽ–@cveNotify
2023-08-26 10:58:23
🚨 CVE-2023-4546A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-26 10:58:22
🚨 CVE-2023-4545A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-26 10:58:21
🚨 CVE-2023-4544A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-26 05:58:34
🚨 CVE-2023-34723An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.ğŸŽ–@cveNotify
2023-08-26 05:58:33
🚨 CVE-2023-39287A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.ğŸŽ–@cveNotify
2023-08-26 05:58:30
🚨 CVE-2023-39288A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.ğŸŽ–@cveNotify
2023-08-26 05:58:29
🚨 CVE-2023-39290A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.ğŸŽ–@cveNotify
2023-08-26 05:58:28
🚨 CVE-2023-41121Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.ğŸŽ–@cveNotify
2023-08-26 05:58:24
🚨 CVE-2023-4542A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-26 05:58:23
🚨 CVE-2021-27932Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.ğŸŽ–@cveNotify
2023-08-26 05:58:22
🚨 CVE-2023-24621An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.ğŸŽ–@cveNotify
2023-08-26 05:58:18
🚨 CVE-2023-36198Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function.ğŸŽ–@cveNotify
2023-08-26 05:58:17
🚨 CVE-2023-39600IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.ğŸŽ–@cveNotify
2023-08-26 05:58:16
🚨 CVE-2023-39707A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.ğŸŽ–@cveNotify
2023-08-25 23:58:35
🚨 CVE-2023-40585ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t ...`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place.ğŸŽ–@cveNotify
2023-08-25 23:58:34
🚨 CVE-2023-40587Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.ğŸŽ–@cveNotify
2023-08-25 23:58:33
🚨 CVE-2023-41080URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.The vulnerability is limited to the ROOT (default) web application.ğŸŽ–@cveNotify
2023-08-25 23:58:30
🚨 CVE-2023-39908The PKCS11 module of the YubiHSM 2 SDK through 2023.01 does not properly validate the length of specific read operations on object metadata. This may lead to disclosure of uninitialized and previously used memory.ğŸŽ–@cveNotify
2023-08-25 23:58:29
🚨 CVE-2020-18651Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.ğŸŽ–@cveNotify
2023-08-25 23:58:28
🚨 CVE-2020-18652Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.ğŸŽ–@cveNotify
2023-08-25 23:58:24
🚨 CVE-2020-18770An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.ğŸŽ–@cveNotify
2023-08-25 23:58:23
🚨 CVE-2022-48547A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.ğŸŽ–@cveNotify
2023-08-25 23:58:18
🚨 CVE-2020-18781Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.ğŸŽ–@cveNotify
2023-08-25 23:58:17
🚨 CVE-2020-18382Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.ğŸŽ–@cveNotify
2023-08-25 20:58:42
🚨 CVE-2022-29654Buffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.ğŸŽ–@cveNotify
2023-08-25 20:58:41
🚨 CVE-2021-40266FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.ğŸŽ–@cveNotify
2023-08-25 20:58:39
🚨 CVE-2020-25887Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.ğŸŽ–@cveNotify
2023-08-25 20:58:38
🚨 CVE-2020-23804Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.ğŸŽ–@cveNotify
2023-08-25 20:58:37
🚨 CVE-2020-22628Buffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.ğŸŽ–@cveNotify
2023-08-25 20:58:36
🚨 CVE-2020-22570Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.ğŸŽ–@cveNotify
2023-08-25 20:58:34
🚨 CVE-2020-22219Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.ğŸŽ–@cveNotify
2023-08-25 20:58:33
🚨 CVE-2020-21687Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.ğŸŽ–@cveNotify
2023-08-25 20:58:32
🚨 CVE-2023-20197A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .ğŸŽ–@cveNotify
2023-08-25 20:58:31
🚨 CVE-2023-20217A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing certain commands using sudo. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. The attacker must have valid credentials on the affected device.ğŸŽ–@cveNotify
2023-08-25 20:58:30
🚨 CVE-2023-20221A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.ğŸŽ–@cveNotify
2023-08-25 20:58:28
🚨 CVE-2023-4456A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.ğŸŽ–@cveNotify
2023-08-25 20:58:27
🚨 CVE-2020-21722Buffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.ğŸŽ–@cveNotify
2023-08-25 20:58:26
🚨 CVE-2020-21723A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.ğŸŽ–@cveNotify
2023-08-25 20:58:24
🚨 CVE-2020-21724Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.ğŸŽ–@cveNotify
2023-08-25 20:58:23
🚨 CVE-2020-21896A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.ğŸŽ–@cveNotify
2023-08-25 20:58:22
🚨 CVE-2023-40352McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.ğŸŽ–@cveNotify
2023-08-25 20:58:21
🚨 CVE-2020-27418A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.ğŸŽ–@cveNotify
2023-08-25 20:58:20
🚨 CVE-2021-40262A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.ğŸŽ–@cveNotify
2023-08-25 20:58:19
🚨 CVE-2020-21679Buffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.ğŸŽ–@cveNotify
2023-08-25 18:58:42
🚨 CVE-2023-40798In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.ğŸŽ–@cveNotify
2023-08-25 18:58:41
🚨 CVE-2023-38201A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.ğŸŽ–@cveNotify
2023-08-25 18:58:40
🚨 CVE-2023-40799Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.ğŸŽ–@cveNotify
2023-08-25 18:58:39
🚨 CVE-2023-40800The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.ğŸŽ–@cveNotify
2023-08-25 18:58:35
🚨 CVE-2023-40801The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cnğŸŽ–@cveNotify
2023-08-25 18:58:34
🚨 CVE-2023-40802The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cnğŸŽ–@cveNotify
2023-08-25 18:58:33
🚨 CVE-2023-40915Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.ğŸŽ–@cveNotify
2023-08-25 18:58:32
🚨 CVE-2023-4534A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-25 18:58:31
🚨 CVE-2020-22218An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.ğŸŽ–@cveNotify
2023-08-25 18:58:27
🚨 CVE-2023-38906An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.ğŸŽ–@cveNotify
2023-08-25 18:58:26
🚨 CVE-2023-38909An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.ğŸŽ–@cveNotify
2023-08-25 18:58:25
🚨 CVE-2023-40034Woodpecker is a community fork of the Drone CI system. In affected versions an attacker can post malformed webhook data witch lead to an update of the repository data that can e.g. allow the takeover of an repo. This is only critical if the CI is configured for public usage and connected to a forge witch is also in public usage. This issue has been addressed in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should secure the CI system by making it inaccessible to untrusted entities, for example, by placing it behind a firewall.ğŸŽ–@cveNotify
2023-08-25 18:58:24
🚨 CVE-2020-22217Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.ğŸŽ–@cveNotify
2023-08-25 18:58:20
🚨 CVE-2023-4435Improper Input Validation in GitHub repository hamza417/inure prior to build88.ğŸŽ–@cveNotify
2023-08-25 18:58:19
🚨 CVE-2020-21710A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.ğŸŽ–@cveNotify
2023-08-25 18:58:18
🚨 CVE-2020-18831Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.ğŸŽ–@cveNotify
2023-08-25 18:58:17
🚨 CVE-2023-3936The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminğŸŽ–@cveNotify
2023-08-25 16:58:52
🚨 CVE-2023-2006A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.ğŸŽ–@cveNotify
2023-08-25 16:58:50
🚨 CVE-2014-3534arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.ğŸŽ–@cveNotify
2023-08-25 16:58:49
🚨 CVE-2014-3153The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.ğŸŽ–@cveNotify
2023-08-25 16:58:48
🚨 CVE-2014-1737The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.ğŸŽ–@cveNotify
2023-08-25 16:58:47
🚨 CVE-2022-4452Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-25 16:58:43
🚨 CVE-2023-40799Tenda AC23 Vv16.03.07.45_cn AC23 is vulnerable to Buffer via sub_450A4C function.ğŸŽ–@cveNotify
2023-08-25 16:58:42
🚨 CVE-2023-40800The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.ğŸŽ–@cveNotify
2023-08-25 16:58:41
🚨 CVE-2023-40801The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cnğŸŽ–@cveNotify
2023-08-25 16:58:40
🚨 CVE-2023-40802The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cnğŸŽ–@cveNotify
2023-08-25 16:58:39
🚨 CVE-2023-40915Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.ğŸŽ–@cveNotify
2023-08-25 16:58:38
🚨 CVE-2023-4534A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-25 16:58:37
🚨 CVE-2023-3269A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.ğŸŽ–@cveNotify
2023-08-25 16:58:36
🚨 CVE-2023-4448A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-25 16:58:35
🚨 CVE-2023-4447A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568.ğŸŽ–@cveNotify
2023-08-25 16:58:34
🚨 CVE-2020-23992Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.ğŸŽ–@cveNotify
2023-08-25 16:58:30
🚨 CVE-2023-33242Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.ğŸŽ–@cveNotify
2023-08-25 16:58:28
🚨 CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.ğŸŽ–@cveNotify
2023-08-25 16:58:27
🚨 CVE-2023-39747TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm.ğŸŽ–@cveNotify
2023-08-25 16:58:26
🚨 CVE-2023-39748An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.ğŸŽ–@cveNotify
2023-08-25 13:58:18
🚨 CVE-2023-4478Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.ğŸŽ–@cveNotify
2023-08-25 10:58:27
🚨 CVE-2023-3406Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web serverğŸŽ–@cveNotify
2023-08-25 10:58:26
🚨 CVE-2023-3425Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.ğŸŽ–@cveNotify
2023-08-25 10:58:25
🚨 CVE-2023-32756e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files, but can’t control system or disrupt service.ğŸŽ–@cveNotify
2023-08-25 10:58:24
🚨 CVE-2023-32755e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command.ğŸŽ–@cveNotify
2023-08-25 10:58:20
🚨 CVE-2023-41173AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.ğŸŽ–@cveNotify
2023-08-25 10:58:19
🚨 CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.ğŸŽ–@cveNotify
2023-08-25 10:58:18
🚨 CVE-2023-3573In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.ğŸŽ–@cveNotify
2023-08-25 10:58:14
🚨 CVE-2023-3261The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier contains a buffer overflow vulnerability in the librta.so.0.0.0 library.Successful exploitation could cause denial of service or unexpected behavior with respect to all interactions relying on the targeted vulnerable binary, including the ability to log in via the web server.ğŸŽ–@cveNotify
2023-08-25 10:58:13
🚨 CVE-2023-2673Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks.ğŸŽ–@cveNotify
2023-08-25 10:58:12
🚨 CVE-2023-3260The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to command injection via the `user-name` URL parameter. An authenticated malicious agent can exploit this vulnerability to execute arbitrary command on the underlying Linux operating system.ğŸŽ–@cveNotify
2023-08-25 05:58:31
🚨 CVE-2023-40530Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.ğŸŽ–@cveNotify
2023-08-25 05:58:30
🚨 CVE-2023-39699IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.ğŸŽ–@cveNotify
2023-08-25 05:58:29
🚨 CVE-2023-39700IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.ğŸŽ–@cveNotify
2023-08-25 05:58:28
🚨 CVE-2023-38973A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.ğŸŽ–@cveNotify
2023-08-25 05:58:27
🚨 CVE-2023-38974A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.ğŸŽ–@cveNotify
2023-08-25 05:58:26
🚨 CVE-2023-40179Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.ğŸŽ–@cveNotify
2023-08-25 05:58:24
🚨 CVE-2023-40182Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.ğŸŽ–@cveNotify
2023-08-25 05:58:23
🚨 CVE-2023-40217An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)ğŸŽ–@cveNotify
2023-08-25 05:58:22
🚨 CVE-2023-40570Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4.ğŸŽ–@cveNotify
2023-08-25 05:58:21
🚨 CVE-2023-40577Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.ğŸŽ–@cveNotify
2023-08-25 05:58:20
🚨 CVE-2023-40599Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.ğŸŽ–@cveNotify
2023-08-25 05:58:19
🚨 CVE-2023-4520The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.ğŸŽ–@cveNotify
2023-08-25 05:58:18
🚨 CVE-2023-32077Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.ğŸŽ–@cveNotify
2023-08-25 00:58:23
🚨 CVE-2022-39266isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. Version 4.3.7 changes the documentation to warn users that they should not accept `cachedData` payloads from a user.ğŸŽ–@cveNotify
2023-08-25 00:58:22
🚨 CVE-2022-28073A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.ğŸŽ–@cveNotify
2023-08-25 00:58:18
🚨 CVE-2023-23564An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.ğŸŽ–@cveNotify
2023-08-25 00:58:17
🚨 CVE-2022-28071A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.ğŸŽ–@cveNotify
2023-08-25 00:58:13
🚨 CVE-2022-28069A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.ğŸŽ–@cveNotify
2023-08-25 00:58:12
🚨 CVE-2022-28068A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.ğŸŽ–@cveNotify
2023-08-25 00:58:11
🚨 CVE-2021-33388dpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.yğŸŽ–@cveNotify
2023-08-24 22:58:44
🚨 CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.ğŸŽ–@cveNotify
2023-08-24 22:58:43
🚨 CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityğŸŽ–@cveNotify
2023-08-24 22:58:42
🚨 CVE-2023-38158Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityğŸŽ–@cveNotify
2023-08-24 22:58:41
🚨 CVE-2023-25913Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.ğŸŽ–@cveNotify
2023-08-24 22:58:40
🚨 CVE-2023-25914Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.ğŸŽ–@cveNotify
2023-08-24 22:58:36
🚨 CVE-2023-25915Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.ğŸŽ–@cveNotify
2023-08-24 22:58:35
🚨 CVE-2023-4301A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.ğŸŽ–@cveNotify
2023-08-24 22:58:34
🚨 CVE-2023-4302A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.ğŸŽ–@cveNotify
2023-08-24 22:58:33
🚨 CVE-2023-4303Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.ğŸŽ–@cveNotify
2023-08-24 22:58:32
🚨 CVE-2023-38899SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.ğŸŽ–@cveNotify
2023-08-24 22:58:28
🚨 CVE-2023-39660An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.ğŸŽ–@cveNotify
2023-08-24 22:58:27
🚨 CVE-2023-31041An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.ğŸŽ–@cveNotify
2023-08-24 22:58:26
🚨 CVE-2023-38889An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String).ğŸŽ–@cveNotify
2023-08-24 22:58:25
🚨 CVE-2023-39749D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. This vulnerability is exploited via a crafted GET request.ğŸŽ–@cveNotify
2023-08-24 22:58:21
🚨 CVE-2023-39750D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request.ğŸŽ–@cveNotify
2023-08-24 22:58:20
🚨 CVE-2023-39751TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.ğŸŽ–@cveNotify
2023-08-24 22:58:19
🚨 CVE-2023-4450A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.ğŸŽ–@cveNotify
2023-08-24 22:58:18
🚨 CVE-2023-4453Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.ğŸŽ–@cveNotify
2023-08-24 22:58:17
🚨 CVE-2023-4454Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.ğŸŽ–@cveNotify
2023-08-24 20:58:30
🚨 CVE-2023-40876DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.ğŸŽ–@cveNotify
2023-08-24 20:58:29
🚨 CVE-2023-34040In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topicBy default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.ğŸŽ–@cveNotify
2023-08-24 20:58:28
🚨 CVE-2023-40891Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.ğŸŽ–@cveNotify
2023-08-24 20:58:24
🚨 CVE-2023-40893Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.ğŸŽ–@cveNotify
2023-08-24 20:58:23
🚨 CVE-2023-40895Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.ğŸŽ–@cveNotify
2023-08-24 20:58:22
🚨 CVE-2023-40896Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.ğŸŽ–@cveNotify
2023-08-24 20:58:19
🚨 CVE-2023-40897Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.ğŸŽ–@cveNotify
2023-08-24 20:58:18
🚨 CVE-2023-40899Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.ğŸŽ–@cveNotify
2023-08-24 20:58:17
🚨 CVE-2023-40901Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.ğŸŽ–@cveNotify
2023-08-24 20:58:13
🚨 CVE-2023-40902Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.ğŸŽ–@cveNotify
2023-08-24 20:58:12
🚨 CVE-2023-4418A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.ğŸŽ–@cveNotify
2023-08-24 20:58:11
🚨 CVE-2023-4419The LMS5xx uses hard-coded credentials, which potentially allow low-skilledunauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.ğŸŽ–@cveNotify
2023-08-24 19:58:45
🚨 CVE-2023-34971An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQTS 4.5.4.2467 build 20230718 and laterQuTS hero h5.1.0.2424 build 20230609 and laterQuTS hero h4.5.4.2476 build 20230728 and laterğŸŽ–@cveNotify
2023-08-24 19:58:44
🚨 CVE-2023-34972A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors.We have already fixed the vulnerability in the following versions:QTS 5.0.1.2425 build 20230609 and laterQTS 5.1.0.2444 build 20230629 and laterQuTS hero h5.1.0.2424 build 20230609 and laterğŸŽ–@cveNotify
2023-08-24 19:58:42
🚨 CVE-2023-40706There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login.ğŸŽ–@cveNotify
2023-08-24 19:58:41
🚨 CVE-2023-40707There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don't set up complex credentials.ğŸŽ–@cveNotify
2023-08-24 19:58:37
🚨 CVE-2023-40708The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.ğŸŽ–@cveNotify
2023-08-24 19:58:36
🚨 CVE-2023-40709An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3bğŸŽ–@cveNotify
2023-08-24 19:58:35
🚨 CVE-2023-40710An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3bğŸŽ–@cveNotify
2023-08-24 19:58:34
🚨 CVE-2023-34960A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.ğŸŽ–@cveNotify
2023-08-24 19:58:33
🚨 CVE-2023-37914XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-24 19:58:29
🚨 CVE-2023-34419A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-24 19:58:28
🚨 CVE-2023-40272Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.It is recommended to upgrade to a version that is not affected.ğŸŽ–@cveNotify
2023-08-24 19:58:27
🚨 CVE-2023-4392A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237380. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-24 19:58:26
🚨 CVE-2023-39785Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.ğŸŽ–@cveNotify
2023-08-24 19:58:25
🚨 CVE-2023-39786Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.ğŸŽ–@cveNotify
2023-08-24 19:58:21
🚨 CVE-2023-39784Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.ğŸŽ–@cveNotify
2023-08-24 19:58:20
🚨 CVE-2023-25647There is a permission and access control vulnerability in some ZTE mobile phones. Due to improper access control, applications in mobile phone could monitor the touch event.ğŸŽ–@cveNotify
2023-08-24 19:58:19
🚨 CVE-2023-26115All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.ğŸŽ–@cveNotify
2023-08-24 19:58:18
🚨 CVE-2023-27471An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.ğŸŽ–@cveNotify
2023-08-24 17:58:23
🚨 CVE-2023-2318DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.ğŸŽ–@cveNotify
2023-08-24 17:58:19
🚨 CVE-2023-21267In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-24 17:58:18
🚨 CVE-2023-40371IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.ğŸŽ–@cveNotify
2023-08-24 17:58:17
🚨 CVE-2022-38223There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. It can be triggered by sending a crafted HTML file to the w3m binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.ğŸŽ–@cveNotify
2023-08-24 17:58:14
🚨 CVE-2023-4415A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-24 17:58:13
🚨 CVE-2023-25399A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function.ğŸŽ–@cveNotify
2023-08-24 17:58:12
🚨 CVE-2021-33503An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the authority regular expression exhibits catastrophic backtracking, causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.ğŸŽ–@cveNotify
2023-08-24 05:58:59
🚨 CVE-2023-4358Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-24 05:58:58
🚨 CVE-2023-4359Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-24 05:58:55
🚨 CVE-2023-4360Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-24 05:58:54
🚨 CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.ğŸŽ–@cveNotify
2023-08-24 05:58:53
🚨 CVE-2023-34475A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c. An attacker could trick user to open a specially crafted file to convert, triggering an heap-use-after-free write error, allowing an application to crash, resulting in a denial of service.ğŸŽ–@cveNotify
2023-08-24 05:58:52
🚨 CVE-2023-3195A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c. This flaw allows an attacker to trick the user into opening a specially crafted malicious tiff file, causing an application to crash, resulting in a denial of service.ğŸŽ–@cveNotify
2023-08-24 05:58:48
🚨 CVE-2023-40360QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.ğŸŽ–@cveNotify
2023-08-24 05:58:47
🚨 CVE-2023-40572XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.ğŸŽ–@cveNotify
2023-08-24 05:58:46
🚨 CVE-2023-40573XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with "Job content executed" will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1.ğŸŽ–@cveNotify
2023-08-24 01:58:28
🚨 CVE-2023-32202Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.ğŸŽ–@cveNotify
2023-08-24 01:58:26
🚨 CVE-2023-36317Cross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.ğŸŽ–@cveNotify
2023-08-24 01:58:25
🚨 CVE-2023-38422Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.ğŸŽ–@cveNotify
2023-08-24 01:58:24
🚨 CVE-2023-3453ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.ğŸŽ–@cveNotify
2023-08-24 01:58:22
🚨 CVE-2023-41028A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root.ğŸŽ–@cveNotify
2023-08-23 23:58:17
🚨 CVE-2023-20115A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.ğŸŽ–@cveNotify
2023-08-23 23:58:16
🚨 CVE-2023-20168A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. ğŸŽ–@cveNotify
2023-08-23 12:58:18
🚨 CVE-2023-3899A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.ğŸŽ–@cveNotify
2023-08-23 10:58:22
🚨 CVE-2023-41104libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.ğŸŽ–@cveNotify
2023-08-23 10:58:21
🚨 CVE-2023-41105An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.ğŸŽ–@cveNotify
2023-08-23 10:58:20
🚨 CVE-2023-41098An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.ğŸŽ–@cveNotify
2023-08-23 10:58:19
🚨 CVE-2023-41100An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.ğŸŽ–@cveNotify
2023-08-23 10:58:18
🚨 CVE-2023-4041Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader.ğŸŽ–@cveNotify
2023-08-23 06:58:34
🚨 CVE-2023-4427Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-23 06:58:33
🚨 CVE-2023-4428Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-23 06:58:31
🚨 CVE-2023-4429Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-23 06:58:30
🚨 CVE-2023-4430Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-23 06:58:29
🚨 CVE-2023-4431Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-23 06:58:27
🚨 CVE-2022-44729Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.ğŸŽ–@cveNotify
2023-08-23 06:58:26
🚨 CVE-2022-44730Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.A malicious SVG can probe user profile / data and send it directly as parameter to a URL.ğŸŽ–@cveNotify
2023-08-23 06:58:25
🚨 CVE-2023-40027Keystone is an open source headless CMS for Node.js — built with GraphQL and React. When `ui.isAccessAllowed` is set as `undefined`, the `adminMeta` GraphQL query is publicly accessible (no session required). This is different to the behaviour of the default AdminUI middleware, which by default will only be publicly accessible (no session required) if a `session` strategy is not defined. This vulnerability does not affect developers using the `@keystone-6/auth` package, or any users that have written their own `ui.isAccessAllowed` (that is to say, `isAccessAllowed` is not `undefined`). This vulnerability does affect users who believed that their `session` strategy will, by default, enforce that `adminMeta` is inaccessible by the public in accordance with that strategy; akin to the behaviour of the AdminUI middleware. This vulnerability has been patched in `@keystone-6/core` version `5.5.1`. Users are advised to upgrade. Users unable to upgrade may opt to write their own `isAccessAllowed` functionality to work-around this vulnerability.ğŸŽ–@cveNotify
2023-08-23 06:58:24
🚨 CVE-2023-40028Ghost is an open source content management system. Versions prior to 5.59.1 are subject to a vulnerability which allows authenticated users to upload files that are symlinks. This can be exploited to perform an arbitrary file read of any file on the host operating system. Site administrators can check for exploitation of this issue by looking for unknown symlinks within Ghost's `content/` folder. Version 5.59.1 contains a fix for this issue. All users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-23 06:58:22
🚨 CVE-2023-40013SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive. Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-23 06:58:21
🚨 CVE-2023-4265Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 ğŸŽ–@cveNotify
2023-08-23 00:58:55
🚨 CVE-2023-20201Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.ğŸŽ–@cveNotify
2023-08-23 00:58:54
🚨 CVE-2023-4389A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.ğŸŽ–@cveNotify
2023-08-23 00:58:52
🚨 CVE-2023-4385A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.ğŸŽ–@cveNotify
2023-08-23 00:58:50
🚨 CVE-2023-40351A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.ğŸŽ–@cveNotify
2023-08-23 00:58:48
🚨 CVE-2023-38737IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. IBM X-Force ID: 262567.ğŸŽ–@cveNotify
2023-08-23 00:58:47
🚨 CVE-2023-32547Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-23 00:58:45
🚨 CVE-2023-36671An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. This allows an adversary to trick the victim into sending plaintext traffic to the VPN server's IP address and thereby deanonymize the victim. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack for only traffic to the real IP address of the VPN server" rather than to only Clario.ğŸŽ–@cveNotify
2023-08-23 00:58:44
🚨 CVE-2023-20203Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.ğŸŽ–@cveNotify
2023-08-23 00:58:42
🚨 CVE-2023-20222A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.ğŸŽ–@cveNotify
2023-08-23 00:58:41
🚨 CVE-2023-20205Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.ğŸŽ–@cveNotify
2023-08-23 00:58:39
🚨 CVE-2023-4382A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-23 00:58:37
🚨 CVE-2020-24113Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).ğŸŽ–@cveNotify
2023-08-23 00:58:35
🚨 CVE-2023-38733IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.ğŸŽ–@cveNotify
2023-08-23 00:58:33
🚨 CVE-2023-38734IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.ğŸŽ–@cveNotify
2023-08-23 00:58:31
🚨 CVE-2023-39026Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.ğŸŽ–@cveNotify
2023-08-23 00:58:29
🚨 CVE-2023-40370IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.ğŸŽ–@cveNotify
2023-08-23 00:58:28
🚨 CVE-2023-31492Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users.ğŸŽ–@cveNotify
2023-08-23 00:58:26
🚨 CVE-2023-39910The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.ğŸŽ–@cveNotify
2023-08-23 00:58:25
🚨 CVE-2021-37386Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.ğŸŽ–@cveNotify
2023-08-23 00:58:23
🚨 CVE-2023-39341"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure ? versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).ğŸŽ–@cveNotify
2023-08-22 22:58:40
🚨 CVE-2020-19189Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.ğŸŽ–@cveNotify
2023-08-22 22:58:39
🚨 CVE-2020-21428Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.ğŸŽ–@cveNotify
2023-08-22 22:58:38
🚨 CVE-2020-19726An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.ğŸŽ–@cveNotify
2023-08-22 22:58:37
🚨 CVE-2020-20813Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.ğŸŽ–@cveNotify
2023-08-22 22:58:36
🚨 CVE-2020-21687Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.ğŸŽ–@cveNotify
2023-08-22 22:58:35
🚨 CVE-2020-21723A Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.ğŸŽ–@cveNotify
2023-08-22 22:58:34
🚨 CVE-2020-21710A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.ğŸŽ–@cveNotify
2023-08-22 22:58:33
🚨 CVE-2020-21890Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.ğŸŽ–@cveNotify
2023-08-22 22:58:32
🚨 CVE-2020-21896A Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.ğŸŽ–@cveNotify
2023-08-22 22:58:31
🚨 CVE-2020-21686A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.ğŸŽ–@cveNotify
2023-08-22 22:58:30
🚨 CVE-2020-22217Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.ğŸŽ–@cveNotify
2023-08-22 22:58:29
🚨 CVE-2020-21699The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.ğŸŽ–@cveNotify
2023-08-22 22:58:28
🚨 CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.ğŸŽ–@cveNotify
2023-08-22 22:58:27
🚨 CVE-2020-21724Buffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.ğŸŽ–@cveNotify
2023-08-22 22:58:26
🚨 CVE-2020-22181A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgiğŸŽ–@cveNotify
2023-08-22 22:58:21
🚨 CVE-2020-23793An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.ğŸŽ–@cveNotify
2023-08-22 22:58:20
🚨 CVE-2020-24294Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.ğŸŽ–@cveNotify
2023-08-22 22:58:19
🚨 CVE-2021-32420dpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.ğŸŽ–@cveNotify
2023-08-22 22:58:18
🚨 CVE-2020-26652An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.ğŸŽ–@cveNotify
2023-08-22 18:58:42
🚨 CVE-2023-4241lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected.ğŸŽ–@cveNotify
2023-08-22 18:58:40
🚨 CVE-2023-0551The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachmentsğŸŽ–@cveNotify
2023-08-22 18:58:35
🚨 CVE-2023-22957An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.ğŸŽ–@cveNotify
2023-08-22 18:58:34
🚨 CVE-2023-1977The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.ğŸŽ–@cveNotify
2023-08-22 18:58:33
🚨 CVE-2023-2122The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.ğŸŽ–@cveNotify
2023-08-22 18:58:32
🚨 CVE-2023-2123The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.ğŸŽ–@cveNotify
2023-08-22 18:58:31
🚨 CVE-2023-2225The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).ğŸŽ–@cveNotify
2023-08-22 18:58:27
🚨 CVE-2023-2254The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.ğŸŽ–@cveNotify
2023-08-22 18:58:26
🚨 CVE-2023-2271The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attackğŸŽ–@cveNotify
2023-08-22 18:58:25
🚨 CVE-2023-2272The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminğŸŽ–@cveNotify
2023-08-22 18:58:24
🚨 CVE-2023-4381Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git.ğŸŽ–@cveNotify
2023-08-22 18:58:23
🚨 CVE-2020-26037Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-22 16:59:13
🚨 CVE-2023-4363Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-22 16:59:12
🚨 CVE-2023-4362Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-22 16:59:11
🚨 CVE-2023-38915File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function.ğŸŽ–@cveNotify
2023-08-22 16:59:10
🚨 CVE-2020-27673An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.ğŸŽ–@cveNotify
2023-08-22 16:59:06
🚨 CVE-2023-32748The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.ğŸŽ–@cveNotify
2023-08-22 16:59:05
🚨 CVE-2023-38840Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.ğŸŽ–@cveNotify
2023-08-22 16:59:04
🚨 CVE-2023-38687Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is opened. Item names given to Svelecte appear to be directly rendered as HTML by the default item renderer. This means that any HTML tags in the name are rendered as HTML elements not as text. Note that the custom item renderer shown in https://mskocik.github.io/svelecte/#item-rendering is also vulnerable to the same exploit. Any site that uses Svelecte with dynamically created items either from an external source or from user-created content could be vulnerable to an XSS attack (execution of untrusted JavaScript), clickjacking or any other attack that can be performed with arbitrary HTML injection. The actual impact of this vulnerability for a specific application depends on how trustworthy the sources that provide Svelecte items are and the steps that the application has taken to mitigate XSS attacks. XSS attacks using this vulnerability are mostly mitigated by a Content Security Policy that blocks inline JavaScript. This issue has been addressed in version 3.16.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-22 16:59:00
🚨 CVE-2023-29468The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.ğŸŽ–@cveNotify
2023-08-22 16:58:59
🚨 CVE-2023-40020PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions `app/routes/v3/admin.controller.ts` did not correctly verify whether the user was an administrator (High Level) or moderator (Low Level) causing the request to continue processing. The response would be a 403 with ADMIN_ONLY, however, next() would call leading to any updates/changes in the route to process. This issue has been addressed in version 3.2.49. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-22 16:58:58
🚨 CVE-2023-39947eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.ğŸŽ–@cveNotify
2023-08-22 16:58:54
🚨 CVE-2023-39946eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.ğŸŽ–@cveNotify
2023-08-22 16:58:53
🚨 CVE-2023-24478Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-22 16:58:52
🚨 CVE-2023-32494Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.ğŸŽ–@cveNotify
2023-08-22 16:58:51
🚨 CVE-2023-32004A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.ğŸŽ–@cveNotify
2023-08-22 14:58:49
🚨 CVE-2023-0274The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.ğŸŽ–@cveNotify
2023-08-22 14:58:48
🚨 CVE-2023-0579The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.ğŸŽ–@cveNotify
2023-08-22 14:58:47
🚨 CVE-2023-1110The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksğŸŽ–@cveNotify
2023-08-22 14:58:45
🚨 CVE-2023-1465The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as adminğŸŽ–@cveNotify
2023-08-22 14:58:44
🚨 CVE-2023-38906An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.ğŸŽ–@cveNotify
2023-08-22 14:58:43
🚨 CVE-2023-38908An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.ğŸŽ–@cveNotify
2023-08-22 14:58:42
🚨 CVE-2023-38909An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.ğŸŽ–@cveNotify
2023-08-22 14:58:41
🚨 CVE-2023-4301A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.ğŸŽ–@cveNotify
2023-08-22 14:58:40
🚨 CVE-2023-4302A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.ğŸŽ–@cveNotify
2023-08-22 14:58:38
🚨 CVE-2023-4303Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.ğŸŽ–@cveNotify
2023-08-22 14:58:37
🚨 CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityğŸŽ–@cveNotify
2023-08-22 14:58:36
🚨 CVE-2023-38158Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityğŸŽ–@cveNotify
2023-08-22 14:58:35
🚨 CVE-2023-25913Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.ğŸŽ–@cveNotify
2023-08-22 14:58:34
🚨 CVE-2023-25914Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.ğŸŽ–@cveNotify
2023-08-22 14:58:33
🚨 CVE-2023-25915Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.ğŸŽ–@cveNotify
2023-08-22 14:58:31
🚨 CVE-2023-40352McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.ğŸŽ–@cveNotify
2023-08-22 14:58:30
🚨 CVE-2023-4373Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.ğŸŽ–@cveNotify
2023-08-22 14:58:29
🚨 CVE-2023-4417Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.ğŸŽ–@cveNotify
2023-08-22 14:58:28
🚨 CVE-2023-4459A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.ğŸŽ–@cveNotify
2023-08-22 00:58:14
🚨 CVE-2023-4301A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.ğŸŽ–@cveNotify
2023-08-22 00:58:13
🚨 CVE-2022-47952lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.ğŸŽ–@cveNotify
2023-08-22 00:58:12
🚨 CVE-2022-34671NVIDIA GPU Display Driver for Windows contains a vulnerability in the user-mode layer, where an unprivileged user can cause an out-of-bounds write, which may lead to code execution, information disclosure, and denial of service.ğŸŽ–@cveNotify
2023-08-21 22:58:19
🚨 CVE-2023-25913Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.ğŸŽ–@cveNotify
2023-08-21 22:58:17
🚨 CVE-2023-25914Due to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.ğŸŽ–@cveNotify
2023-08-21 22:58:16
🚨 CVE-2023-25915Due to improper input validation, a remote attacker could execute arbitrary commands on the target system.ğŸŽ–@cveNotify
2023-08-21 22:58:15
🚨 CVE-2023-36787Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityğŸŽ–@cveNotify
2023-08-21 22:58:14
🚨 CVE-2023-38158Microsoft Edge (Chromium-based) Information Disclosure VulnerabilityğŸŽ–@cveNotify
2023-08-21 22:58:13
🚨 CVE-2023-29360Microsoft Streaming Service Elevation of Privilege VulnerabilityğŸŽ–@cveNotify
2023-08-21 20:58:30
🚨 CVE-2023-4334Broadcom RAID Controller Web server (nginx) is serving private files without any authenticationğŸŽ–@cveNotify
2023-08-21 20:58:29
🚨 CVE-2023-4336Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attributeğŸŽ–@cveNotify
2023-08-21 20:58:28
🚨 CVE-2023-4338Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options HeadersğŸŽ–@cveNotify
2023-08-21 20:58:24
🚨 CVE-2023-4340Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log fileğŸŽ–@cveNotify
2023-08-21 20:58:23
🚨 CVE-2023-4342Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policyğŸŽ–@cveNotify
2023-08-21 20:58:22
🚨 CVE-2023-4343Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameterğŸŽ–@cveNotify
2023-08-21 20:58:18
🚨 CVE-2023-4323Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setupğŸŽ–@cveNotify
2023-08-21 20:58:17
🚨 CVE-2023-4326Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuitesğŸŽ–@cveNotify
2023-08-21 20:58:13
🚨 CVE-2023-4328Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on LinuxğŸŽ–@cveNotify
2023-08-21 20:58:12
🚨 CVE-2023-4330Broadcom RAID Controller web interface is vulnerable Denial of Service can be caused by an authenticated user to the REST API InterfaceğŸŽ–@cveNotify
2023-08-21 20:58:11
🚨 CVE-2023-4331Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocolsğŸŽ–@cveNotify
2023-08-21 17:58:32
🚨 CVE-2023-32267A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.ğŸŽ–@cveNotify
2023-08-21 17:58:28
🚨 CVE-2021-28025Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).ğŸŽ–@cveNotify
2023-08-21 17:58:27
🚨 CVE-2022-36392Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.ğŸŽ–@cveNotify
2023-08-21 17:58:26
🚨 CVE-2022-45112Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-21 17:58:22
🚨 CVE-2023-2802The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-08-21 17:58:21
🚨 CVE-2023-2606The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).ğŸŽ–@cveNotify
2023-08-21 14:58:28
🚨 CVE-2023-4349Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-21 14:58:27
🚨 CVE-2023-21235In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-21 14:58:26
🚨 CVE-2020-28715An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).ğŸŽ–@cveNotify
2023-08-21 14:58:23
🚨 CVE-2023-38899SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.ğŸŽ–@cveNotify
2023-08-21 14:58:22
🚨 CVE-2023-40735Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT - BUTTERFLY BUTTON (Architecture) allows loss of plausible deniability, confidentiality.This issue affects BUTTERFLY BUTTON: As of 2023-08-21.ğŸŽ–@cveNotify
2023-08-21 14:58:21
🚨 CVE-2023-4455Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.ğŸŽ–@cveNotify
2023-08-21 12:58:13
🚨 CVE-2023-4453Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.ğŸŽ–@cveNotify
2023-08-21 12:58:12
🚨 CVE-2023-4455Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.ğŸŽ–@cveNotify
2023-08-21 10:58:27
🚨 CVE-2023-39543Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.ğŸŽ–@cveNotify
2023-08-21 10:58:23
🚨 CVE-2023-40068Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.ğŸŽ–@cveNotify
2023-08-21 10:58:22
🚨 CVE-2023-39851** DISPUTED ** webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. NOTE: this is disputed by a third party who indicates that the playerID is a session variable controlled by the server, and thus cannot be used for exploitation.ğŸŽ–@cveNotify
2023-08-21 10:58:21
🚨 CVE-2023-39852** DISPUTED ** Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. NOTE: this is disputed by a third party who indicates that the userid is a session variable controlled by the server, and thus cannot be used for exploitation.ğŸŽ–@cveNotify
2023-08-21 05:58:39
🚨 CVE-2023-39750D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request.ğŸŽ–@cveNotify
2023-08-21 05:58:38
🚨 CVE-2023-39751TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.ğŸŽ–@cveNotify
2023-08-21 05:58:36
🚨 CVE-2023-4450A vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.ğŸŽ–@cveNotify
2023-08-21 05:58:35
🚨 CVE-2023-4016Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.ğŸŽ–@cveNotify
2023-08-21 05:58:34
🚨 CVE-2023-20593An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.ğŸŽ–@cveNotify
2023-08-21 05:58:33
🚨 CVE-2023-39617TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.ğŸŽ–@cveNotify
2023-08-21 05:58:32
🚨 CVE-2023-39618TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.ğŸŽ–@cveNotify
2023-08-21 05:58:31
🚨 CVE-2023-4447A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568.ğŸŽ–@cveNotify
2023-08-21 05:58:29
🚨 CVE-2023-4448A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-21 05:58:28
🚨 CVE-2023-4449A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-21 05:58:24
🚨 CVE-2023-40251Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-21 05:58:23
🚨 CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-21 05:58:22
🚨 CVE-2023-40253Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-21 05:58:21
🚨 CVE-2023-39784Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.ğŸŽ–@cveNotify
2023-08-21 05:58:20
🚨 CVE-2023-39785Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.ğŸŽ–@cveNotify
2023-08-21 05:58:16
🚨 CVE-2023-39786Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.ğŸŽ–@cveNotify
2023-08-21 05:58:15
🚨 CVE-2023-39807N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.ğŸŽ–@cveNotify
2023-08-21 05:58:14
🚨 CVE-2023-39808N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service.ğŸŽ–@cveNotify
2023-08-21 05:58:13
🚨 CVE-2023-39809N.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php.ğŸŽ–@cveNotify
2023-08-21 05:58:12
🚨 CVE-2023-4443A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Affected is an unknown function of the file vm\doctor\edit-doc.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237564.ğŸŽ–@cveNotify
2023-08-21 01:58:22
🚨 CVE-2023-4438A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237559.ğŸŽ–@cveNotify
2023-08-21 01:58:21
🚨 CVE-2023-4439A vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The identifier of this vulnerability is VDB-237560.ğŸŽ–@cveNotify
2023-08-21 01:58:19
🚨 CVE-2023-4436A vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237557 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-21 01:58:18
🚨 CVE-2023-4437A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237558 is the identifier assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-20 22:58:11
🚨 CVE-2023-30861Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.2. The application sets `session.permanent = True`3. The application does not access or modify the session at any point during a request.4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.This happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5.ğŸŽ–@cveNotify
2023-08-20 20:58:12
🚨 CVE-2022-24989TerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.ğŸŽ–@cveNotify
2023-08-20 20:58:11
🚨 CVE-2023-36674An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.ğŸŽ–@cveNotify
2023-08-20 16:58:11
🚨 CVE-2023-4451Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.ğŸŽ–@cveNotify
2023-08-20 10:58:18
🚨 CVE-2023-37250Unity Parsec before 8 has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in "Per User" mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs.ğŸŽ–@cveNotify
2023-08-20 10:58:17
🚨 CVE-2023-37369In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.ğŸŽ–@cveNotify
2023-08-20 06:58:12
🚨 CVE-2023-2318DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.ğŸŽ–@cveNotify
2023-08-19 22:00:37
🚨 CVE-2023-3609A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.ğŸŽ–@cveNotify
2023-08-19 22:00:36
🚨 CVE-2023-3338A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.ğŸŽ–@cveNotify
2023-08-19 22:00:35
🚨 CVE-2023-3090A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.ğŸŽ–@cveNotify
2023-08-19 22:00:33
🚨 CVE-2023-3389A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).ğŸŽ–@cveNotify
2023-08-19 22:00:32
🚨 CVE-2023-3212A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.ğŸŽ–@cveNotify
2023-08-19 22:00:31
🚨 CVE-2023-35788An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.ğŸŽ–@cveNotify
2023-08-19 22:00:29
🚨 CVE-2023-3268An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.ğŸŽ–@cveNotify
2023-08-19 22:00:28
🚨 CVE-2023-3111A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().ğŸŽ–@cveNotify
2023-08-19 22:00:26
🚨 CVE-2023-31084An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.ğŸŽ–@cveNotify
2023-08-19 22:00:25
🚨 CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality.Â ğŸŽ–@cveNotify
2023-08-19 22:00:23
🚨 CVE-2023-21255In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-19 22:00:22
🚨 CVE-2023-21400In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-19 22:00:21
🚨 CVE-2023-1206A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.ğŸŽ–@cveNotify
2023-08-19 22:00:19
🚨 CVE-2023-2898There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.ğŸŽ–@cveNotify
2023-08-19 22:00:18
🚨 CVE-2023-2002A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.ğŸŽ–@cveNotify
2023-08-19 22:00:17
🚨 CVE-2023-2124An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.ğŸŽ–@cveNotify
2023-08-19 22:00:15
🚨 CVE-2023-2269A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.ğŸŽ–@cveNotify
2023-08-19 22:00:14
🚨 CVE-2023-2007The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.ğŸŽ–@cveNotify
2023-08-19 22:00:13
🚨 CVE-2023-1380A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.ğŸŽ–@cveNotify
2023-08-19 22:00:12
🚨 CVE-2022-4269A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.ğŸŽ–@cveNotify
2023-08-19 12:00:59
🚨 CVE-2023-2318DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.ğŸŽ–@cveNotify
2023-08-19 12:00:58
🚨 CVE-2023-2971Improper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via "typora://app/typemark/". This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.ğŸŽ–@cveNotify
2023-08-19 06:01:41
🚨 CVE-2022-4918Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-19 06:01:40
🚨 CVE-2022-4920Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-19 06:01:39
🚨 CVE-2022-3443Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page. (Chromium security severity: Low)ğŸŽ–@cveNotify
2023-08-19 06:01:38
🚨 CVE-2022-3444Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)ğŸŽ–@cveNotify
2023-08-19 06:01:35
🚨 CVE-2022-2477Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.ğŸŽ–@cveNotify
2023-08-19 06:01:34
🚨 CVE-2022-2479Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.ğŸŽ–@cveNotify
2023-08-19 06:01:33
🚨 CVE-2022-2481Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.ğŸŽ–@cveNotify
2023-08-19 06:01:29
🚨 CVE-2022-1919Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.ğŸŽ–@cveNotify
2023-08-19 06:01:28
🚨 CVE-2023-4432Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.ğŸŽ–@cveNotify
2023-08-19 06:01:27
🚨 CVE-2023-3997Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.ğŸŽ–@cveNotify
2023-08-19 06:01:23
🚨 CVE-2022-46706A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.ğŸŽ–@cveNotify
2023-08-19 06:01:22
🚨 CVE-2023-38857Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.ğŸŽ–@cveNotify
2023-08-19 06:01:21
🚨 CVE-2023-38851Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018.ğŸŽ–@cveNotify
2023-08-19 00:58:19
🚨 CVE-2023-38839SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component.ğŸŽ–@cveNotify
2023-08-19 00:58:18
🚨 CVE-2023-40037Apache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.ğŸŽ–@cveNotify
2023-08-19 00:58:16
🚨 CVE-2023-40172Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-19 00:58:15
🚨 CVE-2023-40173Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.ğŸŽ–@cveNotify
2023-08-19 00:58:14
🚨 CVE-2023-40174Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user's session. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-19 00:58:13
🚨 CVE-2023-40175Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-18 22:58:24
🚨 CVE-2023-27471An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.ğŸŽ–@cveNotify
2023-08-18 22:58:23
🚨 CVE-2023-38910CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.ğŸŽ–@cveNotify
2023-08-18 22:58:22
🚨 CVE-2023-38911A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.ğŸŽ–@cveNotify
2023-08-18 22:58:19
🚨 CVE-2023-4422Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.ğŸŽ–@cveNotify
2023-08-18 22:58:18
🚨 CVE-2023-40342Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.ğŸŽ–@cveNotify
2023-08-18 22:58:17
🚨 CVE-2023-40343Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.ğŸŽ–@cveNotify
2023-08-18 22:58:13
🚨 CVE-2023-40344A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.ğŸŽ–@cveNotify
2023-08-18 22:58:12
🚨 CVE-2023-40346Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.ğŸŽ–@cveNotify
2023-08-18 22:58:11
🚨 CVE-2023-40347Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.ğŸŽ–@cveNotify
2023-08-18 20:58:38
🚨 CVE-2023-31943SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php.ğŸŽ–@cveNotify
2023-08-18 20:58:37
🚨 CVE-2023-31944SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.ğŸŽ–@cveNotify
2023-08-18 20:58:36
🚨 CVE-2023-31945SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php.ğŸŽ–@cveNotify
2023-08-18 20:58:35
🚨 CVE-2023-31946File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php.ğŸŽ–@cveNotify
2023-08-18 20:58:34
🚨 CVE-2023-39850Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php.ğŸŽ–@cveNotify
2023-08-18 20:58:30
🚨 CVE-2023-39851webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.ğŸŽ–@cveNotify
2023-08-18 20:58:29
🚨 CVE-2023-21273In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-18 20:58:28
🚨 CVE-2022-22646This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to modify protected parts of the file system.ğŸŽ–@cveNotify
2023-08-18 20:58:27
🚨 CVE-2020-36615An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution.ğŸŽ–@cveNotify
2023-08-18 20:58:26
🚨 CVE-2023-21234In launchConfirmationActivity of ChooseLockSettingsHelper.java, there is a possible way to enable developer options without the lockscreen PIN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-18 20:58:22
🚨 CVE-2023-22444Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-18 20:58:21
🚨 CVE-2023-21233In multiple locations of avrc, there is a possible leak of heap data due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-18 20:58:20
🚨 CVE-2023-21232In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-18 20:58:19
🚨 CVE-2023-21231In getIntentForButton of ButtonManager.java, there is a possible way for an unprivileged application to start a non-exported or permission-protected activity due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-18 20:58:18
🚨 CVE-2023-21230In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-18 20:58:17
🚨 CVE-2022-37336Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-18 20:58:16
🚨 CVE-2023-27471An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.ğŸŽ–@cveNotify
2023-08-18 20:58:15
🚨 CVE-2023-38890Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.ğŸŽ–@cveNotify
2023-08-18 20:58:14
🚨 CVE-2023-38910CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.ğŸŽ–@cveNotify
2023-08-18 20:58:13
🚨 CVE-2023-38911A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.ğŸŽ–@cveNotify
2023-08-18 19:58:22
🚨 CVE-2023-4412A vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-18 19:58:21
🚨 CVE-2023-38751Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation.ğŸŽ–@cveNotify
2023-08-18 19:58:20
🚨 CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.ğŸŽ–@cveNotify
2023-08-18 17:58:13
🚨 CVE-2023-4407A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.ğŸŽ–@cveNotify
2023-08-18 17:58:12
🚨 CVE-2023-3452The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.ğŸŽ–@cveNotify
2023-08-18 14:58:14
🚨 CVE-2023-4407A vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.ğŸŽ–@cveNotify
2023-08-18 14:58:13
🚨 CVE-2023-32543Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-18 14:58:12
🚨 CVE-2023-27515Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.ğŸŽ–@cveNotify
2023-08-18 12:58:25
🚨 CVE-2023-39445Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product's certain management console.ğŸŽ–@cveNotify
2023-08-18 12:58:24
🚨 CVE-2023-39454Buffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-18 12:58:23
🚨 CVE-2023-39944OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.ğŸŽ–@cveNotify
2023-08-18 12:58:19
🚨 CVE-2023-40069OS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.ğŸŽ–@cveNotify
2023-08-18 12:58:18
🚨 CVE-2023-32626Hidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allows an unauthenticated attacker to log in to the product's certain management console and execute arbitrary OS commands.ğŸŽ–@cveNotify
2023-08-18 12:58:17
🚨 CVE-2023-38132LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.ğŸŽ–@cveNotify
2023-08-18 12:58:13
🚨 CVE-2023-39415Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product's Control Panel and perform an unintended operation.ğŸŽ–@cveNotify
2023-08-18 12:58:12
🚨 CVE-2023-37567Command injection vulnerability in ELECOM and LOGITEC wireless LAN routers allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page. Affected products and versions are as follows: WRC-1167GHBK3-A v1.24 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, and LAN-W301NR all versions.ğŸŽ–@cveNotify
2023-08-18 12:58:11
🚨 CVE-2023-37563ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, WRC-1167FEBK-A v1.18 and earlier, WRC-F1167ACF2 all versions, WRC-600GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-1467GHBK-A all versions, WRC-1467GHBK-S all versions, WRC-1900GHBK-A all versions, and WRC-1900GHBK-S all versions.ğŸŽ–@cveNotify
2023-08-18 10:58:12
🚨 CVE-2023-4040The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.ğŸŽ–@cveNotify
2023-08-18 05:58:18
🚨 CVE-2023-30188Memory Exhaustion vulnerability in ONLYOFFICE Document Server 4.0.3 through 7.3.2 allows remote attackers to cause a denial of service via crafted JavaScript file.ğŸŽ–@cveNotify
2023-08-18 05:58:17
🚨 CVE-2023-39666D-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters.ğŸŽ–@cveNotify
2023-08-18 00:58:33
🚨 CVE-2023-39971Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS. This issue affects AcyMailing Enterprise component for Joomla: 6.7.0-8.6.3.ğŸŽ–@cveNotify
2023-08-18 00:58:32
🚨 CVE-2023-39973Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. It allows the unauthorized removal of attachments from campaigns.ğŸŽ–@cveNotify
2023-08-18 00:58:31
🚨 CVE-2023-39974Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. It allows unauthorized actors to get the number of subscribers in a specific list.ğŸŽ–@cveNotify
2023-08-18 00:58:28
🚨 CVE-2023-37734EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.ğŸŽ–@cveNotify
2023-08-18 00:58:27
🚨 CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-18 00:58:26
🚨 CVE-2022-44611Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.ğŸŽ–@cveNotify
2023-08-18 00:58:22
🚨 CVE-2023-31939SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php.ğŸŽ–@cveNotify
2023-08-18 00:58:21
🚨 CVE-2023-31938SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php.ğŸŽ–@cveNotify
2023-08-18 00:58:20
🚨 CVE-2023-31942Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php.ğŸŽ–@cveNotify
2023-08-18 00:58:16
🚨 CVE-2023-31944SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php.ğŸŽ–@cveNotify
2023-08-18 00:58:15
🚨 CVE-2023-36106An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list.ğŸŽ–@cveNotify
2023-08-17 20:58:45
🚨 CVE-2023-39741lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.ğŸŽ–@cveNotify
2023-08-17 20:58:43
🚨 CVE-2023-39743lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c.ğŸŽ–@cveNotify
2023-08-17 20:58:40
🚨 CVE-2023-40313A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.ğŸŽ–@cveNotify
2023-08-17 20:58:38
🚨 CVE-2023-40272Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.It is recommended to upgrade to a version that is not affected.ğŸŽ–@cveNotify
2023-08-17 20:58:36
🚨 CVE-2023-4382A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-17 20:58:35
🚨 CVE-2023-40338Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.ğŸŽ–@cveNotify
2023-08-17 20:58:33
🚨 CVE-2023-40341A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated with an attacker-specified job.ğŸŽ–@cveNotify
2023-08-17 20:58:32
🚨 CVE-2023-40342Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.ğŸŽ–@cveNotify
2023-08-17 20:58:30
🚨 CVE-2023-40343Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.ğŸŽ–@cveNotify
2023-08-17 20:58:26
🚨 CVE-2023-40344A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.ğŸŽ–@cveNotify
2023-08-17 20:58:25
🚨 CVE-2023-40345Jenkins Delphix Plugin 3.0.2 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Overall/Read permission to access and capture credentials they are not entitled to.ğŸŽ–@cveNotify
2023-08-17 20:58:23
🚨 CVE-2023-40346Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.ğŸŽ–@cveNotify
2023-08-17 20:58:22
🚨 CVE-2023-40347Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.ğŸŽ–@cveNotify
2023-08-17 20:58:20
🚨 CVE-2023-40348The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.ğŸŽ–@cveNotify
2023-08-17 20:58:19
🚨 CVE-2023-40349Jenkins Gogs Plugin 1.0.15 and earlier improperly initializes an option to secure its webhook endpoint, allowing unauthenticated attackers to trigger builds of jobs.ğŸŽ–@cveNotify
2023-08-17 20:58:18
🚨 CVE-2023-40350Jenkins Docker Swarm Plugin 1.11 and earlier does not escape values returned from Docker before inserting them into the Docker Swarm Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control responses from Docker.ğŸŽ–@cveNotify
2023-08-17 20:58:17
🚨 CVE-2023-40351A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar.ğŸŽ–@cveNotify
2023-08-17 20:58:15
🚨 CVE-2023-40336A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders.ğŸŽ–@cveNotify
2023-08-17 20:58:14
🚨 CVE-2023-40337A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder.ğŸŽ–@cveNotify
2023-08-17 20:58:13
🚨 CVE-2023-40339Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log.ğŸŽ–@cveNotify
2023-08-17 18:58:37
🚨 CVE-2018-3657Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.ğŸŽ–@cveNotify
2023-08-17 18:58:36
🚨 CVE-2017-5698Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.ğŸŽ–@cveNotify
2023-08-17 18:58:35
🚨 CVE-2023-34419A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-17 18:58:34
🚨 CVE-2023-3078An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.ğŸŽ–@cveNotify
2023-08-17 18:58:33
🚨 CVE-2023-4028A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-17 18:58:32
🚨 CVE-2023-4029A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-17 18:58:31
🚨 CVE-2023-4030A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt.ğŸŽ–@cveNotify
2023-08-17 18:58:30
🚨 CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.ğŸŽ–@cveNotify
2023-08-17 18:58:28
🚨 CVE-2023-26756The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks.ğŸŽ–@cveNotify
2023-08-17 18:58:27
🚨 CVE-2022-25864Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-17 18:58:23
🚨 CVE-2022-27635Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-17 18:58:22
🚨 CVE-2022-36351Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.ğŸŽ–@cveNotify
2023-08-17 18:58:21
🚨 CVE-2022-37343Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-17 18:58:20
🚨 CVE-2022-38076Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-17 18:58:19
🚨 CVE-2022-40964Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-17 18:58:18
🚨 CVE-2022-43456Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-17 18:58:17
🚨 CVE-2022-46329Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-17 18:58:16
🚨 CVE-2023-37511If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved.ğŸŽ–@cveNotify
2023-08-17 18:58:15
🚨 CVE-2023-26587Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-17 18:58:14
🚨 CVE-2023-29243Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.ğŸŽ–@cveNotify
2023-08-17 16:58:35
🚨 CVE-2021-28500An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.ğŸŽ–@cveNotify
2023-08-17 16:58:34
🚨 CVE-2023-22356Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-17 16:58:33
🚨 CVE-2023-32285Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.ğŸŽ–@cveNotify
2023-08-17 16:58:32
🚨 CVE-2023-39396Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.ğŸŽ–@cveNotify
2023-08-17 16:58:28
🚨 CVE-2023-23342If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented.Â ğŸŽ–@cveNotify
2023-08-17 16:58:27
🚨 CVE-2023-38034A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products:All UniFi Access Points (Version 6.5.53 and earlier)All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation:Update UniFi Access Points to Version 6.5.62 or later.Update UniFi Switches to Version 6.5.59 or later.ğŸŽ–@cveNotify
2023-08-17 16:58:26
🚨 CVE-2022-34657Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-17 16:58:22
🚨 CVE-2022-36372Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-17 16:58:21
🚨 CVE-2023-22330Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-17 16:58:20
🚨 CVE-2020-25575** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility hazards" in some applications, and has a type confusion flaw when downcasting. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: This may overlap CVE-2019-25010.ğŸŽ–@cveNotify
2023-08-17 16:58:19
🚨 CVE-2023-35163Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network.A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited.ğŸŽ–@cveNotify
2023-08-17 16:58:16
🚨 CVE-2023-39393Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.ğŸŽ–@cveNotify
2023-08-17 16:58:15
🚨 CVE-2023-39388Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.ğŸŽ–@cveNotify
2023-08-17 16:58:14
🚨 CVE-2023-39389Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.ğŸŽ–@cveNotify
2023-08-17 16:58:13
🚨 CVE-2023-39269A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition.An attacker may cause total loss of availability of the web server, which might recover after the attack is over.ğŸŽ–@cveNotify
2023-08-17 14:58:32
🚨 CVE-2023-39394Vulnerability of API privilege escalation in the wifienhance module. Successful exploitation of this vulnerability may cause the arp list to be modified.ğŸŽ–@cveNotify
2023-08-17 14:58:31
🚨 CVE-2023-39395Mismatch vulnerability in the serialization process in the communication system. Successful exploitation of this vulnerability may affect availability.ğŸŽ–@cveNotify
2023-08-17 14:58:27
🚨 CVE-2023-39404Vulnerability of input parameter verification in certain APIs in the window management module. Successful exploitation of this vulnerability may cause the device to restart.ğŸŽ–@cveNotify
2023-08-17 14:58:26
🚨 CVE-2023-39397Input parameter verification vulnerability in the communication system. Successful exploitation of this vulnerability may affect availability.ğŸŽ–@cveNotify
2023-08-17 14:58:25
🚨 CVE-2023-39398Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.ğŸŽ–@cveNotify
2023-08-17 14:58:24
🚨 CVE-2023-39392Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.ğŸŽ–@cveNotify
2023-08-17 14:58:20
🚨 CVE-2023-39399Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.ğŸŽ–@cveNotify
2023-08-17 14:58:19
🚨 CVE-2023-39403Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.ğŸŽ–@cveNotify
2023-08-17 14:58:18
🚨 CVE-2020-36023An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.ğŸŽ–@cveNotify
2023-08-17 14:58:14
🚨 CVE-2023-38902An issue in RG-EW series home routers and repeaters v.EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P218, RG-EG series business VPN routers v.EG_3.0(1)B11P216, EAP and RAP series wireless access points v.AP_3.0(1)B11P218, and NBC series wireless controllers v.AC_3.0(1)B11P86 allows a remote attacker to execute arbitrary code via the unifyframe-sgi.elf component in sub_40DA38.ğŸŽ–@cveNotify
2023-08-17 14:58:13
🚨 CVE-2021-28427Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.ğŸŽ–@cveNotify
2023-08-17 14:58:12
🚨 CVE-2023-3697Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.ğŸŽ–@cveNotify
2023-08-17 13:58:13
🚨 CVE-2023-29182A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.ğŸŽ–@cveNotify
2023-08-17 13:58:12
🚨 CVE-2023-2910Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to execute arbitrary commands via unspecified vectors. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.ğŸŽ–@cveNotify
2023-08-17 13:58:11
🚨 CVE-2023-3698Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.ğŸŽ–@cveNotify
2023-08-17 10:58:18
🚨 CVE-2023-34216TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability derives from insufficient input validation in the key-delete function, which could potentially allow malicious users to delete arbitrary files. ğŸŽ–@cveNotify
2023-08-17 10:58:17
🚨 CVE-2023-40251Missing Encryption of Sensitive DataCAPEC- vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-17 10:58:13
🚨 CVE-2023-40252Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-17 10:58:12
🚨 CVE-2023-40253Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-17 10:58:11
🚨 CVE-2023-40254Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted Executable.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-17 05:58:37
🚨 CVE-2023-34214TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. This vulnerability stems from insufficient input validation in the certificate-generation function, which could potentially allow malicious users to execute remote code on affected devices. ğŸŽ–@cveNotify
2023-08-17 05:58:36
🚨 CVE-2023-39383Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.ğŸŽ–@cveNotify
2023-08-17 05:58:35
🚨 CVE-2023-39380Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.ğŸŽ–@cveNotify
2023-08-17 05:58:34
🚨 CVE-2023-33237TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs are allowed This presents a potential risk of unauthorized exploitation by malicious actors.Â ğŸŽ–@cveNotify
2023-08-17 05:58:30
🚨 CVE-2023-39381 Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.ğŸŽ–@cveNotify
2023-08-17 05:58:29
🚨 CVE-2020-36024An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.ğŸŽ–@cveNotify
2023-08-17 05:58:28
🚨 CVE-2020-24922Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.ğŸŽ–@cveNotify
2023-08-17 05:58:24
🚨 CVE-2020-28848CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.ğŸŽ–@cveNotify
2023-08-17 05:58:23
🚨 CVE-2020-28849Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.ğŸŽ–@cveNotify
2023-08-17 05:58:22
🚨 CVE-2023-4273A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.ğŸŽ–@cveNotify
2023-08-17 05:58:18
🚨 CVE-2020-24904An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.ğŸŽ–@cveNotify
2023-08-17 05:58:17
🚨 CVE-2020-23595Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.ğŸŽ–@cveNotify
2023-08-17 05:58:16
🚨 CVE-2023-25757Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.ğŸŽ–@cveNotify
2023-08-17 00:58:31
🚨 CVE-2023-35009IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a remote attacker to obtain system information without authentication which could be used in reconnaissance to gather information that could be used for future attacks. IBM X-Force ID: 257703.ğŸŽ–@cveNotify
2023-08-17 00:58:30
🚨 CVE-2023-20013Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. The attacker would need to have Administrator privileges on the affected device to exploit these vulnerabilities. These vulnerabilities are due to insufficient input validation when extracting uploaded software packages. An attacker could exploit these vulnerabilities by authenticating to an affected device and uploading a crafted software package. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges.ğŸŽ–@cveNotify
2023-08-17 00:58:29
🚨 CVE-2023-20111A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An attacker could exploit this vulnerability by logging in to the web-based management interface and viewing hidden fields within the application. A successful exploit could allow the attacker to access sensitive information, including device entry credentials, that could aid the attacker in further attacks.ğŸŽ–@cveNotify
2023-08-17 00:58:25
🚨 CVE-2023-20197A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog .ğŸŽ–@cveNotify
2023-08-17 00:58:24
🚨 CVE-2023-20203Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid credentials to access the web-based management interface of the affected device.ğŸŽ–@cveNotify
2023-08-17 00:58:23
🚨 CVE-2023-20211A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by authenticating to the application as a user with read-only or higher privileges and sending crafted HTTP requests to an affected system. A successful exploit could allow the attacker to read or modify data in the underlying database or elevate their privileges.ğŸŽ–@cveNotify
2023-08-17 00:58:19
🚨 CVE-2023-20221A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.ğŸŽ–@cveNotify
2023-08-17 00:58:18
🚨 CVE-2023-20222A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.ğŸŽ–@cveNotify
2023-08-17 00:58:17
🚨 CVE-2023-20229A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal attacks and overwrite arbitrary files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by executing a directory traversal attack on an affected host. A successful exploit could allow an attacker to use a cryptographic key to overwrite arbitrary files with SYSTEM-level privileges, resulting in a denial of service (DoS) condition or data loss on the affected system.ğŸŽ–@cveNotify
2023-08-17 00:58:13
🚨 CVE-2023-20232A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit could allow the attacker to cause the internal WebProxy to redirect users to an attacker-controlled host.ğŸŽ–@cveNotify
2023-08-17 00:58:12
🚨 CVE-2023-38894A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function.ğŸŽ–@cveNotify
2023-08-17 00:58:11
🚨 CVE-2023-39846An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token.ğŸŽ–@cveNotify
2023-08-16 22:58:40
🚨 CVE-2023-27506Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-16 22:58:39
🚨 CVE-2023-2905Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.ğŸŽ–@cveNotify
2023-08-16 22:58:38
🚨 CVE-2023-25182Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-16 22:58:34
🚨 CVE-2023-27392Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-16 22:58:33
🚨 CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.ğŸŽ–@cveNotify
2023-08-16 22:58:32
🚨 CVE-2021-25864node-red-contrib-huemagic 3.0.0 is affected by hue/assets/..%2F Directory Traversal.in the res.sendFile API, used in file hue-magic.js, to fetch an arbitrary file.ğŸŽ–@cveNotify
2023-08-16 22:58:29
🚨 CVE-2023-39952Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available.ğŸŽ–@cveNotify
2023-08-16 22:58:28
🚨 CVE-2023-28075Dell BIOS contain a Time-of-check Time-of-use vulnerability in BIOS. A local authenticated malicious user with physical access to the system could potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI in order to gain arbitrary code execution on the system.ğŸŽ–@cveNotify
2023-08-16 22:58:27
🚨 CVE-2023-4382A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Affected by this issue is some unknown functionality of the file /user/settings of the component Profile Settings. The manipulation of the argument avatar leads to cross site scripting. The attack may be launched remotely. VDB-237314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-16 22:58:23
🚨 CVE-2023-4384A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. This vulnerability affects unknown code of the component Cookie Handler. The manipulation leads to missing encryption of sensitive data. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237316. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.ğŸŽ–@cveNotify
2023-08-16 22:58:22
🚨 CVE-2021-27523An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.ğŸŽ–@cveNotify
2023-08-16 22:58:21
🚨 CVE-2023-32609Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-16 20:58:38
🚨 CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.ğŸŽ–@cveNotify
2023-08-16 20:58:37
🚨 CVE-2023-34615An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.ğŸŽ–@cveNotify
2023-08-16 20:58:36
🚨 CVE-2023-4387A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.ğŸŽ–@cveNotify
2023-08-16 20:58:32
🚨 CVE-2023-4389A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. This issue may allow a local attacker with user privilege to crash the system or may lead to leaked internal kernel information.ğŸŽ–@cveNotify
2023-08-16 20:58:31
🚨 CVE-2023-39953user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available.ğŸŽ–@cveNotify
2023-08-16 20:58:30
🚨 CVE-2023-39250Dell Storage Integration Tools for VMware (DSITV) 06.01.00.016 contain an information disclosure vulnerability. A local low-privileged malicious user could potentially exploit this vulnerability to retrieve an encryption key that could aid in further attacks.ğŸŽ–@cveNotify
2023-08-16 20:58:26
🚨 CVE-2023-4385A NULL pointer dereference flaw was found in dbFree in fs/jfs/jfs_dmap.c in the journaling file system (JFS) in the Linux Kernel. This issue may allow a local attacker to crash the system due to a missing sanity check.ğŸŽ–@cveNotify
2023-08-16 20:58:25
🚨 CVE-2023-399651Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.ğŸŽ–@cveNotify
2023-08-16 20:58:24
🚨 CVE-2019-13192Some Brother printers (such as the HL-L8360CDW v1.20) were affected by a heap buffer overflow vulnerability as the IPP service did not parse attribute names properly. This would allow an attacker to execute arbitrary code on the device.ğŸŽ–@cveNotify
2023-08-16 20:58:21
🚨 CVE-2019-13194Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL.ğŸŽ–@cveNotify
2023-08-16 20:58:20
🚨 CVE-2023-399641Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.ğŸŽ–@cveNotify
2023-08-16 20:58:19
🚨 CVE-2023-39961Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.ğŸŽ–@cveNotify
2023-08-16 20:58:18
🚨 CVE-2023-33468KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.ğŸŽ–@cveNotify
2023-08-16 19:58:30
🚨 CVE-2021-34704A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.ğŸŽ–@cveNotify
2023-08-16 19:58:26
🚨 CVE-2021-1493A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a buffer overflow on an affected system. The vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a malicious HTTP request. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could disclose data fragments or cause the device to reload, resulting in a denial of service (DoS) condition.ğŸŽ–@cveNotify
2023-08-16 19:58:25
🚨 CVE-2021-1476A vulnerability in the CLI of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient input validation of commands that are supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input for specific commands. A successful exploit could allow the attacker to execute commands on the underlying OS with root privileges. To exploit this vulnerability, an attacker must have valid administrator-level credentials.ğŸŽ–@cveNotify
2023-08-16 19:58:24
🚨 CVE-2021-1488A vulnerability in the upgrade process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system (OS). This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by uploading a crafted upgrade package file to an affected device. A successful exploit could allow the attacker to inject commands that could be executed with root privileges on the underlying OS.ğŸŽ–@cveNotify
2023-08-16 19:58:20
🚨 CVE-2023-20006A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.ğŸŽ–@cveNotify
2023-08-16 19:58:19
🚨 CVE-2022-20826A vulnerability in the secure boot implementation of Cisco Secure Firewalls 3100 Series that are running Cisco Adaptive Security Appliance (ASA) Software or Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated attacker with physical access to the device to bypass the secure boot functionality. This vulnerability is due to a logic error in the boot process. An attacker could exploit this vulnerability by injecting malicious code into a specific memory location during the boot process of an affected device. A successful exploit could allow the attacker to execute persistent code at boot time and break the chain of trust.ğŸŽ–@cveNotify
2023-08-16 19:58:15
🚨 CVE-2022-20947A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication.ğŸŽ–@cveNotify
2023-08-16 19:58:14
🚨 CVE-2022-20795A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service (DoS) condition. This vulnerability is due to suboptimal processing that occurs when establishing a DTLS tunnel as part of an AnyConnect SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted DTLS traffic to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected VPN headend device. This could cause existing DTLS tunnels to stop passing traffic and prevent new DTLS tunnels from establishing, resulting in a DoS condition. Note: When the attack traffic stops, the device recovers gracefully.ğŸŽ–@cveNotify
2023-08-16 16:58:33
🚨 CVE-2023-32487Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service, code execution and information disclosure. ğŸŽ–@cveNotify
2023-08-16 16:58:32
🚨 CVE-2023-32486Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.ğŸŽ–@cveNotify
2023-08-16 16:58:31
🚨 CVE-2023-32492Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files.ğŸŽ–@cveNotify
2023-08-16 16:58:27
🚨 CVE-2023-32493Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. An unprivileged, remote attacker could potentially exploit this vulnerability, leading to denial of service, information disclosure and remote execution.ğŸŽ–@cveNotify
2023-08-16 16:58:26
🚨 CVE-2020-26037Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-16 16:58:25
🚨 CVE-2023-32494Dell PowerScale OneFS, 8.0.x-9.5.x, contains an improper handling of insufficient privileges vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to elevation of privilege and affect in compliance mode also.ğŸŽ–@cveNotify
2023-08-16 16:58:24
🚨 CVE-2023-38904A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function.ğŸŽ–@cveNotify
2023-08-16 16:58:20
🚨 CVE-2023-40338Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.ğŸŽ–@cveNotify
2023-08-16 16:58:19
🚨 CVE-2023-40342Jenkins Flaky Test Handler Plugin 1.2.2 and earlier does not escape JUnit test contents when showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control JUnit report file contents.ğŸŽ–@cveNotify
2023-08-16 16:58:18
🚨 CVE-2023-40343Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.ğŸŽ–@cveNotify
2023-08-16 16:58:14
🚨 CVE-2023-40344A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.ğŸŽ–@cveNotify
2023-08-16 16:58:13
🚨 CVE-2023-40346Jenkins Shortcut Job Plugin 0.4 and earlier does not escape the shortcut redirection URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure shortcut jobs.ğŸŽ–@cveNotify
2023-08-16 16:58:12
🚨 CVE-2023-40347Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin 1.14 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.ğŸŽ–@cveNotify
2023-08-16 16:58:11
🚨 CVE-2023-40348The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output.ğŸŽ–@cveNotify
2023-08-16 14:58:35
🚨 CVE-2023-0551The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete arbitrary attachmentsğŸŽ–@cveNotify
2023-08-16 14:58:34
🚨 CVE-2023-0579The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscribers to perform SQL Injection attacks.ğŸŽ–@cveNotify
2023-08-16 14:58:33
🚨 CVE-2023-1465The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high privilege users such as adminğŸŽ–@cveNotify
2023-08-16 14:58:32
🚨 CVE-2023-1977The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges as low as Subscriber to perform SSRF attacks on the sites internal network.ğŸŽ–@cveNotify
2023-08-16 14:58:28
🚨 CVE-2023-2122The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected Cross-Site Scripting vulnerability, allowing an attacker to trick a logged in admin to execute arbitrary javascript by clicking a link.ğŸŽ–@cveNotify
2023-08-16 14:58:27
🚨 CVE-2023-2225The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).ğŸŽ–@cveNotify
2023-08-16 14:58:26
🚨 CVE-2023-2254The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup), and we consider it a low risk.ğŸŽ–@cveNotify
2023-08-16 14:58:25
🚨 CVE-2023-2271The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attackğŸŽ–@cveNotify
2023-08-16 14:58:22
🚨 CVE-2023-2272The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminğŸŽ–@cveNotify
2023-08-16 14:58:21
🚨 CVE-2022-4782The ClickFunnels WordPress plugin through 3.1.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.ğŸŽ–@cveNotify
2023-08-16 14:58:20
🚨 CVE-2023-31448A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LğŸŽ–@cveNotify
2023-08-16 14:58:19
🚨 CVE-2023-31449A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files. This made it possible to traverse paths, allowing the sensor to execute files outside the designated custom sensors folder. The severity of this vulnerability is medium and received a score of 4.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LğŸŽ–@cveNotify
2023-08-16 14:58:15
🚨 CVE-2023-31452A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. This could force PRTG to execute different actions, such as creating new users. The severity of this vulnerability is high and received a score of 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HğŸŽ–@cveNotify
2023-08-16 14:58:14
🚨 CVE-2023-32782A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HğŸŽ–@cveNotify
2023-08-16 14:58:13
🚨 CVE-2023-37581Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?ğŸŽ–@cveNotify
2023-08-16 11:58:25
🚨 CVE-2023-37581Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?ğŸŽ–@cveNotify
2023-08-16 11:58:24
🚨 CVE-2023-3632Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.ğŸŽ–@cveNotify
2023-08-16 11:58:20
🚨 CVE-2023-3817Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. After fixingCVE-2023-3446 it was discovered that a large q parameter value can also triggeran overly long computation during some of these checks. A correct q value,if present, cannot be larger than the modulus p parameter, thus it isunnecessary to perform these checks if q is larger than p.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulnerable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the "-check" option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.ğŸŽ–@cveNotify
2023-08-16 11:58:19
🚨 CVE-2023-3446Issue summary: Checking excessively long DH keys or parameters may be very slow.Impact summary: Applications that use the functions DH_check(), DH_check_ex()or EVP_PKEY_param_check() to check a DH key or DH parameters may experience longdelays. Where the key or parameters that are being checked have been obtainedfrom an untrusted source this may lead to a Denial of Service.The function DH_check() performs various checks on DH parameters. One of thosechecks confirms that the modulus ('p' parameter) is not too large. Trying to usea very large modulus is slow and OpenSSL will not normally use a modulus whichis over 10,000 bits in length.However the DH_check() function checks numerous aspects of the key or parametersthat have been supplied. Some of those checks use the supplied modulus valueeven if it has already been found to be too large.An application that calls DH_check() and supplies a key or parameters obtainedfrom an untrusted source could be vulernable to a Denial of Service attack.The function DH_check() is itself called by a number of other OpenSSL functions.An application calling any of those other functions may similarly be affected.The other functions affected by this are DH_check_ex() andEVP_PKEY_param_check().Also vulnerable are the OpenSSL dhparam and pkeyparam command line applicationswhen using the '-check' option.The OpenSSL SSL/TLS implementation is not affected by this issue.The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.ğŸŽ–@cveNotify
2023-08-16 11:58:18
🚨 CVE-2023-2330The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attackğŸŽ–@cveNotify
2023-08-16 11:58:14
🚨 CVE-2023-2886Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.ğŸŽ–@cveNotify
2023-08-16 11:58:13
🚨 CVE-2023-3958The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. This can allow authenticated attackers with subscriber-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. This was partially patched in version 1.2.12 and fully patched in version 1.2.13.ğŸŽ–@cveNotify
2023-08-16 11:58:12
🚨 CVE-2023-4374The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber privileges or above, to view logs.ğŸŽ–@cveNotify
2023-08-16 05:58:27
🚨 CVE-2023-32003`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.This vulnerability affects all users using the experimental permission model in Node.js 20.Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.ğŸŽ–@cveNotify
2023-08-16 05:58:22
🚨 CVE-2023-32006The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.ğŸŽ–@cveNotify
2023-08-16 05:58:21
🚨 CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter and Moshe Apelbaum for reporting this issue.ğŸŽ–@cveNotify
2023-08-16 05:58:20
🚨 CVE-2022-40982Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-16 05:58:19
🚨 CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-16 05:58:15
🚨 CVE-2023-23908Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-16 05:58:14
🚨 CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.ğŸŽ–@cveNotify
2023-08-16 05:58:13
🚨 CVE-2023-27561runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.ğŸŽ–@cveNotify
2023-08-16 05:58:12
🚨 CVE-2019-19921runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)ğŸŽ–@cveNotify
2023-08-16 01:58:14
🚨 CVE-2023-20560Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.ğŸŽ–@cveNotify
2023-08-16 01:58:13
🚨 CVE-2023-39849Pikachu v1.0 was discovered to contain a SQL injection vulnerability via the $username parameter at \inc\function.php.ğŸŽ–@cveNotify
2023-08-16 01:58:12
🚨 CVE-2023-39851webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php.ğŸŽ–@cveNotify
2023-08-15 22:58:25
🚨 CVE-2023-32563An unauthenticated attacker could achieve the code execution through a RemoteControl server.ğŸŽ–@cveNotify
2023-08-15 22:58:24
🚨 CVE-2023-32564An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.ğŸŽ–@cveNotify
2023-08-15 22:58:23
🚨 CVE-2023-4282The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.ğŸŽ–@cveNotify
2023-08-15 22:58:22
🚨 CVE-2023-32562An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.ğŸŽ–@cveNotify
2023-08-15 22:58:21
🚨 CVE-2023-38401A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.ğŸŽ–@cveNotify
2023-08-15 22:58:17
🚨 CVE-2023-38402A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. A successful exploit could allow these malicious users to create a Denial-of-Service (DoS) condition affecting the Microsoft Windows operating System boot process.ğŸŽ–@cveNotify
2023-08-15 22:58:15
🚨 CVE-2023-38862An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt.ğŸŽ–@cveNotify
2023-08-15 22:58:14
🚨 CVE-2023-38863An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.ğŸŽ–@cveNotify
2023-08-15 22:58:13
🚨 CVE-2023-38865COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter timestr.ğŸŽ–@cveNotify
2023-08-15 20:58:28
🚨 CVE-2023-4345Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged userğŸŽ–@cveNotify
2023-08-15 20:58:25
🚨 CVE-2023-38401A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Successful exploitation could allow execution of arbitrary code with NT AUTHORITY\SYSTEM privileges on the operating system.ğŸŽ–@cveNotify
2023-08-15 20:58:24
🚨 CVE-2023-38861An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi.ğŸŽ–@cveNotify
2023-08-15 20:58:23
🚨 CVE-2023-38863An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt.ğŸŽ–@cveNotify
2023-08-15 20:58:19
🚨 CVE-2023-4323Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setupğŸŽ–@cveNotify
2023-08-15 20:58:18
🚨 CVE-2023-4326Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuitesğŸŽ–@cveNotify
2023-08-15 20:58:14
🚨 CVE-2023-4328Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on LinuxğŸŽ–@cveNotify
2023-08-15 20:58:13
🚨 CVE-2023-4330Broadcom RAID Controller web interface is vulnerable Denial of Service can be caused by an authenticated user to the REST API InterfaceğŸŽ–@cveNotify
2023-08-15 20:58:12
🚨 CVE-2023-4331Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocolsğŸŽ–@cveNotify
2023-08-15 18:58:28
🚨 CVE-2023-32781An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.ğŸŽ–@cveNotify
2023-08-15 18:58:27
🚨 CVE-2023-31450An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine.ğŸŽ–@cveNotify
2023-08-15 18:58:23
🚨 CVE-2023-29303Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-08-15 18:58:22
🚨 CVE-2023-38233Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-08-15 18:58:21
🚨 CVE-2023-38234Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-08-15 18:58:17
🚨 CVE-2023-38236Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-08-15 18:58:16
🚨 CVE-2023-38238Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-08-15 18:58:15
🚨 CVE-2023-38239Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-08-15 17:58:47
🚨 CVE-2023-39212Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.ğŸŽ–@cveNotify
2023-08-15 17:58:45
🚨 CVE-2019-1714A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 Single Sign-On (SSO) for Clientless SSL VPN (WebVPN) and AnyConnect Remote Access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to successfully establish a VPN session to an affected device. The vulnerability is due to improper credential management when using NT LAN Manager (NTLM) or basic authentication. An attacker could exploit this vulnerability by opening a VPN session to an affected device after another VPN user has successfully authenticated to the affected device via SAML SSO. A successful exploit could allow the attacker to connect to secured networks behind the affected device.ğŸŽ–@cveNotify
2023-08-15 17:58:44
🚨 CVE-2019-1687A vulnerability in the TCP proxy functionality for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error in TCP-based packet inspection, which could cause the TCP packet to have an invalid Layer 2 (L2)-formatted header. An attacker could exploit this vulnerability by sending a crafted TCP packet sequence to the targeted device. A successful exploit could allow the attacker to cause a DoS condition.ğŸŽ–@cveNotify
2023-08-15 17:58:43
🚨 CVE-2019-1701Multiple vulnerabilities in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the WebVPN portal of an affected device. The vulnerabilities exist because the software insufficiently validates user-supplied input on an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. An attacker would need administrator privileges on the device to exploit these vulnerabilities.ğŸŽ–@cveNotify
2023-08-15 17:58:41
🚨 CVE-2019-1708A vulnerability in the Internet Key Exchange Version 2 Mobility and Multihoming Protocol (MOBIKE) feature for the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak or a reload of an affected device that leads to a denial of service (DoS) condition. The vulnerability is due to the incorrect processing of certain MOBIKE packets. An attacker could exploit this vulnerability by sending crafted MOBIKE packets to an affected device to be processed. A successful exploit could cause an affected device to continuously consume memory and eventually reload, resulting in a DoS condition. The MOBIKE feature is supported only for IPv4 addresses.ğŸŽ–@cveNotify
2023-08-15 17:58:40
🚨 CVE-2019-1706A vulnerability in the software cryptography module of the Cisco Adaptive Security Virtual Appliance (ASAv) and Firepower 2100 Series running Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause an unexpected reload of the device that results in a denial of service (DoS) condition. The vulnerability is due to a logic error with how the software cryptography module handles IPsec sessions. An attacker could exploit this vulnerability by creating and sending traffic in a high number of IPsec sessions through the targeted device. A successful exploit could cause the device to reload and result in a DoS condition.ğŸŽ–@cveNotify
2023-08-15 17:58:39
🚨 CVE-2019-1705A vulnerability in the remote access VPN session manager of Cisco Adaptive Security Appliance (ASA) Software could allow a unauthenticated, remote attacker to cause a denial of service (DoS) condition on the remote access VPN services. The vulnerability is due to an issue with the remote access VPN session manager. An attacker could exploit this vulnerability by requesting an excessive number of remote access VPN sessions. An exploit could allow the attacker to cause a DoS condition.ğŸŽ–@cveNotify
2023-08-15 17:58:37
🚨 CVE-2019-1693A vulnerability in the WebVPN service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper management of authenticated sessions in the WebVPN portal. An attacker could exploit this vulnerability by authenticating with valid credentials and accessing a specific URL in the WebVPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a temporary DoS condition.ğŸŽ–@cveNotify
2023-08-15 17:58:36
🚨 CVE-2019-1697A vulnerability in the implementation of the Lightweight Directory Access Protocol (LDAP) feature in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerabilities are due to the improper parsing of LDAP packets sent to an affected device. An attacker could exploit these vulnerabilities by sending a crafted LDAP packet, using Basic Encoding Rules (BER), to be processed by an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.ğŸŽ–@cveNotify
2023-08-15 17:58:35
🚨 CVE-2019-1695A vulnerability in the detection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software improperly filters Ethernet frames sent to an affected device. An attacker could exploit this vulnerability by sending crafted packets to the management interface of an affected device. A successful exploit could allow the attacker to bypass the Layer 2 (L2) filters and send data directly to the kernel of the affected device. A malicious frame successfully delivered would make the target device generate a specific syslog entry.ğŸŽ–@cveNotify
2023-08-15 17:58:33
🚨 CVE-2020-3166A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to a specific CLI command. A successful exploit could allow the attacker to read or write to arbitrary files on the underlying OS.ğŸŽ–@cveNotify
2023-08-15 17:58:32
🚨 CVE-2018-15388A vulnerability in the WebVPN login process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause increased CPU utilization on an affected device. The vulnerability is due to excessive processing load for existing WebVPN login operations. An attacker could exploit this vulnerability by sending multiple WebVPN login requests to the device. A successful exploit could allow the attacker to increase CPU load on the device, resulting in a denial of service (DoS) condition.ğŸŽ–@cveNotify
2023-08-15 17:58:31
🚨 CVE-2020-3167A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS). The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted arguments to specific commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS with the privileges of the currently logged-in user for all affected platforms excluding Cisco UCS 6400 Series Fabric Interconnects. On Cisco UCS 6400 Series Fabric Interconnects, the injected commands are executed with root privileges.ğŸŽ–@cveNotify
2023-08-15 17:58:30
🚨 CVE-2018-15454A vulnerability in the Session Initiation Protocol (SIP) inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload or trigger high CPU, resulting in a denial of service (DoS) condition. The vulnerability is due to improper handling of SIP traffic. An attacker could exploit this vulnerability by sending SIP requests designed to specifically trigger this issue at a high rate across an affected device. Software updates that address this vulnerability are not yet available.ğŸŽ–@cveNotify
2023-08-15 17:58:29
🚨 CVE-2019-1694A vulnerability in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of TCP traffic. An attacker could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device. A successful exploit could allow the attacker to temporarily disrupt traffic through the device while it reboots.ğŸŽ–@cveNotify
2023-08-15 17:58:28
🚨 CVE-2019-1713A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration of, extract information from, or reload an affected device.ğŸŽ–@cveNotify
2023-08-15 17:58:27
🚨 CVE-2019-15256A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to improper management of system memory. An attacker could exploit this vulnerability by sending malicious IKEv1 traffic to an affected device. The attacker does not need valid credentials to authenticate the VPN session, nor does the attacker's source address need to match a peer statement in the crypto map applied to the ingress interface of the affected device. An exploit could allow the attacker to exhaust system memory resources, leading to a reload of an affected device.ğŸŽ–@cveNotify
2023-08-15 17:58:26
🚨 CVE-2018-15465A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileged actions by using the web management interface. The vulnerability is due to improper validation of user privileges when using the web management interface. An attacker could exploit this vulnerability by sending specific HTTP requests via HTTPS to an affected device as an unprivileged user. An exploit could allow the attacker to retrieve files (including the running configuration) from the device or to upload and replace software images on the device.ğŸŽ–@cveNotify
2023-08-15 17:58:25
🚨 CVE-2018-15383A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition.ğŸŽ–@cveNotify
2023-08-15 17:58:24
🚨 CVE-2018-15397A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to an error that may occur if the affected software renegotiates the encryption key for an IPsec tunnel when certain TFC traffic is in flight. An attacker could exploit this vulnerability by sending a malicious stream of TFC traffic through an established IPsec tunnel on an affected device. A successful exploit could allow the attacker to cause a daemon process on the affected device to crash, which could cause the device to crash and result in a DoS condition.ğŸŽ–@cveNotify
2023-08-15 13:58:14
🚨 CVE-2023-2916The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including configuration. It can only be exploited if the plugin has not been configured yet. If combined with another arbitrary plugin installation and activation vulnerability, it may be possible to connect a site to InfiniteWP which would make remote management possible and allow for elevation of privileges.ğŸŽ–@cveNotify
2023-08-15 13:58:13
🚨 CVE-2023-4308The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.ğŸŽ–@cveNotify
2023-08-15 06:58:15
🚨 CVE-2023-36482An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.ğŸŽ–@cveNotify
2023-08-15 00:58:31
🚨 CVE-2022-46706A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.ğŸŽ–@cveNotify
2023-08-15 00:58:30
🚨 CVE-2022-46722A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.ğŸŽ–@cveNotify
2023-08-15 00:58:29
🚨 CVE-2022-46725A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may lead to address bar spoofing.ğŸŽ–@cveNotify
2023-08-15 00:58:25
🚨 CVE-2023-27939An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.ğŸŽ–@cveNotify
2023-08-15 00:58:24
🚨 CVE-2023-27947An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3. Processing an image may result in disclosure of process memory.ğŸŽ–@cveNotify
2023-08-15 00:58:23
🚨 CVE-2023-28179The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted AppleScript binary may result in unexpected app termination or disclosure of process memory.ğŸŽ–@cveNotify
2023-08-15 00:58:19
🚨 CVE-2023-28198A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.ğŸŽ–@cveNotify
2023-08-15 00:58:18
🚨 CVE-2023-32358A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3. Processing web content may lead to arbitrary code execution.ğŸŽ–@cveNotify
2023-08-15 00:58:17
🚨 CVE-2023-21230In onAccessPointChanged of AccessPointPreference.java, there is a possible way for unprivileged apps to receive a broadcast about WiFi access point change and its BSSID or SSID due to a precondition check failure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-15 00:58:13
🚨 CVE-2023-21232In multiple locations, there is a possible way to retrieve sensor data without permissions due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-15 00:58:12
🚨 CVE-2023-21235In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-14 23:58:34
🚨 CVE-2023-21268In update of MmsProvider.java, there is a possible way to change directory permissions due to a path traversal error. This could lead to local denial of service of SIM recognition with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-14 23:58:33
🚨 CVE-2023-21269In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.ğŸŽ–@cveNotify
2023-08-14 23:58:32
🚨 CVE-2023-38687Svelecte is a flexible autocomplete/select component written in Svelte. Svelecte item names are rendered as raw HTML with no escaping. This allows the injection of arbitrary HTML into the Svelecte dropdown. This can be exploited to execute arbitrary JavaScript whenever a Svelecte dropdown is opened. Item names given to Svelecte appear to be directly rendered as HTML by the default item renderer. This means that any HTML tags in the name are rendered as HTML elements not as text. Note that the custom item renderer shown in https://mskocik.github.io/svelecte/#item-rendering is also vulnerable to the same exploit. Any site that uses Svelecte with dynamically created items either from an external source or from user-created content could be vulnerable to an XSS attack (execution of untrusted JavaScript), clickjacking or any other attack that can be performed with arbitrary HTML injection. The actual impact of this vulnerability for a specific application depends on how trustworthy the sources that provide Svelecte items are and the steps that the application has taken to mitigate XSS attacks. XSS attacks using this vulnerability are mostly mitigated by a Content Security Policy that blocks inline JavaScript. This issue has been addressed in version 3.16.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-14 23:58:31
🚨 CVE-2023-39827Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the rule_info parameter in the formAddMacfilterRule function.ğŸŽ–@cveNotify
2023-08-14 23:58:30
🚨 CVE-2023-39828Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.ğŸŽ–@cveNotify
2023-08-14 23:58:28
🚨 CVE-2023-39829Tenda A18 V15.13.07.09 was discovered to contain a stack overflow via the wpapsk_crypto2_4g parameter in the fromSetWirelessRepeat function.ğŸŽ–@cveNotify
2023-08-14 23:58:27
🚨 CVE-2023-39950efibootguard is a simple UEFI boot loader with support for safely switching between current and updated partition sets. Insufficient or missing validation and sanitization of input from untrustworthy bootloader environment files can cause crashes and probably also code injections into `bg_setenv`) or programs using `libebgenv`. This is triggered when the affected components try to modify a manipulated environment, in particular its user variables. Furthermore, `bg_printenv` may crash over invalid read accesses or report invalid results. Not affected by this issue is EFI Boot Guard's bootloader EFI binary. EFI Boot Guard release v0.15 contains required patches to sanitize and validate the bootloader environment prior to processing it in userspace. Its library and tools should be updated, so should programs statically linked against it. An update of the bootloader EFI executable is not required. The only way to prevent the issue with an unpatched EFI Boot Guard version is to avoid accesses to user variables, specifically modifications to them.ğŸŽ–@cveNotify
2023-08-14 23:58:26
🚨 CVE-2023-40013SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. According to the docs, svg-loader will strip all JS code before injecting the SVG file for security reasons but the input sanitization logic is not sufficient and can be trivially bypassed. This allows an attacker to craft a malicious SVG which can result in Cross-site Scripting (XSS). When trying to sanitize the svg the lib removes event attributes such as `onmouseover`, `onclick` but the list of events is not exhaustive. Any website which uses external-svg-loader and allows its users to provide svg src, upload svg files would be susceptible to stored XSS attack. This issue has been addressed in commit `d3562fc08` which is included in releases from 1.6.9. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-14 23:58:25
🚨 CVE-2023-40020PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions `app/routes/v3/admin.controller.ts` did not correctly verify whether the user was an administrator (High Level) or moderator (Low Level) causing the request to continue processing. The response would be a 403 with ADMIN_ONLY, however, next() would call leading to any updates/changes in the route to process. This issue has been addressed in version 3.2.49. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-14 23:58:24
🚨 CVE-2022-4953The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled URLs from being loaded into the DOM. This could be used to inject rogue iframes that point to malicious URLs.ğŸŽ–@cveNotify
2023-08-14 23:58:22
🚨 CVE-2023-2606The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).ğŸŽ–@cveNotify
2023-08-14 23:58:21
🚨 CVE-2023-2802The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-08-14 23:58:20
🚨 CVE-2023-2803The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.ğŸŽ–@cveNotify
2023-08-14 23:58:19
🚨 CVE-2023-3328The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-08-14 23:58:18
🚨 CVE-2023-3435The User Activity Log WordPress plugin before 1.6.5 does not correctly sanitise and escape several parameters before using it in a SQL statement as part of its exportation feature, allowing unauthenticated attackers to conduct SQL injection attacks.ğŸŽ–@cveNotify
2023-08-14 23:58:17
🚨 CVE-2023-3601The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as low as Contributor.ğŸŽ–@cveNotify
2023-08-14 23:58:16
🚨 CVE-2023-3645The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-08-14 23:58:15
🚨 CVE-2023-3721The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-08-14 23:58:14
🚨 CVE-2023-40023yaklang is a programming language designed for cybersecurity. The Yak Engine has been found to contain a local file inclusion (LFI) vulnerability. This vulnerability allows attackers to include files from the server's local file system through the web application. When exploited, this can lead to the unintended exposure of sensitive data, potential remote code execution, or other security breaches. Users utilizing versions of the Yak Engine prior to 1.2.4-sp1 are impacted. This vulnerability has been patched in version 1.2.4-sp1. Users are advised to upgrade. users unable to upgrade may avoid exposing vulnerable versions to untrusted input and to closely monitor any unexpected server behavior until they can upgrade.ğŸŽ–@cveNotify
2023-08-14 23:58:12
🚨 CVE-2023-40024ScanCode.io is a server to script and automate software composition analysis pipelines. In the `/license/` endpoint, the detailed view key is not properly validated and sanitized, which can result in a potential cross-site scripting (XSS) vulnerability when attempting to access a detailed license view that does not exist. Attackers can exploit this vulnerability to inject malicious scripts into the response generated by the `license_details_view` function. When unsuspecting users visit the page, their browsers will execute the injected scripts, leading to unauthorized actions, session hijacking, or stealing sensitive information. This issue has been addressed in release `32.5.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.ğŸŽ–@cveNotify
2023-08-14 20:58:32
🚨 CVE-2023-3526In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.ğŸŽ–@cveNotify
2023-08-14 20:58:31
🚨 CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.ğŸŽ–@cveNotify
2023-08-14 20:58:30
🚨 CVE-2023-28530IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.ğŸŽ–@cveNotify
2023-08-14 20:58:29
🚨 CVE-2023-34034Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.ğŸŽ–@cveNotify
2023-08-14 20:58:26
🚨 CVE-2023-34330AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability.Â ğŸŽ–@cveNotify
2023-08-14 20:58:25
🚨 CVE-2023-34329AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.ğŸŽ–@cveNotify
2023-08-14 20:58:24
🚨 CVE-2022-24834Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.ğŸŽ–@cveNotify
2023-08-14 20:58:23
🚨 CVE-2023-29406The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.ğŸŽ–@cveNotify
2023-08-14 20:58:20
🚨 CVE-2023-36824Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.ğŸŽ–@cveNotify
2023-08-14 20:58:19
🚨 CVE-2023-28953IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.ğŸŽ–@cveNotify
2023-08-14 20:58:18
🚨 CVE-2023-32748The Linux DVS server component of Mitel MiVoice Connect through 19.3 SP2 (22.24.1500.0) could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.ğŸŽ–@cveNotify
2023-08-14 20:58:14
🚨 CVE-2023-38741IBM TXSeries for Multiplatforms 8.1, 8.2, and 9.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 262905.ğŸŽ–@cveNotify
2023-08-14 20:58:13
🚨 CVE-2023-40312Multiple reflected XSS were found on different JSP files with unsanitized parameters in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms that an attacker can modify to craft a malicious XSS payload. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. OpenNMS thanks Jordi Miralles Comins for reporting this issue.ğŸŽ–@cveNotify
2023-08-14 20:58:12
🚨 CVE-2023-40360QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.ğŸŽ–@cveNotify
2023-08-14 18:58:23
🚨 CVE-2022-36113Cargo is a package manager for the rust programming language. After a package is downloaded, Cargo extracts its source code in the ~/.cargo folder on disk, making it available to the Rust projects it builds. To record when an extraction is successful, Cargo writes "ok" to the .cargo-ok file at the root of the extracted source code once it extracted all the files. It was discovered that Cargo allowed packages to contain a .cargo-ok symbolic link, which Cargo would extract. Then, when Cargo attempted to write "ok" into .cargo-ok, it would actually replace the first two bytes of the file the symlink pointed to with ok. This would allow an attacker to corrupt one file on the machine using Cargo to extract the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain.Mitigations We recommend users of alternate registries to exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to exercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.ğŸŽ–@cveNotify
2023-08-14 18:58:20
🚨 CVE-2022-36114Cargo is a package manager for the rust programming language. It was discovered that Cargo did not limit the amount of data extracted from compressed archives. An attacker could upload to an alternate registry a specially crafted package that extracts way more data than its size (also known as a "zip bomb"), exhausting the disk space on the machine using Cargo to download the package. Note that by design Cargo allows code execution at build time, due to build scripts and procedural macros. The vulnerabilities in this advisory allow performing a subset of the possible damage in a harder to track down way. Your dependencies must still be trusted if you want to be protected from attacks, as it's possible to perform the same attacks with build scripts and procedural macros. The vulnerability is present in all versions of Cargo. Rust 1.64, to be released on September 22nd, will include a fix for it. Since the vulnerability is just a more limited way to accomplish what a malicious build scripts or procedural macros can do, we decided not to publish Rust point releases backporting the security fix. Patch files are available for Rust 1.63.0 are available in the wg-security-response repository for people building their own toolchain. We recommend users of alternate registries to excercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io implemented server-side checks to reject these kinds of packages years ago, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as the same concerns about build scripts and procedural macros apply here.ğŸŽ–@cveNotify
2023-08-14 18:58:19
🚨 CVE-2023-4009In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.ğŸŽ–@cveNotify
2023-08-14 18:58:18
🚨 CVE-2023-30682Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.ğŸŽ–@cveNotify
2023-08-14 18:58:14
🚨 CVE-2023-30684Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.ğŸŽ–@cveNotify
2023-08-14 18:58:13
🚨 CVE-2023-30687Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-14 16:58:33
🚨 CVE-2023-31041An issue was discovered in SysPasswordDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. System password information could optionally be stored in cleartext, which might lead to possible information disclosure.ğŸŽ–@cveNotify
2023-08-14 16:58:32
🚨 CVE-2023-30688Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-14 16:58:31
🚨 CVE-2023-30679Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.ğŸŽ–@cveNotify
2023-08-14 16:58:30
🚨 CVE-2023-38212Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.ğŸŽ–@cveNotify
2023-08-14 16:58:26
🚨 CVE-2023-33250The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.ğŸŽ–@cveNotify
2023-08-14 16:58:25
🚨 CVE-2023-4242The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.ğŸŽ–@cveNotify
2023-08-14 16:58:24
🚨 CVE-2020-36023An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.ğŸŽ–@cveNotify
2023-08-14 16:58:20
🚨 CVE-2023-36344An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.ğŸŽ–@cveNotify
2023-08-14 16:58:19
🚨 CVE-2023-4219A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-14 16:58:18
🚨 CVE-2023-37728IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.ğŸŽ–@cveNotify
2023-08-14 16:58:14
🚨 CVE-2023-1119The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site scripting vulnerability.ğŸŽ–@cveNotify
2023-08-14 16:58:13
🚨 CVE-2022-31595SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.ğŸŽ–@cveNotify
2023-08-14 16:58:12
🚨 CVE-2023-39006The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization.ğŸŽ–@cveNotify
2023-08-14 15:58:36
🚨 CVE-2022-22528SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.ğŸŽ–@cveNotify
2023-08-14 15:58:35
🚨 CVE-2023-3160The vulnerability potentially allows an attacker to misuse ESET’s file operations during the module update to delete or move files without having proper permissions.ğŸŽ–@cveNotify
2023-08-14 15:58:34
🚨 CVE-2023-4321Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3.ğŸŽ–@cveNotify
2023-08-14 15:58:30
🚨 CVE-2023-3264The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass in the REST API due to the mishandling of special characters when parsing credentials.Successful exploitation allows the malicious agent to obtain a valid authorization token and read information relating to the state of the relays and power distribution.ğŸŽ–@cveNotify
2023-08-14 15:58:29
🚨 CVE-2023-3266A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an administrator by selecting LDAP authentication from a hidden HTML combo box. Successful exploitation of this vulnerability also requires the attacker to know at least one username on the device, but any password will authenticate successfully.ğŸŽ–@cveNotify
2023-08-14 15:58:28
🚨 CVE-2023-3267When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.ğŸŽ–@cveNotify
2023-08-14 15:58:25
🚨 CVE-2023-40303GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.ğŸŽ–@cveNotify
2023-08-14 15:58:24
🚨 CVE-2023-40274An issue was discovered in zola 0.13.0 through 0.17.2. The custom implementation of a web server, available via the "zola serve" command, allows directory traversal. The handle_request function, used by the server to process HTTP requests, does not account for sequences of special path control characters (../) in the URL when serving a file, which allows one to escape the webroot of the server and read arbitrary files from the filesystem.ğŸŽ–@cveNotify
2023-08-14 15:58:23
🚨 CVE-2023-3259The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier is vulnerable to authentication bypass. By manipulating the IP address field in the "iBootPduSiteAuth" cookie, a malicious agent can direct the device to connect to a rouge database.Successful exploitation allows the malicious agent to take actions with administrator privileges including, but not limited to, manipulating power levels, modifying user accounts, and exporting confidential user informationğŸŽ–@cveNotify
2023-08-14 15:58:19
🚨 CVE-2023-3260When adding a remote backup location, an authenticated user can pass arbitrary OS commands through the username field. The username is passed without sanitization into CMD running as NT/Authority System. An authenticated attacker can leverage this vulnerability to execute arbitrary code with system-level access to the CyberPower PowerPanel Enterprise server.ğŸŽ–@cveNotify
2023-08-14 15:58:18
🚨 CVE-2023-3262The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.ğŸŽ–@cveNotify
2023-08-14 15:58:17
🚨 CVE-2023-40292Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets.ğŸŽ–@cveNotify
2023-08-13 23:58:13
🚨 CVE-2023-23208Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.ğŸŽ–@cveNotify
2023-08-13 23:58:12
🚨 CVE-2020-13654XWiki Platform before 12.8 mishandles escaping in the property displayer.ğŸŽ–@cveNotify
2023-08-13 20:58:12
🚨 CVE-2023-32627A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service.ğŸŽ–@cveNotify
2023-08-13 20:58:11
🚨 CVE-2023-2255Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.ğŸŽ–@cveNotify
2023-08-13 15:58:37
🚨 CVE-2023-39398Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.ğŸŽ–@cveNotify
2023-08-13 15:58:36
🚨 CVE-2023-39399Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.ğŸŽ–@cveNotify
2023-08-13 15:58:35
🚨 CVE-2023-39400Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.ğŸŽ–@cveNotify
2023-08-13 15:58:34
🚨 CVE-2023-39401Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.ğŸŽ–@cveNotify
2023-08-13 15:58:33
🚨 CVE-2023-39402Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.ğŸŽ–@cveNotify
2023-08-13 15:58:30
🚨 CVE-2023-39403Parameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be read and written without authorization.ğŸŽ–@cveNotify
2023-08-13 15:58:29
🚨 CVE-2023-39406Permission control vulnerability in the XLayout component. Successful exploitation of this vulnerability may cause apps to forcibly restart.ğŸŽ–@cveNotify
2023-08-13 15:58:28
🚨 CVE-2023-39380Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause audio devices to perform abnormally.ğŸŽ–@cveNotify
2023-08-13 15:58:24
🚨 CVE-2023-39381 Input verification vulnerability in the storage module. Successful exploitation of this vulnerability may cause the device to restart.ğŸŽ–@cveNotify
2023-08-13 15:58:23
🚨 CVE-2023-39383Vulnerability of input parameters being not strictly verified in the AMS module. Successful exploitation of this vulnerability may compromise apps' data security.ğŸŽ–@cveNotify
2023-08-13 15:58:22
🚨 CVE-2023-39388Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.ğŸŽ–@cveNotify
2023-08-13 15:58:18
🚨 CVE-2023-39389Vulnerability of input parameters being not strictly verified in the PMS module. Successful exploitation of this vulnerability may cause home screen unavailability.ğŸŽ–@cveNotify
2023-08-13 15:58:17
🚨 CVE-2023-39392Vulnerability of insecure signatures in the OsuLogin module. Successful exploitation of this vulnerability may cause OsuLogin to be maliciously modified and overwritten.ğŸŽ–@cveNotify
2023-08-13 15:58:16
🚨 CVE-2023-39393Vulnerability of insecure signatures in the ServiceWifiResources module. Successful exploitation of this vulnerability may cause ServiceWifiResources to be maliciously modified and overwritten.ğŸŽ–@cveNotify
2023-08-13 15:58:15
🚨 CVE-2023-39396Deserialization vulnerability in the input module. Successful exploitation of this vulnerability may affect availability.ğŸŽ–@cveNotify
2023-08-13 15:58:14
🚨 CVE-2023-39405Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module. Successful exploitation of this vulnerability may cause other apps to be executed with escalated privileges.ğŸŽ–@cveNotify
2023-08-13 01:03:57
🚨 CVE-2023-4265Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841 ğŸŽ–@cveNotify
2023-08-12 13:08:12
🚨 CVE-2023-3824In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.Â ğŸŽ–@cveNotify
2023-08-12 13:08:11
🚨 CVE-2023-4068Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-12 13:08:10
🚨 CVE-2023-4070Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-12 13:08:06
🚨 CVE-2023-3737Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-12 13:08:05
🚨 CVE-2023-3738Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-12 13:08:04
🚨 CVE-2023-3734Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-12 13:08:00
🚨 CVE-2023-3732Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-12 13:07:59
🚨 CVE-2023-3727Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-12 13:07:58
🚨 CVE-2023-3728Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-12 13:07:55
🚨 CVE-2023-3730Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-12 13:07:54
🚨 CVE-2023-38559A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.ğŸŽ–@cveNotify
2023-08-12 13:07:53
🚨 CVE-2022-4918Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)ğŸŽ–@cveNotify
2023-08-12 13:07:52
🚨 CVE-2022-4919Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)ğŸŽ–@cveNotify
2023-08-12 05:58:19
🚨 CVE-2022-40982Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-12 05:58:15
🚨 CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-12 05:58:14
🚨 CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.ğŸŽ–@cveNotify
2023-08-12 05:58:13
🚨 CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.ğŸŽ–@cveNotify
2023-08-12 00:58:20
🚨 CVE-2023-36314There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.ğŸŽ–@cveNotify
2023-08-12 00:58:19
🚨 CVE-2023-36313PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".ğŸŽ–@cveNotify
2023-08-12 00:58:14
🚨 CVE-2023-4202Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.ğŸŽ–@cveNotify
2023-08-12 00:58:13
🚨 CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.ğŸŽ–@cveNotify
2023-08-11 21:58:44
🚨 CVE-2023-38691matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.ğŸŽ–@cveNotify
2023-08-11 21:58:43
🚨 CVE-2023-0179A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.ğŸŽ–@cveNotify
2023-08-11 21:58:42
🚨 CVE-2017-3807A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause a heap overflow. The vulnerability is due to insufficient validation of user supplied input. An attacker could exploit this vulnerability by sending a crafted URL to the affected system. An exploit could allow the remote attacker to cause a reload of the affected system or potentially execute code. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed firewall mode only and in single or multiple context mode. This vulnerability can be triggered by IPv4 or IPv6 traffic. A valid TCP connection is needed to perform the attack. The attacker needs to have valid credentials to log in to the Clientless SSL VPN portal. Vulnerable Cisco ASA Software running on the following products may be affected by this vulnerability: Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco ASA for Firepower 9300 Series, Cisco ASA for Firepower 4100 Series. Cisco Bug IDs: CSCvc23838.ğŸŽ–@cveNotify
2023-08-11 21:58:38
🚨 CVE-2019-1934A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to elevate privileges and execute administrative functions on an affected device. The vulnerability is due to insufficient authorization validation. An attacker could exploit this vulnerability by logging in to an affected device as a low-privileged user and then sending specific HTTPS requests to execute administrative functions using the information retrieved during initial login.ğŸŽ–@cveNotify
2023-08-11 21:58:37
🚨 CVE-2016-6367Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA 5500, ASA 5500-X, PIX, and FWSM devices allows local users to gain privileges via invalid CLI commands, aka Bug ID CSCtu74257 or EPICBANANA.ğŸŽ–@cveNotify
2023-08-11 21:58:36
🚨 CVE-2017-3793A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to drop any further incoming traffic on all interfaces, resulting in a denial of service (DoS) condition. The vulnerability is due to improper limitation of the global out-of-order TCP queue for specific block sizes. An attacker could exploit this vulnerability by sending a large number of unique permitted TCP connections with out-of-order segments. An exploit could allow the attacker to exhaust available blocks in the global out-of-order TCP queue, causing the dropping of any further incoming traffic on all interfaces and resulting in a DoS condition. Cisco Bug IDs: CSCvb46321.ğŸŽ–@cveNotify
2023-08-11 21:58:33
🚨 CVE-2013-5515The Clientless SSL VPN feature in Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.44), 8.3.x before 8.3(2.39), 8.4.x before 8.4(5.7), 8.6.x before 8.6(1.12), 9.0.x before 9.0(2.6), and 9.1.x before 9.1(1.7) allows remote attackers to cause a denial of service (device reload) via crafted HTTPS requests, aka Bug ID CSCua22709.ğŸŽ–@cveNotify
2023-08-11 21:58:32
🚨 CVE-2013-5568The auto-update implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0.3.6 and earlier allows remote attackers to cause a denial of service (device reload) via crafted update data, aka Bug ID CSCui33308.ğŸŽ–@cveNotify
2023-08-11 21:58:31
🚨 CVE-2016-6431A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode.ğŸŽ–@cveNotify
2023-08-11 21:58:27
🚨 CVE-2012-5717Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.ğŸŽ–@cveNotify
2023-08-11 21:58:26
🚨 CVE-2013-5511The Adaptive Security Device Management (ASDM) remote-management feature in Cisco Adaptive Security Appliance (ASA) Software 8.2.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.5.x before 8.5(1.18), 8.6.x before 8.6(1.12), 8.7.x before 8.7(1.7), 9.0.x before 9.0(3.1), and 9.1.x before 9.1(2.6) does not properly implement the authentication-certificate option, which allows remote attackers to bypass authentication via a TCP session to an ASDM interface, aka Bug ID CSCuh44815.ğŸŽ–@cveNotify
2023-08-11 21:58:25
🚨 CVE-2015-6327The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.8), 9.2 before 9.2(4), and 9.3 before 9.3(3) allows remote attackers to cause a denial of service (device reload) via crafted ISAKMP UDP packets, aka Bug ID CSCus94026.ğŸŽ–@cveNotify
2023-08-11 18:58:40
🚨 CVE-2022-48580A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.ğŸŽ–@cveNotify
2023-08-11 18:58:39
🚨 CVE-2023-31448An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.ğŸŽ–@cveNotify
2023-08-11 18:58:38
🚨 CVE-2023-4203Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.ğŸŽ–@cveNotify
2023-08-11 18:58:37
🚨 CVE-2023-4202Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.ğŸŽ–@cveNotify
2023-08-11 18:58:36
🚨 CVE-2023-38167Microsoft Dynamics Business Central Elevation Of Privilege VulnerabilityğŸŽ–@cveNotify
2023-08-11 18:58:32
🚨 CVE-2023-38172Microsoft Message Queuing Denial of Service VulnerabilityğŸŽ–@cveNotify
2023-08-11 18:58:31
🚨 CVE-2023-38347An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.ğŸŽ–@cveNotify
2023-08-11 18:58:30
🚨 CVE-2023-0871XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.ğŸŽ–@cveNotify
2023-08-11 18:58:29
🚨 CVE-2022-48603A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.ğŸŽ–@cveNotify
2023-08-11 18:58:28
🚨 CVE-2023-36914Windows Smart Card Resource Management Server Security Feature Bypass VulnerabilityğŸŽ–@cveNotify
2023-08-11 18:58:24
🚨 CVE-2022-48598A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.ğŸŽ–@cveNotify
2023-08-11 18:58:23
🚨 CVE-2023-39218Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.ğŸŽ–@cveNotify
2023-08-11 18:58:22
🚨 CVE-2022-48581A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.ğŸŽ–@cveNotify
2023-08-11 18:58:21
🚨 CVE-2023-34545A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.ğŸŽ–@cveNotify
2023-08-11 18:58:20
🚨 CVE-2023-38758Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.ğŸŽ–@cveNotify
2023-08-11 18:58:16
🚨 CVE-2023-39217Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.ğŸŽ–@cveNotify
2023-08-11 18:58:15
🚨 CVE-2023-39216Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.ğŸŽ–@cveNotify
2023-08-11 18:58:14
🚨 CVE-2023-3522Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.ğŸŽ–@cveNotify
2023-08-11 18:58:13
🚨 CVE-2023-38759Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.ğŸŽ–@cveNotify
2023-08-11 16:58:37
🚨 CVE-2020-28848CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.ğŸŽ–@cveNotify
2023-08-11 16:58:36
🚨 CVE-2020-23595Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.ğŸŽ–@cveNotify
2023-08-11 16:58:35
🚨 CVE-2020-24221An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).ğŸŽ–@cveNotify
2023-08-11 16:58:34
🚨 CVE-2020-19952Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.ğŸŽ–@cveNotify
2023-08-11 16:58:31
🚨 CVE-2020-25915Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.ğŸŽ–@cveNotify
2023-08-11 16:58:30
🚨 CVE-2020-27449Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.ğŸŽ–@cveNotify
2023-08-11 16:58:29
🚨 CVE-2020-24922Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.ğŸŽ–@cveNotify
2023-08-11 16:58:25
🚨 CVE-2020-24950SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.ğŸŽ–@cveNotify
2023-08-11 16:58:24
🚨 CVE-2020-27514Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).ğŸŽ–@cveNotify
2023-08-11 16:58:23
🚨 CVE-2020-28849Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.ğŸŽ–@cveNotify
2023-08-11 16:58:19
🚨 CVE-2020-35141An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).ğŸŽ–@cveNotify
2023-08-11 16:58:18
🚨 CVE-2020-35990Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.ğŸŽ–@cveNotify
2023-08-11 16:58:17
🚨 CVE-2020-36024An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.ğŸŽ–@cveNotify
2023-08-11 16:58:16
🚨 CVE-2020-36034SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.ğŸŽ–@cveNotify
2023-08-11 13:58:11
🚨 CVE-2023-26309A remote code execution vulnerability in the webview component of OnePlus Store app.ğŸŽ–@cveNotify
2023-08-11 10:58:34
🚨 CVE-2023-39553Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.This issue affects Apache Airflow Drill Provider: before 2.4.3.It is recommended to upgrade to a version that is not affected.ğŸŽ–@cveNotify
2023-08-11 10:58:33
🚨 CVE-2023-40254Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-11 10:58:29
🚨 CVE-2023-40267GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.ğŸŽ–@cveNotify
2023-08-11 10:58:27
🚨 CVE-2023-4105Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted messageğŸŽ–@cveNotify
2023-08-11 10:58:26
🚨 CVE-2023-4107Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.ğŸŽ–@cveNotify
2023-08-11 10:58:25
🚨 CVE-2023-4108Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being loggedğŸŽ–@cveNotify
2023-08-11 10:58:21
🚨 CVE-2023-3823In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down.Â ğŸŽ–@cveNotify
2023-08-11 10:58:20
🚨 CVE-2023-3824In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.Â ğŸŽ–@cveNotify
2023-08-11 10:58:19
🚨 CVE-2023-40253Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.ğŸŽ–@cveNotify
2023-08-11 10:58:18
🚨 CVE-2023-40260EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.ğŸŽ–@cveNotify
2023-08-11 10:58:17
🚨 CVE-2023-40256A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.ğŸŽ–@cveNotify
2023-08-11 06:58:39
🚨 CVE-2022-29887Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.ğŸŽ–@cveNotify
2023-08-11 06:58:38
🚨 CVE-2022-34657Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:37
🚨 CVE-2022-36351Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.ğŸŽ–@cveNotify
2023-08-11 06:58:36
🚨 CVE-2022-36392Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.ğŸŽ–@cveNotify
2023-08-11 06:58:32
🚨 CVE-2022-37336Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:31
🚨 CVE-2022-38076Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:30
🚨 CVE-2022-38083Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:29
🚨 CVE-2022-38102Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:25
🚨 CVE-2022-40964Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:24
🚨 CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:23
🚨 CVE-2022-41984Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:19
🚨 CVE-2022-43505Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:18
🚨 CVE-2022-44612Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.ğŸŽ–@cveNotify
2023-08-11 06:58:17
🚨 CVE-2022-45112Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.ğŸŽ–@cveNotify
2023-08-10 23:58:45
🚨 CVE-2023-38188Azure Apache Hadoop Spoofing VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:44
🚨 CVE-2023-38186Windows Mobile Device Management Elevation of Privilege VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:43
🚨 CVE-2023-38180.NET and Visual Studio Denial of Service VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:42
🚨 CVE-2023-38254Microsoft Message Queuing Denial of Service VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:38
🚨 CVE-2023-36895Microsoft Outlook Remote Code Execution VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:37
🚨 CVE-2023-36897Visual Studio Tools for Office Runtime Spoofing VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:36
🚨 CVE-2023-36910Microsoft Message Queuing Remote Code Execution VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:32
🚨 CVE-2023-36912Microsoft Message Queuing Denial of Service VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:31
🚨 CVE-2023-35385Microsoft Message Queuing Remote Code Execution VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:30
🚨 CVE-2023-35390.NET and Visual Studio Remote Code Execution VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:26
🚨 CVE-2023-35377Microsoft Message Queuing Denial of Service VulnerabilityğŸŽ–@cveNotify
2023-08-10 23:58:25
🚨 CVE-2023-28129Desktop & Server Management (DSM) may have a possible execution of arbitrary commands.ğŸŽ–@cveNotify
2023-08-10 23:58:24
🚨 CVE-2023-32561A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.ğŸŽ–@cveNotify
2023-08-10 18:58:17
🚨 CVE-2022-47636A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.ğŸŽ–@cveNotify
2023-08-10 18:58:16
🚨 CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.ğŸŽ–@cveNotify
2023-08-10 16:58:29
🚨 CVE-2023-38699MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior.ğŸŽ–@cveNotify
2023-08-10 16:58:28
🚨 CVE-2023-39107An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.ğŸŽ–@cveNotify
2023-08-10 16:58:27
🚨 CVE-2023-37543Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.ğŸŽ–@cveNotify
2023-08-10 16:58:26
🚨 CVE-2023-38830An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.ğŸŽ–@cveNotify
2023-08-10 16:58:25
🚨 CVE-2023-39776A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.ğŸŽ–@cveNotify
2023-08-10 16:58:24
🚨 CVE-2023-39954user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available.ğŸŽ–@cveNotify
2023-08-10 16:58:23
🚨 CVE-2023-39955Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.ğŸŽ–@cveNotify
2023-08-10 16:58:20
🚨 CVE-2023-20216A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability.ğŸŽ–@cveNotify
2023-08-10 16:58:19
🚨 CVE-2023-4196Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.ğŸŽ–@cveNotify
2023-08-10 16:58:18
🚨 CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.ğŸŽ–@cveNotify
2023-08-10 16:58:17
🚨 CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.ğŸŽ–@cveNotify
2023-08-10 16:58:15
🚨 CVE-2023-0525Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.ğŸŽ–@cveNotify
2023-08-10 16:58:14
🚨 CVE-2023-3373Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.ğŸŽ–@cveNotify
2023-08-10 10:58:18
🚨 CVE-2022-30308In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.ğŸŽ–@cveNotify
2023-08-10 10:58:17
🚨 CVE-2022-30309In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.ğŸŽ–@cveNotify
2023-08-10 10:58:14
🚨 CVE-2022-30310In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection.ğŸŽ–@cveNotify
2023-08-10 10:58:13
🚨 CVE-2023-4276The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.ğŸŽ–@cveNotify
2023-08-10 10:58:12
🚨 CVE-2023-3772A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.ğŸŽ–@cveNotify
2023-08-10 00:58:23
🚨 CVE-2023-35838The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.ğŸŽ–@cveNotify
2023-08-10 00:58:19
🚨 CVE-2023-36672An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in leakage of traffic in plaintext" rather than to only Clario.ğŸŽ–@cveNotify
2023-08-10 00:58:18
🚨 CVE-2023-33241Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares.ğŸŽ–@cveNotify
2023-08-10 00:58:17
🚨 CVE-2023-33242Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.ğŸŽ–@cveNotify
2023-08-09 22:58:40
🚨 CVE-2023-2754The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.ğŸŽ–@cveNotify
2023-08-09 22:58:39
🚨 CVE-2023-33906In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-08-09 22:58:38
🚨 CVE-2023-28468An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.ğŸŽ–@cveNotify
2023-08-09 22:58:34
🚨 CVE-2020-26082A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.ğŸŽ–@cveNotify
2023-08-09 22:58:33
🚨 CVE-2023-39527PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.ğŸŽ–@cveNotify
2023-08-09 22:58:32
🚨 CVE-2023-39526PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.ğŸŽ–@cveNotify
2023-08-09 22:58:29
🚨 CVE-2023-23347HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.ğŸŽ–@cveNotify
2023-08-09 22:58:28
🚨 CVE-2023-33469In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.ğŸŽ–@cveNotify
2023-08-09 22:58:27
🚨 CVE-2023-38347An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.ğŸŽ–@cveNotify
2023-08-09 22:58:23
🚨 CVE-2023-33466Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE).ğŸŽ–@cveNotify
2023-08-09 22:58:22
🚨 CVE-2022-48592A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.ğŸŽ–@cveNotify
2023-08-09 21:58:30
🚨 CVE-2022-48595A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.ğŸŽ–@cveNotify
2023-08-09 21:58:29
🚨 CVE-2022-48598A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.ğŸŽ–@cveNotify
2023-08-09 21:58:25
🚨 CVE-2022-48600A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.ğŸŽ–@cveNotify
2023-08-09 21:58:24
🚨 CVE-2022-48603A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.ğŸŽ–@cveNotify
2023-08-09 21:58:19
🚨 CVE-2023-23346HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.ğŸŽ–@cveNotify
2023-08-09 21:58:18
🚨 CVE-2023-38999A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.ğŸŽ–@cveNotify
2023-08-09 21:58:13
🚨 CVE-2023-39001A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file.ğŸŽ–@cveNotify
2023-08-09 21:58:12
🚨 CVE-2023-39004Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.ğŸŽ–@cveNotify
2023-08-09 18:58:40
🚨 CVE-2023-36220Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.ğŸŽ–@cveNotify
2023-08-09 18:58:39
🚨 CVE-2021-24916The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.ğŸŽ–@cveNotify
2023-08-09 18:58:38
🚨 CVE-2023-38765SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.ğŸŽ–@cveNotify
2023-08-09 18:58:37
🚨 CVE-2023-0604The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)ğŸŽ–@cveNotify
2023-08-09 18:58:36
🚨 CVE-2023-2843The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.ğŸŽ–@cveNotify
2023-08-09 18:58:31
🚨 CVE-2023-38764SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.ğŸŽ–@cveNotify
2023-08-09 18:58:30
🚨 CVE-2023-3365The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipmentğŸŽ–@cveNotify
2023-08-09 18:58:29
🚨 CVE-2023-3492The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.ğŸŽ–@cveNotify
2023-08-09 18:58:28
🚨 CVE-2023-3524The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site ScriptingğŸŽ–@cveNotify
2023-08-09 18:58:27
🚨 CVE-2023-3575The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacksğŸŽ–@cveNotify
2023-08-09 18:58:23
🚨 CVE-2023-3671The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminğŸŽ–@cveNotify
2023-08-09 18:58:22
🚨 CVE-2023-20804In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.ğŸŽ–@cveNotify
2023-08-09 18:58:21
🚨 CVE-2023-38763SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.ğŸŽ–@cveNotify
2023-08-09 18:58:20
🚨 CVE-2023-23757Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.ğŸŽ–@cveNotify
2023-08-09 18:58:16
🚨 CVE-2023-23758Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.ğŸŽ–@cveNotify
2023-08-09 18:58:15
🚨 CVE-2023-34476Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.ğŸŽ–@cveNotify
2023-08-09 18:58:14
🚨 CVE-2023-34477Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.ğŸŽ–@cveNotify
2023-08-09 18:58:13
🚨 CVE-2023-39508Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0This issue affects Apache Airflow: before 2.6.0.ğŸŽ–@cveNotify
2023-08-09 16:58:31
🚨 CVE-2023-4182A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability.ğŸŽ–@cveNotify
2023-08-09 16:58:30
🚨 CVE-2023-4184A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219.ğŸŽ–@cveNotify
2023-08-09 16:58:29
🚨 CVE-2023-20218A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]ğŸŽ–@cveNotify
2023-08-09 16:58:26
🚨 CVE-2023-3749A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.ğŸŽ–@cveNotify
2023-08-09 16:58:25
🚨 CVE-2023-33383Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.ğŸŽ–@cveNotify
2023-08-09 16:58:24
🚨 CVE-2023-20795In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900.ğŸŽ–@cveNotify
2023-08-09 16:58:23
🚨 CVE-2023-20793In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.ğŸŽ–@cveNotify
2023-08-09 16:58:20
🚨 CVE-2023-3953A CWE-119: Improper Restriction of Operations within the Bounds of a MemoryBuffer vulnerability exists that could cause memory corruption when an authenticated useropens a tampered log file from GP-Pro EX.ğŸŽ–@cveNotify
2023-08-09 16:58:19
🚨 CVE-2023-20801In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.ğŸŽ–@cveNotify
2023-08-09 16:58:18
🚨 CVE-2020-23564File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.ğŸŽ–@cveNotify
2023-08-09 16:58:14
🚨 CVE-2023-4188 SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.ğŸŽ–@cveNotify
2023-08-09 16:58:13
🚨 CVE-2023-20569A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.ğŸŽ–@cveNotify
2023-08-09 16:58:12
🚨 CVE-2022-45788A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure Control Expert (All Versions), EcoStruxure Process Expert (All Versions), Modicon M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 - BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs - TSXP57* (All Versions)ğŸŽ–@cveNotify
2023-08-09 14:58:34
🚨 CVE-2023-39209Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.ğŸŽ–@cveNotify
2023-08-09 14:58:33
🚨 CVE-2023-39210Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.ğŸŽ–@cveNotify
2023-08-09 14:58:32
🚨 CVE-2023-39211Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.ğŸŽ–@cveNotify
2023-08-09 14:58:31
🚨 CVE-2023-39212Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.ğŸŽ–@cveNotify
2023-08-09 14:58:30
🚨 CVE-2023-39213Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.ğŸŽ–@cveNotify
2023-08-09 14:58:26
🚨 CVE-2023-39951OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.ğŸŽ–@cveNotify
2023-08-09 14:58:25
🚨 CVE-2023-31449An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.ğŸŽ–@cveNotify
2023-08-09 14:58:24
🚨 CVE-2023-31450An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine.ğŸŽ–@cveNotify
2023-08-09 14:58:20
🚨 CVE-2023-31452An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim.ğŸŽ–@cveNotify
2023-08-09 14:58:19
🚨 CVE-2023-32782An issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.ğŸŽ–@cveNotify
2023-08-09 14:58:18
🚨 CVE-2023-24015A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.ğŸŽ–@cveNotify
2023-08-09 14:58:14
🚨 CVE-2023-2905Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.ğŸŽ–@cveNotify
2023-08-09 14:58:13
🚨 CVE-2023-26310There is a command injection problem in the old version of the mobile phone backup app.ğŸŽ–@cveNotify
2023-08-09 14:58:12
🚨 CVE-2023-37855In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.ğŸŽ–@cveNotify
2023-08-09 13:58:20
🚨 CVE-2023-33365A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.ğŸŽ–@cveNotify
2023-08-09 13:58:19
🚨 CVE-2023-2760An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.ğŸŽ–@cveNotify
2023-08-09 13:58:15
🚨 CVE-2022-4224In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device.ğŸŽ–@cveNotify
2023-08-09 13:58:14
🚨 CVE-2021-34600Telenot CompasX versions prior to 32.0 use a weak seed for random number generation leading to predictable AES keys used in the NFC tags used for local authorization of users. This may lead to total loss of trustworthiness of the installation.ğŸŽ–@cveNotify
2023-08-09 13:58:13
🚨 CVE-2023-23903An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error.The whole application in rendered unusable until a console intervention.ğŸŽ–@cveNotify
2023-08-09 13:58:12
🚨 CVE-2023-24015A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null.The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.ğŸŽ–@cveNotify
2023-08-09 11:58:30
🚨 CVE-2018-17434A SIGFPE signal is raised in the function apply_filters() of h5repack_filters.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.ğŸŽ–@cveNotify
2023-08-09 11:58:29
🚨 CVE-2018-17437Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.ğŸŽ–@cveNotify
2023-08-09 11:58:28
🚨 CVE-2023-24477In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.ğŸŽ–@cveNotify
2023-08-09 11:58:24
🚨 CVE-2023-38208Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.ğŸŽ–@cveNotify
2023-08-09 11:58:23
🚨 CVE-2022-47185Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.ğŸŽ–@cveNotify
2023-08-09 11:58:22
🚨 CVE-2023-26310There is a command injection problem in the old version of the mobile phone backup app.ğŸŽ–@cveNotify
2023-08-09 11:58:19
🚨 CVE-2023-33934Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.ğŸŽ–@cveNotify
2023-08-09 11:58:18
🚨 CVE-2023-37856In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .ğŸŽ–@cveNotify
2023-08-09 11:58:17
🚨 CVE-2023-37858In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.ğŸŽ–@cveNotify
2023-08-09 11:58:13
🚨 CVE-2023-37861In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.ğŸŽ–@cveNotify
2023-08-09 11:58:12
🚨 CVE-2023-37863In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.ğŸŽ–@cveNotify
2023-08-09 05:58:18
🚨 CVE-2023-38752Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.ğŸŽ–@cveNotify
2023-08-09 05:58:14
🚨 CVE-2023-4243The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.ğŸŽ–@cveNotify
2023-08-09 05:58:13
🚨 CVE-2023-4239The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.ğŸŽ–@cveNotify
2023-08-09 00:58:18
🚨 CVE-2023-39210Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.ğŸŽ–@cveNotify
2023-08-09 00:58:14
🚨 CVE-2023-39212Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.ğŸŽ–@cveNotify
2023-08-09 00:58:13
🚨 CVE-2023-39214Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.ğŸŽ–@cveNotify
2023-08-09 00:58:12
🚨 CVE-2023-39951OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.ğŸŽ–@cveNotify
2023-08-08 22:58:25
🚨 CVE-2023-38494MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.ğŸŽ–@cveNotify
2023-08-08 22:58:24
🚨 CVE-2023-38964Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.ğŸŽ–@cveNotify
2023-08-08 22:58:23
🚨 CVE-2010-1685Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename.ğŸŽ–@cveNotify
2023-08-08 22:58:22
🚨 CVE-2023-33666ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.ğŸŽ–@cveNotify
2023-08-08 22:58:21
🚨 CVE-2023-0956External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.ğŸŽ–@cveNotify
2023-08-08 22:58:17
🚨 CVE-2023-39112ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.ğŸŽ–@cveNotify
2023-08-08 22:58:16
🚨 CVE-2023-39143PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).ğŸŽ–@cveNotify
2023-08-08 22:58:15
🚨 CVE-2023-33372Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.ğŸŽ–@cveNotify
2023-08-08 22:58:14
🚨 CVE-2023-33373Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.ğŸŽ–@cveNotify
2023-08-08 19:58:30
🚨 CVE-2023-3329SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.ğŸŽ–@cveNotify
2023-08-08 19:58:29
🚨 CVE-2023-39114ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.ğŸŽ–@cveNotify
2023-08-08 19:58:28
🚨 CVE-2023-39113ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.ğŸŽ–@cveNotify
2023-08-08 19:58:25
🚨 CVE-2023-39551PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.ğŸŽ–@cveNotify
2023-08-08 19:58:24
🚨 CVE-2023-1935ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.ğŸŽ–@cveNotify
2023-08-08 19:58:23
🚨 CVE-2023-39532SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host.Guest program running inside a Compartment with as few as no endowments can gain access to the surrounding host’s dynamic import by using dynamic import after the spread operator, like `{...import(arbitraryModuleSpecifier)}`.On the web or in web extensions, a Content-Security-Policy following ordinary best practices likely mitigates both the risk of exfiltration and execution of arbitrary code, at least limiting the modules that the attacker can import to those that are already part of the application. However, without a Content-Security-Policy, dynamic import can be used to issue HTTP requests for either communication through the URL or for the execution of code reachable from that origin.Within an XS worker, an attacker can use the host’s module system to the extent that the host has been configured. This typically only allows access to module code on the host’s file system and is of limited use to an attacker.Within Node.js, the attacker gains access to Node.js’s module system. Importing the powerful builtins is not useful except insofar as there are side-effects and tempered because dynamic import returns a promise. Spreading a promise into an object renders the promises useless. However, Node.js allows importing data URLs, so this is a clear path to arbitrary execution.Versions 0.18.7, 0.17.1, 0.16.1, 0.15.24, 0.14.5, and 0.13.5 contain a patch for this issue. Some workarounds are available. On the web, providing a suitably constrained Content-Security-Policy mitigates most of the threat. With XS, building a binary that lacks the ability to load modules at runtime mitigates the entirety of the threat. That will look like an implementation of `fxFindModule` in a file like `xsPlatform.c` that calls `fxRejectModuleFile`.ğŸŽ–@cveNotify
2023-08-08 19:58:19
🚨 CVE-2023-3618A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.ğŸŽ–@cveNotify
2023-08-08 19:58:18
🚨 CVE-2023-3494The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.ğŸŽ–@cveNotify
2023-08-08 19:58:17
🚨 CVE-2023-3718An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.ğŸŽ–@cveNotify
2023-08-08 19:58:14
🚨 CVE-2023-38758Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.ğŸŽ–@cveNotify
2023-08-08 19:58:13
🚨 CVE-2023-38760SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.ğŸŽ–@cveNotify
2023-08-08 19:58:12
🚨 CVE-2023-38762SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.ğŸŽ–@cveNotify
2023-08-08 17:58:52
🚨 CVE-2023-37558After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37559ğŸŽ–@cveNotify
2023-08-08 17:58:51
🚨 CVE-2023-37551In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.ğŸŽ–@cveNotify
2023-08-08 17:58:50
🚨 CVE-2023-38330OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.ğŸŽ–@cveNotify
2023-08-08 17:58:49
🚨 CVE-2023-24698Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.ğŸŽ–@cveNotify
2023-08-08 17:58:45
🚨 CVE-2023-33756An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.ğŸŽ–@cveNotify
2023-08-08 17:58:44
🚨 CVE-2023-36136PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.ğŸŽ–@cveNotify
2023-08-08 17:58:43
🚨 CVE-2023-3651Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.ğŸŽ–@cveNotify
2023-08-08 17:58:39
🚨 CVE-2023-3652Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11.ğŸŽ–@cveNotify
2023-08-08 17:58:38
🚨 CVE-2023-3653Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11.ğŸŽ–@cveNotify
2023-08-08 17:58:37
🚨 CVE-2023-38958An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.ğŸŽ–@cveNotify
2023-08-08 17:58:36
🚨 CVE-2023-37497The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.ğŸŽ–@cveNotify
2023-08-08 17:58:32
🚨 CVE-2023-34196In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.ğŸŽ–@cveNotify
2023-08-08 17:58:31
🚨 CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.ğŸŽ–@cveNotify
2023-08-08 17:58:30
🚨 CVE-2023-4133A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.ğŸŽ–@cveNotify
2023-08-08 10:58:27
🚨 CVE-2023-37569This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.ğŸŽ–@cveNotify
2023-08-08 10:58:26
🚨 CVE-2023-37570This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.ğŸŽ–@cveNotify
2023-08-08 10:58:25
🚨 CVE-2023-3898Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.ğŸŽ–@cveNotify
2023-08-08 10:58:23
🚨 CVE-2023-4009In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.ğŸŽ–@cveNotify
2023-08-08 10:58:22
🚨 CVE-2023-2329The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attackğŸŽ–@cveNotify
2023-08-08 10:58:21
🚨 CVE-2023-3526In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.ğŸŽ–@cveNotify
2023-08-08 10:58:20
🚨 CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.ğŸŽ–@cveNotify
2023-08-08 10:58:19
🚨 CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.ğŸŽ–@cveNotify
2023-08-08 10:58:18
🚨 CVE-2023-3571In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.ğŸŽ–@cveNotify
2023-08-08 10:58:17
🚨 CVE-2023-3572In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.ğŸŽ–@cveNotify
2023-08-08 10:58:16
🚨 CVE-2023-3573In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.ğŸŽ–@cveNotify
2023-08-08 10:58:15
🚨 CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.ğŸŽ–@cveNotify
2023-08-08 10:58:14
🚨 CVE-2023-39977An issue was discovered in the Linux kernel before 6.3.2. There is an out-of-bounds access in relay_file_read in kernel/relay.c.ğŸŽ–@cveNotify
2023-08-08 10:58:12
🚨 CVE-2023-39978ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.ğŸŽ–@cveNotify
2023-08-08 01:58:14
🚨 CVE-2023-34624An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.ğŸŽ–@cveNotify
2023-08-08 01:58:13
🚨 CVE-2023-32302Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.ğŸŽ–@cveNotify
2023-08-07 23:58:30
🚨 CVE-2023-39525PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.ğŸŽ–@cveNotify
2023-08-07 23:58:26
🚨 CVE-2023-39527PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.ğŸŽ–@cveNotify
2023-08-07 23:58:25
🚨 CVE-2023-39529PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.ğŸŽ–@cveNotify
2023-08-07 23:58:24
🚨 CVE-2023-39530PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.ğŸŽ–@cveNotify
2023-08-07 23:58:20
🚨 CVE-2023-38955ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.ğŸŽ–@cveNotify
2023-08-07 23:58:19
🚨 CVE-2023-39524PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.ğŸŽ–@cveNotify
2023-08-07 23:58:14
🚨 CVE-2023-38954ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.ğŸŽ–@cveNotify
2023-08-07 23:58:13
🚨 CVE-2023-36494Audit logs on F5OS-A may contain undisclosed sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.ğŸŽ–@cveNotify
2023-08-07 20:58:30
🚨 CVE-2023-38412Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.ğŸŽ–@cveNotify
2023-08-07 20:58:29
🚨 CVE-2023-38921Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.ğŸŽ–@cveNotify
2023-08-07 20:58:28
🚨 CVE-2023-38924Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.ğŸŽ–@cveNotify
2023-08-07 20:58:24
🚨 CVE-2023-38926Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.ğŸŽ–@cveNotify
2023-08-07 20:58:23
🚨 CVE-2023-38930Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.ğŸŽ–@cveNotify
2023-08-07 20:58:19
🚨 CVE-2023-38932Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.ğŸŽ–@cveNotify
2023-08-07 20:58:18
🚨 CVE-2023-38934Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.ğŸŽ–@cveNotify
2023-08-07 20:58:17
🚨 CVE-2023-38935Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.ğŸŽ–@cveNotify
2023-08-07 20:58:14
🚨 CVE-2023-38936Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.ğŸŽ–@cveNotify
2023-08-07 20:58:13
🚨 CVE-2023-38938Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.ğŸŽ–@cveNotify
2023-08-07 20:58:12
🚨 CVE-2023-38940Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.ğŸŽ–@cveNotify
2023-08-07 15:58:38
🚨 CVE-2023-0425ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolvesthe reported vulnerabilities in the product versions under maintenance.An attacker who successfully exploited one or more of these vulnerabilities could cause the product tostop or make the product inaccessible. Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.ğŸŽ–@cveNotify
2023-08-07 15:58:37
🚨 CVE-2023-0426ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolvesthe reported vulnerabilities in the product versions under maintenance.An attacker who successfully exploited one or more of these vulnerabilities could cause the product tostop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F: from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; Freelance controllers AC 900F: through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.ğŸŽ–@cveNotify
2023-08-07 15:58:36
🚨 CVE-2023-4192A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235.ğŸŽ–@cveNotify
2023-08-07 15:58:35
🚨 CVE-2023-4193A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.ğŸŽ–@cveNotify
2023-08-07 15:58:33
🚨 CVE-2022-47350In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges neededğŸŽ–@cveNotify
2023-08-07 15:58:32
🚨 CVE-2022-47351In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges neededğŸŽ–@cveNotify
2023-08-07 15:58:31
🚨 CVE-2023-33906In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-08-07 15:58:30
🚨 CVE-2023-33907In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-08-07 15:58:29
🚨 CVE-2023-33908In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-08-07 15:58:28
🚨 CVE-2023-33909In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-08-07 15:58:24
🚨 CVE-2023-33910In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-08-07 15:58:23
🚨 CVE-2023-33911In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-08-07 15:58:22
🚨 CVE-2023-33912In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegesğŸŽ–@cveNotify
2023-08-07 15:58:21
🚨 CVE-2023-33913In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges neededğŸŽ–@cveNotify
2023-08-07 15:58:20
🚨 CVE-2022-48579UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.ğŸŽ–@cveNotify
2023-08-07 15:58:16
🚨 CVE-2023-20780In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.ğŸŽ–@cveNotify
2023-08-07 15:58:15
🚨 CVE-2023-20781In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS07905323.ğŸŽ–@cveNotify
2023-08-07 15:58:14
🚨 CVE-2023-20782In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550103.ğŸŽ–@cveNotify
2023-08-07 15:58:13
🚨 CVE-2023-20783In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905.ğŸŽ–@cveNotify
2023-08-07 15:58:12
🚨 CVE-2023-20784In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989.ğŸŽ–@cveNotify
2023-08-07 10:58:40
🚨 CVE-2023-38592A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.ğŸŽ–@cveNotify
2023-08-07 10:58:38
🚨 CVE-2023-38599A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.ğŸŽ–@cveNotify
2023-08-07 10:58:37
🚨 CVE-2023-38133The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.ğŸŽ–@cveNotify
2023-08-07 10:58:36
🚨 CVE-2023-38594The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.ğŸŽ–@cveNotify
2023-08-07 10:58:34
🚨 CVE-2023-38597The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.ğŸŽ–@cveNotify
2023-08-07 10:58:33
🚨 CVE-2023-38572The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.ğŸŽ–@cveNotify
2023-08-07 10:58:32
🚨 CVE-2023-38595The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.ğŸŽ–@cveNotify