High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 1e -- platform | The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI | 2023-11-06 | 7.2 | CVE-2023-45161 MISC MISC |
| 1e -- platform | The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI | 2023-11-06 | 7.2 | CVE-2023-45163 MISC MISC |
| 1e -- platform | The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. To remediate this issue DELETE the instruction "Show dialogue with caption %Caption% and message %Message%" from the list of instructions in the Settings UI, and replace it with the new instruction 1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as "Show %Type% type notification with header %Header% and message %Message%" with a version of 7.1 or above. | 2023-11-06 | 7.2 | CVE-2023-5964 MISC MISC |
| 7-zip -- 7-zip | 7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive. | 2023-11-03 | 7.8 | CVE-2023-31102 MISC MISC MISC |
| advanced_export_products_orders_cron_csv_excel_project -- advanced_export_products_orders_cron_csv_excel | Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated attackers to arbitrarily download user information from the ps_customer table. | 2023-11-07 | 7.5 | CVE-2023-43984 |
| arm -- valhall_gpu_kernel_driver | A local non-privileged user can make improper GPU memory processing operations. If the operations are carefully prepared, then they could be used to gain access to already freed memory. | 2023-11-07 | 7.8 | CVE-2023-3889 |
| arm -- valhall_gpu_kernel_driver | A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. | 2023-11-07 | 7.8 | CVE-2023-4295 |
| asus -- rt-ax55_firmware | ASUS RT-AX55's authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. | 2023-11-03 | 8.8 | CVE-2023-41345 MISC |
| asus -- rt-ax55_firmware | ASUS RT-AX55's authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | 8.8 | CVE-2023-41346 MISC |
| asus -- rt-ax55_firmware | ASUS RT-AX55's authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | 8.8 | CVE-2023-41347 MISC |
| asus -- rt-ax55_firmware | ASUS RT-AX55's authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | 8.8 | CVE-2023-41348 MISC |
| asus -- rt-ax57_firmware | An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_ln 2C318 function. | 2023-11-09 | 9.8 | CVE-2023-47005 |
| asus -- rt-ax57_firmware | An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ipaddr field in the sub_6FC74 function. | 2023-11-09 | 9.8 | CVE-2023-47006 |
| asus -- rt-ax57_firmware | An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the lan_ifname field in the sub_391B8 function. | 2023-11-09 | 9.8 | CVE-2023-47007 |
| asus -- rt-ax57_firmware | An issue in ASUS RT-AX57 v.3.0.0.4_386_52041 allows a remote attacker to execute arbitrary code via a crafted request to the ifname field in the sub_4CCE4 function. | 2023-11-09 | 9.8 | CVE-2023-47008 |
| best_courier_management_system -- best_courier_management_system | An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | 2023-11-03 | 9.8 | CVE-2023-46980 MISC MISC |
| bestpractical -- request_tracker | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call. | 2023-11-03 | 7.5 | CVE-2023-41259 MISC CONFIRM CONFIRM |
| bestpractical -- request_tracker | Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls. | 2023-11-03 | 7.5 | CVE-2023-41260 MISC CONFIRM CONFIRM |
| bestpractical -- request_tracker | Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder. | 2023-11-03 | 7.5 | CVE-2023-45024 MISC CONFIRM |
| bleachbit -- bleachbit | BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0. | 2023-11-08 | 7.3 | CVE-2023-47113 |
| boltwire -- boltwire | An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. | 2023-11-07 | 9.1 | CVE-2023-46501 |
| botan_project -- botan | bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password. | 2023-11-03 | 7.5 | CVE-2017-7252 CONFIRM MISC |
| clickbar -- dot-diver | Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability. | 2023-11-06 | 9.8 | CVE-2023-45827 MISC MISC |
| couchbase -- couchbase_server | Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. | 2023-11-08 | 7.5 | CVE-2023-36667 |
| djangoproject -- django | In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters. | 2023-11-03 | 7.5 | CVE-2023-41164 CONFIRM MISC |
| djangoproject -- django | In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232. | 2023-11-03 | 7.5 | CVE-2023-43665 CONFIRM MISC |
| ec-cube -- ec-cube | EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the template engine Twig included in the product. As a result, arbitrary code may be executed on the server where the product is running by a user with an administrative privilege. | 2023-11-07 | 7.2 | CVE-2023-46845
|
| eclipse -- glassfish | In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners. | 2023-11-03 | 9.8 | CVE-2023-5763 MISC MISC |
| eclipse -- parsson | In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale. | 2023-11-03 | 7.5 | CVE-2023-4043 MISC MISC |
| espressif -- esptool | An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. | 2023-11-09 | 7.5 | CVE-2023-46894 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Alex Raven WP Report Post plugin <= 2.1.2 versions. | 2023-11-09 | 8.8 | CVE-2023-34171 |
| exiv2 -- exiv2 | Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-06 | 8.8 | CVE-2023-44398 MISC MISC |
| felixwelberg -- sis_handball | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45. | 2023-11-06 | 9.8 | CVE-2023-33924 MISC |
| froxlor -- froxlor | Improper Input Validation in GitHub repository froxlor/froxlor prior to 2.1.0. | 2023-11-10 | 8.8 | CVE-2023-6069 |
| frrouting -- frrouting | bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow." | 2023-11-06 | 9.8 | CVE-2023-38406 MISC MISC |
| frrouting -- frrouting | bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing. | 2023-11-06 | 7.5 | CVE-2023-38407 MISC MISC MISC |
| frrouting -- frrouting | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes). | 2023-11-03 | 7.5 | CVE-2023-47234 MISC |
| frrouting -- frrouting | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome. | 2023-11-03 | 7.5 | CVE-2023-47235 MISC |
| ge -- micom_s1_agile | General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application. | 2023-11-07 | 7.3 | CVE-2023-0898 |
| gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates. | 2023-11-06 | 7.7 | CVE-2023-3399 MISC MISC |
| google -- android | In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357. | 2023-11-06 | 7.8 | CVE-2023-32837 MISC |
| google -- android | In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273. | 2023-11-06 | 7 | CVE-2023-32832 MISC |
| google -- chrome | Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-11-08 | 8.8 | CVE-2023-5996
|
| gpac -- gpac | Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. | 2023-11-07 | 7.5 | CVE-2023-5998 |
| group-office -- group_office | Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-07 | 8.8 | CVE-2023-46730 |
| gss -- vitals_enterprise_social_platform | Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service. | 2023-11-03 | 8.8 | CVE-2023-41357 MISC |
| huawei -- emui | Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-11-08 | 7.5 | CVE-2023-44098 |
| huawei -- emui | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | 2023-11-08 | 7.5 | CVE-2023-46765 |
| huawei -- emui | Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-11-08 | 7.5 | CVE-2023-46771 |
| huawei -- emui | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability. | 2023-11-08 | 7.5 | CVE-2023-46774 |
| huawei -- harmonyos | Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2023-11-08 | 9.1 | CVE-2023-5801 |
| huawei -- harmonyos | Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2023-11-08 | 7.5 | CVE-2023-44115 |
| huawei -- harmonyos | The remote PIN module has a vulnerability that causes incorrect information storage locations.Successful exploitation of this vulnerability may affect confidentiality. | 2023-11-08 | 7.5 | CVE-2023-46757 |
| huawei -- harmonyos | Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | 2023-11-08 | 7.5 | CVE-2023-46758 |
| huawei -- harmonyos | Permission control vulnerability in the call module. Successful exploitation of this vulnerability may affect service confidentiality. | 2023-11-08 | 7.5 | CVE-2023-46759 |
| huawei -- harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46760 |
| huawei -- harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46761 |
| huawei -- harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46762 |
| huawei -- harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46766 |
| huawei -- harmonyos | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions. | 2023-11-08 | 7.5 | CVE-2023-46767 |
| huawei -- harmonyos | Multi-thread vulnerability in the idmap module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 2023-11-08 | 7.5 | CVE-2023-46768 |
| huawei -- harmonyos | Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of this vulnerability will affect availability. | 2023-11-08 | 7.5 | CVE-2023-46769 |
| huawei -- harmonyos | Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users' mobile phones. | 2023-11-08 | 7.5 | CVE-2023-46770 |
| ibm -- cics_tx | IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 266163. | 2023-11-03 | 7.5 | CVE-2023-43018 MISC MISC |
| ibm -- mq_appliance | IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys. IBM X-Force ID: 269535. | 2023-11-03 | 7.8 | CVE-2023-46176 MISC MISC |
| ibm -- txseries_for_multiplatforms | IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057. | 2023-11-03 | 8.8 | CVE-2023-42027 MISC MISC MISC |
| intelliants -- subrion | Subrion 4.2.1 has a remote command execution vulnerability in the backend. | 2023-11-03 | 8.8 | CVE-2023-46947 MISC |
| ivanti -- automation | A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | 2023-11-03 | 7.8 | CVE-2022-44569 MISC |
| ivanti -- avalanche | Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | 2023-11-03 | 7.8 | CVE-2022-43554 MISC |
| ivanti -- avalanche | Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | 2023-11-03 | 7.8 | CVE-2022-43555 MISC |
| ivanti -- avalanche | Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability | 2023-11-03 | 7.8 | CVE-2023-41725 MISC |
| ivanti -- avalanche | Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability | 2023-11-03 | 7.8 | CVE-2023-41726 MISC |
| kerawen -- kerawen | kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent(). | 2023-11-04 | 9.8 | CVE-2023-40922 MISC |
| kubernetes -- apiserver | A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties. | 2023-11-03 | 8.2 | CVE-2022-3172 MISC MISC |
| kubernetes -- csi_proxy | A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes running kubernetes-csi-proxy. | 2023-11-03 | 8.8 | CVE-2023-3893 MISC MISC |
| kyocera -- d-copia253mf_plus_firmware | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory. | 2023-11-03 | 7.5 | CVE-2023-34260 MISC MISC |
| linagora -- twake | Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223. | 2023-11-07 | 9.8 | CVE-2023-2675 |
| linux -- kernel | An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory. | 2023-11-03 | 8.1 | CVE-2023-1194 MISC MISC MISC |
| linux -- kernel | A use-after-free flaw was found in the Linux kernel's mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system. | 2023-11-03 | 7 | CVE-2023-1476 MISC MISC MISC MISC |
| lost_and_found_information_system -- lost_and_found_information_system | Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | 2023-11-03 | 9.8 | CVE-2023-38965 MISC MISC |
| macvim -- macvim | Macvim is a text editor for MacOS. Prior to version 178, Macvim makes use of an insecure interprocess communication (IPC) mechanism which could lead to a privilege escalation. Distributed objects are a concept introduced by Apple which allow one program to vend an interface to another program. What is not made clear in the documentation is that this service can vend this interface to any other program on the machine. The impact of exploitation is a privilege escalation to root - this is likely to affect anyone who is not careful about the software they download and use MacVim to edit files that would require root privileges. Version 178 contains a fix for this issue. | 2023-11-07 | 7.8 | CVE-2023-41036
|
| mediatek -- nr15 | In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895. | 2023-11-06 | 7.5 | CVE-2023-20702 MISC |
| microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-10 | 7.3 | CVE-2023-36014 |
| microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-03 | 7.3 | CVE-2023-36034 MISC |
| microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-11-10 | 7.1 | CVE-2023-36024 |
| midori-global -- better_pdf_exporter | Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export. | 2023-11-07 | 7.8 | CVE-2023-42361
|
| mitsubishi_electric -- fx3u-32mt/es_firmware | Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets. | 2023-11-06 | 9.1 | CVE-2023-4699 MISC MISC MISC |
| mongodb -- atlas_kubernetes_operator | The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that this is reported on an EOL version of the product, and users are advised to upgrade to the latest supported version. Required Configuration: DEBUG logging is not enabled by default, and must be configured by the end-user. To check the log-level of the Operator, review the flags passed in your deployment configuration (eg. https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 https://github.com/mongodb/mongodb-atlas-kubernetes/blob/main/config/manager/manager.yaml#L27 ) | 2023-11-07 | 7.5 | CVE-2023-0436 |
| nationaledtech -- boomerang | An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing. | 2023-11-03 | 9.1 | CVE-2023-36621 MISC MISC MISC |
| ncsist -- mobile_device_manager | NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files. | 2023-11-03 | 7.5 | CVE-2023-41344 MISC |
| netskope -- netskope | Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service. | 2023-11-06 | 8.8 | CVE-2023-4996 MISC |
| nokia -- g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks. | 2023-11-03 | 9.8 | CVE-2023-41350 MISC |
| nokia -- g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service. | 2023-11-03 | 9.8 | CVE-2023-41351 MISC |
| nokia -- g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking. | 2023-11-03 | 9.8 | CVE-2023-41355 MISC |
| nokia -- g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service. | 2023-11-03 | 8.8 | CVE-2023-41353 MISC |
| nokia -- g-040w-q_firmware | Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. | 2023-11-03 | 7.2 | CVE-2023-41352 MISC |
| opayweb -- opay | An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26 and maybe be higher in the logcat app. | 2023-11-07 | 7.5 | CVE-2021-43419 |
| opendesign -- drawings_sdk | An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. | 2023-11-07 | 7.8 | CVE-2023-5179 |
| openssl -- openssl | Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_generate_key() to generate an X9.42 DH key may experience long delays. Likewise, applications that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() to check an X9.42 DH key or X9.42 DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. While DH_check() performs all the necessary checks (as of CVE-2023-3817), DH_check_pub_key() doesn't make any of these checks, and is therefore vulnerable for excessively large P and Q parameters. Likewise, while DH_generate_key() performs a check for an excessively large P, it doesn't check for an excessively large Q. An application that calls DH_generate_key() or DH_check_pub_key() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. DH_generate_key() and DH_check_pub_key() are also called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate(). Also vulnerable are the OpenSSL pkey command line application when using the "-pubcheck" option, as well as the OpenSSL genpkey command line application. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | 2023-11-06 | 7.5 | CVE-2023-5678 MISC MISC MISC MISC MISC |
| ortussolutions -- coldbox_elixir | A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability. | 2023-11-06 | 7.5 | CVE-2021-4430 MISC MISC MISC MISC |
| perforce -- helix_core | An arbitrary code execution which results in privilege escalation was discovered in Helix Core versions prior to 2023.2. Reported by Jason Geffner. | 2023-11-08 | 9.8 | CVE-2023-45849 |
| perforce -- helix_core | In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Jason Geffner. | 2023-11-08 | 7.5 | CVE-2023-35767 |
| perforce -- helix_core | In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the commit function was identified. Reported by Jason Geffner. | 2023-11-08 | 7.5 | CVE-2023-45319 |
| perforce -- helix_core | In Helix Core versions prior to 2023.2, an unauthenticated remote Denial of Service (DoS) via the buffer was identified. Reported by Jason Geffner. | 2023-11-08 | 7.5 | CVE-2023-5759 |
| phpfox -- phpfox | An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code. | 2023-11-03 | 9.8 | CVE-2023-46817 MISC MISC MISC MISC MISC |
| prestashop-- prestashop | In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from ps_customer/ps_address tables such as name / surname / phone number / full postal address. | 2023-11-07 | 8.8 | CVE-2023-45380 |
| progress -- ws_ftp_server | In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application. | 2023-11-07 | 8.8 | CVE-2023-42659 |
| projectworlds -- online_job_portal | Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_password' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | 9.8 | CVE-2023-46680 |
| projectworlds -- online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | 9.8 | CVE-2023-46785 |
| projectworlds -- online_matrimonial_project | Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'pass' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database. | 2023-11-07 | 9.8 | CVE-2023-46798 |
| puppet -- puppet_enterprise | Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. | 2023-11-07 | 9.8 | CVE-2023-5309 |
| python -- pillow | An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument. | 2023-11-03 | 7.5 | CVE-2023-44271 MISC MISC MISC |
| qemu -- qemu | A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot. | 2023-11-03 | 7 | CVE-2023-5088 MISC MISC MISC |
| qnap -- music_station | A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions: Music Station 4.8.11 and later Music Station 5.1.16 and later Music Station 5.3.23 and later | 2023-11-03 | 7.5 | CVE-2023-39299 MISC |
| qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | 2023-11-03 | 9.8 | CVE-2023-23368 MISC |
| qnap -- qts | An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later | 2023-11-03 | 9.8 | CVE-2023-23369 MISC |
| qualcomm -- snapdragon | Memory Corruption in Multi-mode Call Processor while processing bit mask API. | 2023-11-07 | 9.8 | CVE-2023-22388 |
| qualcomm -- snapdragon | Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. | 2023-11-07 | 9.8 | CVE-2023-33045 |
| qualcomm -- snapdragon | Memory corruption in WLAN HOST while processing the WLAN scan descriptor list. | 2023-11-07 | 8.8 | CVE-2023-28572 |
| qualcomm -- snapdragon | Memory Corruption in Core during syscall for Sectools Fuse comparison feature. | 2023-11-07 | 7.8 | CVE-2023-21671 |
| qualcomm -- snapdragon | Memory Corruption in Core due to secure memory access by user while loading modem image. | 2023-11-07 | 7.8 | CVE-2023-24852 |
| qualcomm -- snapdragon | Memory corruption in TZ Secure OS while loading an app ELF. | 2023-11-07 | 7.8 | CVE-2023-28545 |
| qualcomm -- snapdragon | Cryptographic issue in HLOS during key management. | 2023-11-07 | 7.8 | CVE-2023-28556 |
| qualcomm -- snapdragon | Memory corruption while processing audio effects. | 2023-11-07 | 7.8 | CVE-2023-28570 |
| qualcomm -- snapdragon | Memory corruption in core services when Diag handler receives a command to configure event listeners. | 2023-11-07 | 7.8 | CVE-2023-28574 |
| qualcomm -- snapdragon | Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer. | 2023-11-07 | 7.8 | CVE-2023-33031 |
| qualcomm -- snapdragon | Memory Corruption in Audio while invoking callback function in driver from ADSP. | 2023-11-07 | 7.8 | CVE-2023-33055 |
| qualcomm -- snapdragon | Memory corruption in Audio while processing the VOC packet data from ADSP. | 2023-11-07 | 7.8 | CVE-2023-33059 |
| qualcomm -- snapdragon | Memory corruption in Audio when SSR event is triggered after music playback is stopped. | 2023-11-07 | 7.8 | CVE-2023-33074 |
| qualcomm -- snapdragon | Transient DOS in WLAN Firmware while parsing no-inherit IES. | 2023-11-07 | 7.5 | CVE-2023-33047 |
| qualcomm -- snapdragon | Transient DOS in WLAN Firmware while parsing t2lm buffers. | 2023-11-07 | 7.5 | CVE-2023-33048 |
| qualcomm -- snapdragon | Transient DOS in WLAN Firmware when firmware receives beacon including T2LM IE. | 2023-11-07 | 7.5 | CVE-2023-33056 |
| qualcomm -- snapdragon | Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response frame. | 2023-11-07 | 7.5 | CVE-2023-33061 |
| qualitor -- qalitor | Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. | 2023-11-06 | 9.8 | CVE-2023-47253 MISC MISC MISC MISC |
| redlion -- crimson | The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability. | 2023-11-06 | 9.8 | CVE-2023-5719 MISC MISC |
| relativity -- relativityone | SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. | 2023-11-03 | 9.8 | CVE-2023-46954 MISC |
| remoteclinic -- remote_clinic | RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. | 2023-11-07 | 9.8 | CVE-2023-33478 |
| remoteclinic -- remote_clinic | RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. | 2023-11-07 | 9.8 | CVE-2023-33479 |
| remoteclinic -- remote_clinic | RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php. | 2023-11-07 | 9.8 | CVE-2023-33481 |
| remoteclinic -- remote_clinic | RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input validation and access control in the staff/register.php endpoint and the edit-my-profile.php page. By sending a series of specially crafted requests to the RemoteClinic application, an attacker can create admin users with more privileges than their own, upload a PHP file containing arbitrary code, and execute arbitrary commands via the PHP shell. | 2023-11-07 | 8.8 | CVE-2023-33480 |
| samba -- samba | A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes. | 2023-11-03 | 9.8 | CVE-2023-3961 MISC MISC MISC MISC MISC MISC |
| samsung -- android | Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows attacker to bypass restrictions on starting activities from the background. | 2023-11-07 | 9.8 | CVE-2023-42531 |
| samsung -- android | An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. | 2023-11-07 | 9.8 | CVE-2023-42536 |
| samsung -- android | An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. | 2023-11-07 | 9.8 | CVE-2023-42537 |
| samsung -- android | An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. | 2023-11-07 | 9.8 | CVE-2023-42538 |
| samsung -- android | Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-11-07 | 7.8 | CVE-2023-30739 |
| samsung -- android | Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-11-07 | 7.8 | CVE-2023-42528 |
| samsung -- android | Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code. | 2023-11-07 | 7.8 | CVE-2023-42529 |
| samsung -- android | Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | 2023-11-07 | 7.8 | CVE-2023-42535 |
| samsung -- android | Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction. | 2023-11-07 | 7.5 | CVE-2023-42530 |
| samsung -- android | Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. | 2023-11-07 | 7.5 | CVE-2023-42532 |
| samsung -- bixby_voice | Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. | 2023-11-07 | 7.5 | CVE-2023-42543 |
| samsung -- exynos_9810_firmware | An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. | 2023-11-08 | 7.5 | CVE-2023-41111 |
| samsung -- exynos_9810_firmware | An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. | 2023-11-08 | 7.5 | CVE-2023-41112 |
| samsung -- phone | Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data. | 2023-11-07 | 7.5 | CVE-2023-42545 |
| schedmd -- slurm | SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files. | 2023-11-03 | 7 | CVE-2023-41914 MISC CONFIRM |
| softing -- smartlink_sw-ht | Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL). | 2023-11-06 | 7.5 | CVE-2022-48193 MISC MISC |
| squid-cache -- squid | Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests. | 2023-11-06 | 7.5 | CVE-2023-46728 MISC MISC |
| squid-cache -- squid | Squid is vulnerable to a Denial of Service, where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication. | 2023-11-03 | 7.5 | CVE-2023-46847 MISC MISC MISC MISC MISC MISC
|
| squid-cache -- squid | Squid is vulnerable to Denial of Service, where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input. | 2023-11-03 | 7.5 | CVE-2023-46848 MISC MISC MISC MISC MISC |
| squid-cache -- squid | Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug. | 2023-11-03 | 7.5 | CVE-2023-5824 MISC MISC MISC |
| squidex.io -- squidex | Squidex is an open source headless CMS and content management hub. Affected versions are subject to an arbitrary file write vulnerability in the backup restore feature which allows an authenticated attacker to gain remote code execution (RCE). Squidex allows users with the `squidex.admin.restore` permission to create and restore backups. Part of these backups are the assets uploaded to an App. For each asset, the backup zip archive contains a `.asset` file with the actual content of the asset as well as a related `AssetCreatedEventV2` event, which is stored in a JSON file. Amongst other things, the JSON file contains the event type (`AssetCreatedEventV2`), the ID of the asset (`46c05041-9588-4179-b5eb-ddfcd9463e1e`), its filename (`test.txt`), and its file version (`0`). When a backup with this event is restored, the `BackupAssets.ReadAssetAsync` method is responsible for re-creating the asset. For this purpose, it determines the name of the `.asset` file in the zip archive, reads its content, and stores the content in the filestore. When the asset is stored in the filestore via the UploadAsync method, the assetId and fileVersion are passed as arguments. These are further passed to the method GetFileName, which determines the filename where the asset should be stored. The assetId is inserted into the filename without any sanitization and an attacker with squidex.admin.restore privileges to run arbitrary operating system commands on the underlying server (RCE). | 2023-11-07 | 7.2 | CVE-2023-46253 |
| strapi -- strapi | strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-06 | 7.5 | CVE-2023-39345 MISC |
| swtpm -- swtpm | In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. | 2023-11-03 | 7.1 | CVE-2020-28407 MISC CONFIRM CONFIRM |
| sysaid -- sysaid_on-premises | In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. | 2023-11-10 | 9.8 | CVE-2023-47246
|
| wordpress -- wordpress | The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. | 2023-11-06 | 7.5 | CVE-2023-5454 MISC |
| tenda -- ax1806_firmware | Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime without checking their size. | 2023-11-07 | 9.1 | CVE-2023-47455 |
| tenda -- ax1806_firmware | Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. | 2023-11-07 | 9.1 | CVE-2023-47456 |
| tigera -- calico_cloud | In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish. | 2023-11-06 | 7.5 | CVE-2023-41378 MISC MISC MISC |
| tyk -- tyk | Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | 2023-11-07 | 9.8 | CVE-2023-42283 |
| tyk -- tyk | Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. | 2023-11-07 | 9.8 | CVE-2023-42284 |
| utoronto -- pcrs | PCRS <= 3.11 (d0de1e) "Questions" page and "Code editor" page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. | 2023-11-03 | 9.9 | CVE-2023-46404 MISC MISC |
| vaerys-dawn -- discordsailv2 | A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483. | 2023-11-05 | 9.8 | CVE-2018-25092 MISC MISC MISC MISC |
| vaerys-dawn -- discordsailv2 | A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484. | 2023-11-06 | 9.8 | CVE-2018-25093 MISC MISC MISC MISC |
| veeam -- one | A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database. | 2023-11-07 | 9.8 | CVE-2023-38547 |
| videolan -- vlc_media_player | Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | 2023-11-07 | 9.8 | CVE-2023-47359 |
| videolan -- vlc_media_player | Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. | 2023-11-07 | 7.5 | CVE-2023-47360 |
| webidsupport -- webid | WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. | 2023-11-08 | 9.8 | CVE-2023-47397 |
| weintek -- easybuilder_pro | Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server. | 2023-11-06 | 9.8 | CVE-2023-5777 MISC |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Lenderd 1003 Mortgage Application.This issue affects 1003 Mortgage Application: from n/a through 1.75. | 2023-11-07 | 9.8 | CVE-2022-45357 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Scott Reilly Commenter Emails.This issue affects Commenter Emails: from n/a through 2.6.1. | 2023-11-07 | 9.8 | CVE-2022-45360 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. | 2023-11-07 | 9.8 | CVE-2022-45370 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4. | 2023-11-06 | 9.8 | CVE-2022-45373 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3. | 2023-11-03 | 9.8 | CVE-2022-45805 MISC |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express - Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express - Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. | 2023-11-07 | 9.8 | CVE-2022-45810 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews. This issue affects Site Reviews: from n/a through 6.2.0. | 2023-11-07 | 9.8 | CVE-2022-46801 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee Product Reviews Import Export for WooCommerce. This issue affects Product Reviews Import Export for WooCommerce: from n/a through 1.4.8. | 2023-11-07 | 9.8 | CVE-2022-46802 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Noptin Newsletter Simple Newsletter Plugin - Noptin. This issue affects Simple Newsletter Plugin - Noptin: from n/a through 1.9.5. | 2023-11-07 | 9.8 | CVE-2022-46803 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11. | 2023-11-03 | 9.8 | CVE-2022-46808 MISC |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX - Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX - Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. | 2023-11-07 | 9.8 | CVE-2022-46809 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2. | 2023-11-03 | 9.8 | CVE-2022-46818 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page - Responsive Coming Soon & Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page - Responsive Coming Soon & Maintenance Mode: from n/a through 1.5.9. | 2023-11-06 | 9.8 | CVE-2022-46849 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1. | 2023-11-03 | 9.8 | CVE-2022-46859 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4. | 2023-11-06 | 9.8 | CVE-2022-46860 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. | 2023-11-06 | 9.8 | CVE-2022-47420 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4. | 2023-11-03 | 9.8 | CVE-2022-47426 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7. | 2023-11-06 | 9.8 | CVE-2022-47428 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management - Education & Learning Management allows SQL Injection.This issue affects The School Management - Education & Learning Management: from n/a through 4.1. | 2023-11-06 | 9.8 | CVE-2022-47430 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8. | 2023-11-06 | 9.8 | CVE-2022-47432 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0. | 2023-11-03 | 9.8 | CVE-2022-47445 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1. | 2023-11-03 | 9.8 | CVE-2022-47588 MISC |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | 2023-11-07 | 9.8 | CVE-2023-22719 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Muneeb Form Builder | Create Responsive Contact Forms. This issue affects Form Builder | Create Responsive Contact Forms: from n/a through 1.9.9.0. | 2023-11-07 | 9.8 | CVE-2023-23796 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | 2023-11-03 | 9.8 | CVE-2023-25700 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop - Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop - Global Dropshipping: from n/a through 1.0.0. | 2023-11-03 | 9.8 | CVE-2023-25960 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection. This issue affects MapPress Maps for WordPress: from n/a through 2.85.4. | 2023-11-03 | 9.8 | CVE-2023-26015 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6. | 2023-11-06 | 9.8 | CVE-2023-27605 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4. | 2023-11-06 | 9.8 | CVE-2023-28748 MISC |
| wordpress -- wordpress | The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago. | 2023-11-03 | 9.8 | CVE-2023-3277 MISC MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0. | 2023-11-03 | 9.8 | CVE-2023-34383 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0. | 2023-11-06 | 9.8 | CVE-2023-35911 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4. | 2023-11-03 | 9.8 | CVE-2023-36529 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4. | 2023-11-06 | 9.8 | CVE-2023-38382 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy - Smart Donations allows SQL Injection.This issue affects Donations Made Easy - Smart Donations: from n/a through 4.0.12. | 2023-11-06 | 9.8 | CVE-2023-40207 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3. | 2023-11-06 | 9.8 | CVE-2023-40609 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6. | 2023-11-03 | 9.8 | CVE-2023-41652 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1. | 2023-11-06 | 9.8 | CVE-2023-41685 MISC |
| wordpress -- wordpress | Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call. | 2023-11-03 | 9.8 | CVE-2023-43982 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0. | 2023-11-06 | 9.8 | CVE-2023-45001 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3. | 2023-11-06 | 9.8 | CVE-2023-45046 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6. | 2023-11-06 | 9.8 | CVE-2023-45055 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery - Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery - Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3. | 2023-11-06 | 9.8 | CVE-2023-45069 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1. | 2023-11-06 | 9.8 | CVE-2023-45074 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3. | 2023-11-06 | 9.8 | CVE-2023-45657 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11. | 2023-11-06 | 9.8 | CVE-2023-45830 MISC |
| wordpress -- wordpress | The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE. | 2023-11-06 | 9.8 | CVE-2023-5601 MISC |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter. This issue affects WP CSV Exporter: from n/a through 2.0. | 2023-11-07 | 8.8 | CVE-2022-38702 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Kaushik Kalathiya Export Users Data CSV. This issue affects Export Users Data CSV: from n/a through 2.1. | 2023-11-07 | 8.8 | CVE-2022-41616 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter. This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8. | 2023-11-07 | 8.8 | CVE-2022-42882 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Patrick Robrecht Posts and Users Stats. This issue affects Posts and Users Stats: from n/a through 1.1.3. | 2023-11-07 | 8.8 | CVE-2022-44738 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in anmari amr users. This issue affects amr users: from n/a through 4.59.4. | 2023-11-07 | 8.8 | CVE-2022-45348 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Pär Thernström Simple History - user activity log, audit tool. This issue affects Simple History - user activity log, audit tool: from n/a through 3.3.1. | 2023-11-07 | 8.8 | CVE-2022-45350 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Narola Infotech Solutions LLP Export Users Data Distinct. This issue affects Export Users Data Distinct: from n/a through 1.3. | 2023-11-07 | 8.8 | CVE-2022-46804 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2. | 2023-11-07 | 8.8 | CVE-2022-47181 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in AyeCode Ltd UsersWP.This issue affects UsersWP: from n/a through 1.2.3.9. | 2023-11-07 | 8.8 | CVE-2022-47442 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0. | 2023-11-03 | 8.8 | CVE-2023-25800 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Frédéric Sheedy Etsy Shop plugin <= 3.0.3 versions. | 2023-11-09 | 8.8 | CVE-2023-25975 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84. | 2023-11-07 | 8.8 | CVE-2023-25983 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10. | 2023-11-03 | 8.8 | CVE-2023-25990 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.4.2 versions. | 2023-11-09 | 8.8 | CVE-2023-25994 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Robert Schulz (sprd.Net AG) Spreadshop plugin <= 1.6.5 versions. | 2023-11-10 | 8.8 | CVE-2023-29426 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SuPlugins Superb Social Media Share Buttons and Follow Buttons for WordPress plugin <= 1.1.3 versions. | 2023-11-10 | 8.8 | CVE-2023-29428 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board plugin <= 2.10.3 versions. | 2023-11-10 | 8.8 | CVE-2023-29440 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Newsletters plugin <= 4.8.8 versions. | 2023-11-10 | 8.8 | CVE-2023-30478 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Marco Steinbrecher WP BrowserUpdate plugin <= 4.4.1 versions. | 2023-11-10 | 8.8 | CVE-2023-31078 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways - Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions. | 2023-11-09 | 8.8 | CVE-2023-31086 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions. | 2023-11-09 | 8.8 | CVE-2023-31087 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin <= 1.2.1 versions. | 2023-11-09 | 8.8 | CVE-2023-31088 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions. | 2023-11-09 | 8.8 | CVE-2023-31093 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database plugin <= 2.4.9 versions. | 2023-11-09 | 8.8 | CVE-2023-31235 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo - Social Network, Membership, Registration, User Profiles plugin <= 6.0.9.0 versions. | 2023-11-09 | 8.8 | CVE-2023-32092 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Criss Swaim TPG Redirect plugin <= 1.0.7 versions. | 2023-11-09 | 8.8 | CVE-2023-32093 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions. | 2023-11-09 | 8.8 | CVE-2023-32125 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme <= 7.1.1 versions. | 2023-11-09 | 8.8 | CVE-2023-32500 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.6.1 versions. | 2023-11-09 | 8.8 | CVE-2023-32501 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Sybre Waaijer Pro Mime Types - Manage file media types plugin <= 1.0.7 versions. | 2023-11-09 | 8.8 | CVE-2023-32502 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ShortPixel ShortPixel Adaptive Images - WebP, AVIF, CDN, Image Optimization plugin <= 3.7.1 versions. | 2023-11-09 | 8.8 | CVE-2023-32512 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Designs & Code Forget About Shortcode Buttons plugin <= 2.1.2 versions. | 2023-11-09 | 8.8 | CVE-2023-32579 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin <= 1.3.8 versions. | 2023-11-09 | 8.8 | CVE-2023-32587 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions. | 2023-11-09 | 8.8 | CVE-2023-32592 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions. | 2023-11-09 | 8.8 | CVE-2023-32594 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LOKALYZE CALL ME NOW plugin <= 3.0 versions. | 2023-11-09 | 8.8 | CVE-2023-32602 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions. | 2023-11-09 | 8.8 | CVE-2023-32739 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Recommendations plugin <= 2.3.0 versions. | 2023-11-09 | 8.8 | CVE-2023-32744 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.1 versions. | 2023-11-09 | 8.8 | CVE-2023-32745 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions. | 2023-11-09 | 8.8 | CVE-2023-32794 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP Inventory Manager plugin <= 2.1.0.13 versions. | 2023-11-09 | 8.8 | CVE-2023-34002 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions. | 2023-11-09 | 8.8 | CVE-2023-34024 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin <= 2.1.6 versions. | 2023-11-09 | 8.8 | CVE-2023-34025 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions. | 2023-11-09 | 8.8 | CVE-2023-34031 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Malinky Ajax Pagination and Infinite Scroll plugin <= 2.0.1 versions. | 2023-11-09 | 8.8 | CVE-2023-34033 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SAKURA Internet Inc. TS Webfonts for ??????????? plugin <= 3.1.2 versions. | 2023-11-09 | 8.8 | CVE-2023-34169 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kenth Hagström WP-Cache.Com plugin <= 1.1.1 versions. | 2023-11-09 | 8.8 | CVE-2023-34177 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg plugin <= 2.7.11 versions. | 2023-11-09 | 8.8 | CVE-2023-34178 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WP-Cirrus plugin <= 0.6.11 versions. | 2023-11-09 | 8.8 | CVE-2023-34181 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Peter Shaw LH Password Changer plugin <= 1.55 versions. | 2023-11-09 | 8.8 | CVE-2023-34182 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions. | 2023-11-09 | 8.8 | CVE-2023-34371 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Smart Wishlist for WooCommerce plugin <= 4.7.1 versions. | 2023-11-09 | 8.8 | CVE-2023-34386 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free - Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free - Contact Form Builder for WordPress: from n/a through 6.0. | 2023-11-04 | 8.8 | CVE-2023-35910 MISC |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in BestWebSoft Post to CSV by BestWebSoft.This issue affects Post to CSV by BestWebSoft: from n/a through 1.4.0. | 2023-11-07 | 8.8 | CVE-2023-36527 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager allows SQL Injection.This issue affects SP Project & Document Manager: from n/a through 4.67. | 2023-11-03 | 8.8 | CVE-2023-36677 MISC |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in wpWax Directorist - WordPress Business Directory Plugin with Classified Ads Listing.This issue affects Directorist - WordPress Business Directory Plugin with Classified Ads Listings: from n/a through 7.7.1. | 2023-11-07 | 8.8 | CVE-2023-41798 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection. This issue affects Icons Font Loader: from n/a through 1.1.2. | 2023-11-06 | 8.8 | CVE-2023-46084 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1 versions. | 2023-11-09 | 8.8 | CVE-2023-46614 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions. | 2023-11-06 | 8.8 | CVE-2023-46775 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions. | 2023-11-06 | 8.8 | CVE-2023-46776 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin <= 1.1.3 versions. | 2023-11-06 | 8.8 | CVE-2023-46777 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin <= 2.5 versions. | 2023-11-06 | 8.8 | CVE-2023-46778 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin <= 3.5.3251 versions. | 2023-11-06 | 8.8 | CVE-2023-46779 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin <= 1.0 versions. | 2023-11-06 | 8.8 | CVE-2023-46780 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin <= 1.5 versions. | 2023-11-06 | 8.8 | CVE-2023-46781 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions. | 2023-11-06 | 8.8 | CVE-2023-47182 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin <= 1.5.11 versions. | 2023-11-06 | 8.8 | CVE-2023-47186 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WebberZone Top 10 - WordPress Popular posts by WebberZone plugin <= 3.3.2 versions. | 2023-11-09 | 8.8 | CVE-2023-47238 |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin <= 2.2.11 versions. | 2023-11-06 | 8.8 | CVE-2023-5823 MISC |
| wordpress -- wordpress | The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server. | 2023-11-06 | 8.1 | CVE-2023-5355 MISC |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker. This issue affects User Blocker: from n/a through 1.5.5. | 2023-11-07 | 7.2 | CVE-2022-45078 |
| wordpress -- wordpress | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5. | 2023-11-07 | 7.2 | CVE-2023-23678 |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4. | 2023-11-03 | 7.2 | CVE-2023-32121 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5. | 2023-11-03 | 7.2 | CVE-2023-32508 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2. | 2023-11-04 | 7.2 | CVE-2023-32741 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11. | 2023-11-03 | 7.2 | CVE-2023-34179 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1. | 2023-11-04 | 7.2 | CVE-2023-38391 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1. | 2023-11-04 | 7.2 | CVE-2023-40215 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7. | 2023-11-06 | 7.2 | CVE-2023-46821 MISC |
| wordpress -- wordpress | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4. | 2023-11-06 | 7.2 | CVE-2023-46823 MISC |
| wordpress -- wordpress | The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. | 2023-11-06 | 7.2 | CVE-2023-5082 MISC |
| wordpress -- wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Martin Gibson Auto Publish for Google My Business plugin <= 3.7 versions. | 2023-11-09 | 8.8 | CVE-2023-47237 |
| wpn-xm -- wpn-xm | A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit. | 2023-11-03 | 9.8 | CVE-2023-4591 MISC |
| xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins). | 2023-11-06 | 9.8 | CVE-2023-46731 MISC MISC MISC MISC |
| xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability. | 2023-11-07 | 8.8 | CVE-2023-46242
|
| xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D&xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. Users are advised to update. There are no known workarounds for this issue. | 2023-11-07 | 8.8 | CVE-2023-46243
|
| xwiki -- xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programming right and the user does not have it, the expected result is `$doc.document.authors.contentAuthor` (not executed script), unfortunately with the security vulnerability it is possible for the attacker to get `XWiki.superadmin` which shows that the title was executed with the right of the unmodified document. This has been patched in XWiki versions 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-07 | 8.8 | CVE-2023-46244
|
| xxyopen -- novel-plus | SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. | 2023-11-05 | 9.8 | CVE-2023-46981 MISC |
| zavio -- cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to stack-based overflows. During the process of updating certain settings sent from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | 2023-11-08 | 9.8 | CVE-2023-39435 |
| zavio -- cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While processing XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | 2023-11-08 | 9.8 | CVE-2023-3959 |
| zavio -- cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 has a command injection vulnerability in their implementation of their binaries and handling of network requests. | 2023-11-08 | 9.8 | CVE-2023-4249 |
| zavio -- cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. During the processing and parsing of certain fields in XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | 2023-11-08 | 9.8 | CVE-2023-43755 |
| zavio -- cf7500_firmware | Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220, CB6231, B8520, B8220, and CD321 IP Cameras with firmware version M2.1.6.05 are vulnerable to multiple instances of stack-based overflows. While parsing certain XML elements from incoming network requests, the product does not sufficiently check or validate allocated buffer size. This may lead to remote code execution. | 2023-11-08 | 9.8 | CVE-2023-45225 |
| zohocorp -- manageengine_desktop_central | A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests. | 2023-11-03 | 8.8 | CVE-2023-4769 MISC |
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache -- allura | Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Project administrators can run these imports, which could cause Allura to read local files and expose them. Exposing internal files then can lead to other exploits, like session hijacking, or remote code execution. This issue affects Apache Allura from 1.0.1 through 1.15.0. Users are recommended to upgrade to version 1.16.0, which fixes the issue. If you are unable to upgrade, set "disable_entry_points.allura.importers = forge-tracker, forge-discussion" in your .ini config file. | 2023-11-07 | 4.9 | CVE-2023-46851 |
| apache -- ofbiz | Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin. This issue affects Apache OFBiz: before 18.12.09. Users are recommended to upgrade to version 18.12.09 | 2023-11-07 | 5.3 | CVE-2023-46819
|
| arm -- bifrost_gpu_kernel_driver | A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory. | 2023-11-07 | 5.5 | CVE-2023-4272 |
| bootboxjs -- bootbox | Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions. | 2023-11-07 | 6.1 | CVE-2023-46998 |
| clastix -- capsule | capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example, consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `--disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn't allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-11-06 | 4.3 | CVE-2023-46254 MISC MISC |
| cloudnet360 -- cloudnet360 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GARY JEZORSKI CloudNet360 plugin <= 3.2.0 versions. | 2023-11-08 | 6.1 | CVE-2023-46643 |
| color -- demoiccmax | In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read. | 2023-11-05 | 6.5 | CVE-2023-47249 MISC |
| cure53 -- dompurify | DOMPurify before 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute. | 2023-11-07 | 6.1 | CVE-2019-25155 |
| docker -- machine | Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (via escape sequence injection), or might have a data size that causes a denial of service to a bastion node. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2023-11-07 | 6.5 | CVE-2023-40453
|
| dstar2018 -- agency | A vulnerability classified as problematic was found in dstar2018 Agency up to 61. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument QSType/QuickSearch leads to cross site scripting. The attack can be launched remotely. The patch is named 975b56953efabb434519d9feefcc53685fb8d0ab. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-244495. | 2023-11-07 | 6.1 | CVE-2019-25156
|
| gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file. | 2023-11-06 | 6.5 | CVE-2023-3909 MISC MISC |
| gitlab -- gitlab | An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals. | 2023-11-06 | 6.5 | CVE-2023-4700 MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service. | 2023-11-06 | 6.5 | CVE-2023-5825 MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors. | 2023-11-06 | 5.3 | CVE-2023-5831 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attacker to block Sidekiq job processor. | 2023-11-06 | 4.3 | CVE-2023-3246 MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators. | 2023-11-06 | 4.3 | CVE-2023-5963 MISC |
| google -- android | In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715. | 2023-11-06 | 6.7 | CVE-2023-32818 MISC |
| google -- android | In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762. | 2023-11-06 | 6.7 | CVE-2023-32834 MISC |
| google -- android | In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. | 2023-11-06 | 6.7 | CVE-2023-32835 MISC |
| google -- android | In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725. | 2023-11-06 | 6.7 | CVE-2023-32836 MISC |
| google -- android | In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805. | 2023-11-06 | 6.7 | CVE-2023-32838 MISC |
| google -- android | In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576. | 2023-11-06 | 6.7 | CVE-2023-32839 MISC |
| google -- android | In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130. | 2023-11-06 | 5.5 | CVE-2023-32825 MISC |
| gvectors -- wpdiscuz | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments - wpDiscuz plugin <= 7.6.11 versions. | 2023-11-06 | 6.1 | CVE-2023-47185 MISC |
| hillstonenet -- sc-6000-e3960_firmware | Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering. | 2023-11-05 | 6.1 | CVE-2023-46964 MISC |
| huawei -- emui | Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed. | 2023-11-08 | 5.9 | CVE-2022-48613 |
| huawei -- emui | Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart. | 2023-11-08 | 5.3 | CVE-2023-46755 |
| huawei -- emui | Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously. | 2023-11-08 | 5.3 | CVE-2023-46763 |
| huawei -- emui | Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously. | 2023-11-08 | 5.3 | CVE-2023-46764 |
| huawei -- harmonyos | Permission control vulnerability in the window management module. Successful exploitation of this vulnerability may cause malicious pop-up windows. | 2023-11-08 | 5.3 | CVE-2023-46756 |
| ibm -- content_navigator | IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 259247. | 2023-11-03 | 5.4 | CVE-2023-35896 MISC MISC |
| ibm -- robotic_process_automation_for_cloud_pak | A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752. | 2023-11-03 | 6.5 | CVE-2023-45189 MISC MISC |
| ibm -- txseries_for_multiplatforms | IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 266059. | 2023-11-03 | 5.4 | CVE-2023-42029 MISC MISC MISC |
| jbig2enc_project -- jbig2enc | jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc. | 2023-11-08 | 5.5 | CVE-2023-46362 |
| jbig2enc_project -- jbig2enc | jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. | 2023-11-08 | 5.5 | CVE-2023-46363 |
| kaoshifeng -- yunfan_learning_examination_system | An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function. | 2023-11-04 | 5.3 | CVE-2023-46963 MISC |
| kyocera -- d-copia253mf_plus_firmware | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch error. | 2023-11-03 | 5.3 | CVE-2023-34261 MISC MISC |
| kyocera -- d-copia253mf_plus_firmware | Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575. | 2023-11-03 | 4.9 | CVE-2023-34259 MISC MISC |
| lenovo -- desktop_bios | A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43571 |
| lenovo -- desktop_bios | A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43573 |
| lenovo -- desktop_bios | A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43575 |
| lenovo -- desktop_bios | A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43576 |
| lenovo -- desktop_bios | A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43577 |
| lenovo -- desktop_bios | A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43578 |
| lenovo -- desktop_bios | A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43579 |
| lenovo -- desktop_bios | A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43580 |
| lenovo -- desktop_bios | A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. | 2023-11-08 | 6.7 | CVE-2023-43581 |
| lenovo -- desktop_bios | A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | 2023-11-08 | 4.4 | CVE-2023-43572 |
| lenovo -- desktop_bios | A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. | 2023-11-08 | 4.4 | CVE-2023-43574 |
| linux -- kernel | The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this "could be exploited in a real world scenario." This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. | 2023-11-03 | 4.3 | CVE-2023-47233 MISC MISC |
| linux -- linux_kernel | A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition. | 2023-11-06 | 5.5 | CVE-2023-5090 MISC MISC |
| mattermost -- mattermost | Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to caching large items. | 2023-11-06 | 5.3 | CVE-2023-5969 MISC |
| mattermost -- mattermost | Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body. | 2023-11-06 | 4.9 | CVE-2023-5968 MISC |
| mattermost -- mattermost | Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin | 2023-11-06 | 4.3 | CVE-2023-5967 MISC |
| mediatek -- lr12a | In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862). | 2023-11-06 | 6.5 | CVE-2023-32840 MISC |
| mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers. | 2023-11-03 | 5.4 | CVE-2023-45360 MISC |
| mediawiki -- mediawiki | An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak. | 2023-11-03 | 4.3 | CVE-2023-45362 MISC |
| microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 2023-11-03 | 6.6 | CVE-2023-36022 MISC |
| microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 2023-11-07 | 6.5 | CVE-2023-36409 MISC |
| microsoft -- edge_chromium | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2023-11-03 | 4.3 | CVE-2023-36029 MISC |
| microsoft -- onenote | Microsoft OneNote Spoofing Vulnerability | 2023-11-06 | 5.4 | CVE-2023-36769 MISC |
| microweber -- microweber | Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. | 2023-11-08 | 5.4 | CVE-2023-47379
|
| microweber -- microweber | Improper Access Control in GitHub repository microweber/microweber prior to 2.0. | 2023-11-07 | 4.3 | CVE-2023-5976 |
| mitsubishi_electric -- fx5u-32mt/es_firmware | Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login. | 2023-11-06 | 5.3 | CVE-2023-4625 MISC MISC MISC |
| moodle -- moodle | The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. | 2023-11-09 | 6.1 | CVE-2023-5541
|
| moodle -- moodle | The course upload preview contained an XSS risk for users uploading unsafe data. | 2023-11-09 | 6.1 | CVE-2023-5547
|
| moodle -- moodle | Wiki comments required additional sanitizing and access restrictions to prevent a stored XSS risk and potential IDOR risk. | 2023-11-09 | 5.4 | CVE-2023-5544
|
| moodle -- moodle | ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. | 2023-11-09 | 5.4 | CVE-2023-5546
|
| msyk -- fmdataapi | A vulnerability classified as problematic has been found in msyk FMDataAPI up to 22. Affected is an unknown function of the file FMDataAPI_Sample.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 23 is able to address this issue. The patch is identified as 3bd1709a8f7b1720529bf5dfc9855ad609f436cf. It is recommended to upgrade the affected component. VDB-244494 is the identifier assigned to this vulnerability. | 2023-11-07 | 6.1 | CVE-2021-4431
|
| mybb -- mybb | MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP ? Configuration ? Settings_): - _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP ? Your Profile ? Edit Options_) _Show the MyCode formatting options on the posting pages_. | 2023-11-06 | 6.1 | CVE-2023-46251 MISC MISC MISC |
| mybb -- mybb | Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component. | 2023-11-06 | 5.4 | CVE-2023-45556 MISC MISC MISC |
| nasa -- openmct | Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. | 2023-11-09 | 6.5 | CVE-2023-45884 |
| nasa -- openmct | Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. | 2023-11-09 | 5.4 | CVE-2023-45885 |
| nationaledtech -- boomerang | An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup="false" attribute in the manifest. This allows the user to back up the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API. | 2023-11-03 | 4.6 | CVE-2023-36620 MISC MISC MISC |
| ni -- topografix_data_plugin | An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. | 2023-11-08 | 5.5 | CVE-2023-5136 |
| nta -- e-tax | e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 2023-11-06 | 5.5 | CVE-2023-46802 MISC MISC |
| opensc_project -- opensc | A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness. | 2023-11-06 | 6.6 | CVE-2023-40660 MISC MISC MISC MISC MISC |
| opensc -- opensc | Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow compromise key generation, certificate loading, and other card management operations during enrollment. | 2023-11-06 | 6.4 | CVE-2023-40661 MISC MISC MISC MISC MISC |
| prestashop -- prestashop | blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4. | 2023-11-09 | 5.3 | CVE-2023-47110 |
| proofpoint -- enterprise_protection | Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages. This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions. | 2023-11-06 | 6.1 | CVE-2023-5771 MISC |
| qnap -- qts | A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later | 2023-11-03 | 4.3 | CVE-2023-39301 MISC |
| qualcomm -- snapdragon | Information Disclosure in WLAN Host when processing WMI event command. | 2023-11-07 | 5.5 | CVE-2023-28553 |
| qualcomm -- snapdragon | Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. | 2023-11-07 | 5.5 | CVE-2023-28554 |
| qualcomm -- snapdragon | Information disclosure in IOE Firmware while handling WMI command. | 2023-11-07 | 5.5 | CVE-2023-28563 |
| qualcomm -- snapdragon | Information disclosure in WLAN HAL while handling the WMI state info command. | 2023-11-07 | 5.5 | CVE-2023-28566 |
| qualcomm -- snapdragon | Information disclosure in WLAN HAL when reception status handler is called. | 2023-11-07 | 5.5 | CVE-2023-28568 |
| qualcomm -- snapdragon | Information disclosure in WLAN HAL while handling command through WMI interfaces. | 2023-11-07 | 5.5 | CVE-2023-28569 |
| ragic -- enterprise_cloud_database | Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack. | 2023-11-03 | 5.4 | CVE-2023-41343 MISC |
| rapid7 -- velociraptor | Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser. This vulnerability is fixed in version 0.7.0-04 and a patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1). | 2023-11-06 | 6.1 | CVE-2023-5950 MISC |
| redhat -- 3scale_api_management | A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache. | 2023-11-06 | 5.5 | CVE-2023-4910 MISC MISC |
| redhat -- quay | A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerable to clickjacking. This flaw allows an attacker to trick an administrator user into clicking on buttons on the config-editor panel, possibly reconfiguring some parts of the Quay instance. | 2023-11-07 | 4.3 | CVE-2023-4956 |
| redmine -- redmine | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter. | 2023-11-05 | 6.1 | CVE-2023-47258 MISC |
| redmine -- redmine | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter. | 2023-11-05 | 6.1 | CVE-2023-47259 MISC |
| redmine -- redmine | Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails. | 2023-11-05 | 6.1 | CVE-2023-47260 MISC |
| roundcube -- webmail | Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). | 2023-11-06 | 6.1 | CVE-2023-47272 MISC MISC MISC
|
| samba -- samba | A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. | 2023-11-03 | 6.5 | CVE-2023-4091 MISC MISC MISC MISC MISC MISC |
| samba -- samba | A design flaw was found in Samba's DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers (RODCs). This flaw allows RODCs and users possessing the GET_CHANGES right to access all attributes, including sensitive secrets and passwords. Even in a default setup, RODC DC accounts, which should only replicate some passwords, can gain access to all domain secrets, including the vital krbtgt, effectively eliminating the RODC / DC distinction. Furthermore, the vulnerability fails to account for error conditions (fail open), like out-of-memory situations, potentially granting access to secret attributes, even under low-privileged attacker influence. | 2023-11-07 | 6.5 | CVE-2023-4154
|
| samba -- samba | A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in the main RPC task, allowing calls to the "rpcecho" server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a "sleep()" call in the "dcesrv_echo_TestSleep()" function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the "rpcecho" server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as "rpcecho" runs in the main RPC task. | 2023-11-06 | 6.5 | CVE-2023-42669 MISC MISC MISC MISC MISC |
| samba -- samba | A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation "classic DCs") can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as "The procedure number is out of range" when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services. | 2023-11-03 | 6.5 | CVE-2023-42670 MISC MISC MISC MISC MISC |
| samsung -- account | Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42546 |
| samsung -- account | Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42547 |
| samsung -- account | Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42548 |
| samsung -- account | Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42549 |
| samsung -- account | Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42550 |
| samsung -- account | Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | 2023-11-07 | 6.5 | CVE-2023-42551 |
| samsung -- account | Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. | 2023-11-07 | 5.5 | CVE-2023-42540 |
| samsung -- android | Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel. | 2023-11-07 | 6.8 | CVE-2023-42533 |
| samsung -- android | Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. | 2023-11-07 | 5.5 | CVE-2023-42527 |
| samsung -- android | Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | 2023-11-07 | 5.5 | CVE-2023-42534 |
| samsung -- easysetup | Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. | 2023-11-07 | 5.5 | CVE-2023-42555 |
| samsung -- email | Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. | 2023-11-07 | 5.3 | CVE-2023-42553 |
| samsung -- health | PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. | 2023-11-07 | 5.5 | CVE-2023-42539 |
| samsung -- pass | Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication. | 2023-11-07 | 6.8 | CVE-2023-42554 |
| samsung -- push_service | Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | 2023-11-07 | 5.3 | CVE-2023-42541 |
| samsung -- quick_share | Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. | 2023-11-07 | 5.5 | CVE-2023-42544 |
| samsung -- ue40d7000_firmware | Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools. | 2023-11-08 | 4.3 | CVE-2023-41270 |
| sfu -- pkp_web_application_library | Missing Authorization in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-07 | 5.4 | CVE-2023-5900 |
| sfu -- pkp_web_application_library | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-07 | 5.4 | CVE-2023-5903 |
| sfu -- pkp_web_application_library | Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-07 | 5.4 | CVE-2023-5904 |
| sfu -- pkp_web_application_library | PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image. | 2023-11-06 | 5.3 | CVE-2023-47271 MISC |
| sfu -- pkp_web_application_library | Unrestricted Upload of File with Dangerous Type in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | 2023-11-07 | 4.8 | CVE-2023-5901 |
| sigstore -- cosign | Cosign is a sigstore signing tool for OCI containers. Cosign is susceptible to a denial of service by an attacker-controlled registry. An attacker who controls a remote registry can return a high number of attestations and/or signatures to Cosign and cause Cosign to enter a long loop resulting in an endless data attack. The root cause is that Cosign loops through all attestations fetched from the remote registry in pkg/cosign.FetchAttestations. The attacker needs to compromise the registry or make a request to a registry they control. When doing so, the attacker must return a high number of attestations in the response to Cosign. The result will be that the attacker can cause Cosign to go into a long or infinite loop that will prevent other users from verifying their data. In Kyvernos case, an attacker whose privileges are limited to making requests to the cluster can make a request with an image reference to their own registry, trigger the infinite loop and deny other users from completing their admission requests. Alternatively, the attacker can obtain control of the registry used by an organization and return a high number of attestations instead the expected number of attestations. The issue can be mitigated rather simply by setting a limit to the limit of attestations that Cosign will loop through. The limit does not need to be high to be within the vast majority of use cases and still prevent the endless data attack. This issue has been patched in version 2.2.1 and users are advised to upgrade. | 2023-11-07 | 5.3 | CVE-2023-46737 |
| softing -- smartlink_sw-ht | Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application. | 2023-11-06 | 6.1 | CVE-2022-48192 MISC MISC |
| squid-cache -- squid | SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. | 2023-11-03 | 5.3 | CVE-2023-46846 MISC MISC MISC MISC MISC MISC
|
| squidex.io -- squidex | Squidex is an open source headless CMS and content management hub. Affected versions are missing origin verification in a postMessage handler which introduces a Cross-Site Scripting (XSS) vulnerability. The editor-sdk.js file defines three different class-like functions, which employ a global message event listener: SquidexSidebar, SquidexWidget, and SquidexFormField. The registered event listener takes some action based on the type of the received message. For example, when the SquidexFormField receives a message with the type valueChanged, the value property is updated. The SquidexFormField class is for example used in the editor-editorjs.html file, which can be accessed via the public wwwroot folder. It uses the onValueChanged method to register a callback function, which passes the value provided from the message event to the editor.render. Passing an attacker-controlled value to this function introduces a Cross-Site Scripting (XSS) vulnerability. | 2023-11-07 | 6.1 | CVE-2023-46252 |
| squidex.io -- squidex | Squidex is an open source headless CMS and content management hub. In affected versions a stored Cross-Site Scripting (XSS) vulnerability enables privilege escalation of authenticated users. The SVG element filtering mechanism intended to stop XSS attacks through uploaded SVG images, is insufficient resulting to stored XSS attacks. Squidex allows the CMS contributors to be granted the permission of uploading an SVG asset. When the asset is uploaded, a filtering mechanism is performed to validate that the SVG does not contain malicious code. The validation logic consists of traversing the HTML nodes in the DOM. In order for the validation to succeed, 2 conditions must be met: 1. No HTML tags included in a "blacklist" called "InvalidSvgElements" are present. This list only contains the element "script". and 2. No attributes of HTML tags begin with "on" (i.e. onerror, onclick) (line 65). If either of the 2 conditions is not satisfied, validation fails and the file/asset is not uploaded. However it is possible to bypass the above filtering mechanism and execute arbitrary JavaScript code by introducing other HTML elements such as an |